Why GMF?: About the role: What you need:

• 3-8 years of experience in large and complex business environments with a successful track record working directly with senior level management with at least 1 year of experience in one or more of the following domains: Access Control, Cybersecurity Governance and Risk Management, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, IT or Security Audit, IT or Security Compliance.
• Experience in the financial services industry preferred
• Must have demonstrable experience leading collaborative programs and projects with senior level management
• Bachelor's Degree or equivalent experience required
• Information Security Certifications strongly preferred
• Experience with Cybersecurity regulations strongly preferred, including but not limited to the Brazil Central Bank (BACEN) Resolution 4,893 and the Financial Superintendence of Colombia (SFC) Circular 007 and Circular 008
• Fluency in English and Portuguese is required
• Fluency in English, Portuguese, and Spanish is preferred
• Experience with documentation and reporting of policy or procedure discrepancies and/or change requests
• Demonstrated capability to collaborate with business partners to manage cybersecurity needs
• Knowledge on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities
• Working knowledge of cybersecurity compliance within a financial services setting and ability and willingness to remain up to date on the latest regulatory trends, including applicable state and federal laws and regulations
• Fosters open communication, speaks with impact, listens to others, and writes effectively
• Effective planning, time management, negotiation and delegation skills
• Engages with business partners to translate high-level business requirements into enterprise security initiatives and programs to achieve the GMF’s mission, goals and objectives
• Exceptional analytical and technical skills
• Ability to apply advanced information security standards/frameworks (i.e., NIST Cybersecurity Framework, ISO 27001) to analysis and assessments
• Ability to prioritize multiple projects simultaneously with strong organizational skills
• Demonstrated critical thinking, analytical skills, judgment and logic when solving problems and making decisions
• Ability to work effectively in a team environment and able to adapt to rapidly changing business and technological needs, with frequent changing priorities
• 0-20% travel may be required

What you will be doing:

• Developing and updating cybersecurity policies, standards and procedures referencing NIST 800-53 controls and the NIST Cybersecurity Framework, including conducting gap assessments in accordance with updates in relevant regulatory or industry cybersecurity practices
• Develop a thorough understanding of GM Financial policies, procedures and provide suggestions to revise those documents in order to comply with legal requirements, new laws and recommendations
• Initiate, facilitate and promote cybersecurity within the organization and monitor adherence to cybersecurity policies, standards and controls
• Experience with documentation and reporting of policy or procedure discrepancies and/or change requests
• Ensure effective communication and partnership with all departments at GMF and serve as a liaison of Cybersecurity and first point of contact for cybersecurity concerns
• Assist in development of security requirements to protect the company from external and internal threats
• Participate in system enhancements or updates to procedures related to changes in laws and regulations, as needed
• Collaborate with business stakeholders and project teams to identify security requirements and ensure appropriate levels of security governance, resource management, and asset management
• Conduct risk assessments on Information Technology, Cybersecurity, Third Party Vendor, and other relevant company risks, recommend mitigation strategies, and work with internal stakeholders to assign monitoring responsibility
• Interpret risk requirements and translate into actionable and sustainable implementations
• Identify new or implement changes to techniques (policies, procedures, KPIs, KRIs, tools, etc.) and processes for the Cybersecurity Risk Management program to remain relevant (changing risk and threat landscape and Business requirements, etc.) and effective
• Demonstrate extensive experience with conducting IT, security, and compliance-related risk assessments and advising on mitigation strategies

What we offer: Disclaimer: Brazil - GM Financial is an Equal Opportunity Employer and is committed to diversity and inclusion at every level of our organization. We do not discriminate against any applicant or employee based on race, color, age, gender, marital status, national origin, religion, sexual orientation, gender identity, veteran status or disability.