AVP Cybersecurity Governance

Hybrid Work Schedule

This role is a hybrid schedule: onsite 4 days a week.

Innovation isn’t just a talking point at GM Financial
, it’s how we operate. By joining our team, you’ll work in a mission‑focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response, Firewall, Governance, Risk, Architecture and Offensive Security. These teams collaborate to identify, manage and respond to threats, all while driving innovation across the environment. Cybersecurity is central to our strategic vision, so you’ll benefit from exceptional leadership visibility, with direct reporting lines to the CEO.

This structure ensures your work is recognized and supported at the highest levels, while also enabling bold innovation and the adoption of cutting‑edge technologies. Shape the future of Cybersecurity at GM Financial, with the freedom to explore, the tools to build and the support to thrive.

• Lead and develop the Vendor Risk, Application Risk, Findings Management, and Cyber Process Automation teams.
• Oversee third‑party cybersecurity risk assessments, risk scoring, evidence reviews, and remediation workflows.
• Manage application risk assessments and ensure accurate control evaluation and response.
• Direct the full lifecycle of cybersecurity findings, including documentation, tracking, aging, remediation, validation, and reporting.
• Guide the Cyber Process Automation team in building scalable workflows, dashboards, and data integrations to improve efficiency and program maturity.
• Maintain and enhance cybersecurity procedures aligned with NIST CSF and NIST 800‑53.
• Deliver clear, executive‑ready reporting on risk posture, findings, and program performance.
• Serve as a trusted advisor who can translate cybersecurity risk into actionable, business‑aligned recommendations.

• Reports to VP Cybersecurity Governance.

• Proven leadership experience within cybersecurity governance, risk, or assurance functions.
• Strong understanding of NIST CSF, NIST 800‑53, vendor security controls, and application security principles.
• Ability to evaluate risk, drive remediation, and influence senior stakeholders.
• Experience leading workflow automation or low‑code development teams.
• Exceptional communication skills with the ability to simplify complexity for executives and business partners.
• Process‑oriented builder who brings structure, discipline, and continuous improvement to programs and teams.

• High School Diploma or equivalent required.
• Bachelor’s Degree or equivalent experience preferred.
• 6+ years of experience in large and complex business environments with a successful track record working directly with senior‑level management required.
• 5‑7 years of experience in one or more of the following domains:
  Cybersecurity, Information Security, Network Engineering or Operations, Information, Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance required.
• Information Security Certifications preferred.

Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our team members define and shape our culture. We have an environment that welcomes new ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work — we thrive.

Competitive salary and bonus eligibility; this role is eligible for company vehicle program.

Flexible hybrid work environment, 4‑days a week in office.