Senior Analyst, Cybersecurity Compliance

Job Description

The Role:
The Cybersecurity Compliance Information Lifecycle Management (ILM) Export & Business Continuity Planning (BCP) Senior Analyst supports the Governance Risk & Compliance (GRC) organization by providing enterprise oversight of ILM Export Controls and BCP across IT and Cybersecurity. This role is accountable for designing operating and sustaining ILM Export and BCP control frameworks translating corporate policy and regulatory requirements into clear actionable controls processes and metrics.

The position monitors compliance dashboards attestations and formal reporting; proactively identifies control gaps and emerging risks; and drives remediation in partnership with Legal ILM Coordinators Export Compliance Officer (ECO)/SubECOs application owners BCP teams and Cybersecurity functions. The role also integrates ILM Export and BCP control posture risk and trends across the NIST Cybersecurity Framework (NIST CSF) for broad cyber and regulatory risk reporting to leadership supporting riskinformed compliancefocused decisions.

What Youll Do:

Compliance Oversight & Risk Management

• Implement and maintain a comprehensive cybersecurity compliance program for ILM Export and BCP that is aligned to the NIST Cybersecurity Framework (NIST CSF) using its Functions Categories and Subcategories to structure policies controls assessments and reporting while also meeting applicable regulatory and industry standards.

• Conduct regular compliance assessments of ILM Export and BCP controls evaluating inherent and residual risk across these domains.

• Analyze and prioritize identified issues based on compliance impact and likelihood; recommend risk treatment strategies and control enhancements.

• Monitor and track mitigation activities to closure assessing impacts to residual compliance risk and recommending adjustments to the unified control set.

ILM Program Compliance

• Design operate and continuously improve the ILM control framework ensuring alignment with corporate ILM policy data classification standards retention schedules and privacy requirements.

• Define and document control requirements for data creation classification retention archival and destruction across key systems and repositories.

• Establish and manage ILM attestation processes with ILM Coordinators application owners and business stakeholders to confirm control design and operating effectiveness.

• Partner with Legal Privacy and Records Management to ensure ILM controls support litigation hold regulatory and privacy obligations.

Export Controls Compliance

• Translate Export Control policy and regulatory obligations into practical testable controls across IT and Cyber environments.

• Partner with the ECO/SubECO network to define document and operationalize Export controls (e.g. access restrictions system configuration logging/monitoring).

• Monitor compliance with Export requirements through dashboards attestations exception reviews and periodic control testing.

• Support investigations issues management and remediation for Exportrelated control deficiencies and incidents.

Business Continuity & Cyber Resilience

• Integrate BCP and resilience requirements into cybersecurity controls and standards ensuring critical cyber and IT services can withstand and recover from disruptive events.

• Collaborate with enterprise BCP and Crisis Management teams to align BCP plans recovery strategies and technical controls (e.g. backup recovery failover).

• Support exercises simulations and postevent reviews to validate the effectiveness of BCPrelated cyber controls and drive continuous improvement.

Reporting Dashboards & Executive Communication

• Develop clear concise compliance and risk reports on ILM Export and BCP for senior leadership risk committees and other stakeholders.

• Build and maintain dashboards and metrics (e.g. control coverage testing results exceptions attestations remediation progress) to demonstrate posture and trends.

• Translate technical compliance and control findings into plainlanguage decisionready insights for nontechnical stakeholders emphasizing business and regulatory impact.

Data Automation & GRC Platforms

• Manage Cybersecuritys GRC platform (e.g. ServiceNow IRM) for ILM Export and BCP use cases including issues controls tests and attestations.

• Support configuration and enhancement of modules to enable standardized workflows evidence collection and reporting for ILM Export and BCP.

• Collaborate with Cybersecurity and IT teams to populate and maintain highquality risk and compliance data for these domains.

• Design and implement data integration strategies to consolidate control issue and risk information from multiple sources into unified dashboards and reports.

Your Skills & Abilities (Required Qualifications):

• Bachelors degree in Cybersecurity Computer Science Information Systems Information Technology Risk Management or a related field.

• Minimum 7 years of experience in cybersecurity GRC risk management audit or related compliance roles preferably in a large global organization.

• Demonstrated experience with cybersecurity risk and compliance frameworks (e.g. NIST CSF NIST 80053 ISO 27001 CIS) and enterprise risk/compliance frameworks (e.g. FAIR ERM COSO).

• Familiarity with legal and regulatory requirements impacting cybersecurity data and export controls (e.g. SOX PCIDSS GDPR CCPA export regulations records/retention requirements).

• Understanding of incident response vulnerability management and business continuity processes and how they intersect with compliance obligations.

• Experience managing or supporting GRC software tools and platforms (preferably ServiceNow IRM) including workflows control libraries and reporting.

• Excellent communication presentation and interpersonal skills; able to translate technical compliance topics into concise executiveready messages.

• Proven ability to manage multiple complex initiatives prioritize effectively and work both independently and collaboratively in a matrixed environment.

What Will Give You A Competitive Edge (Preferred Qualifications):

• Advanced degree in Cybersecurity Information Systems Risk Management or a related field.

• Knowledge of enterprise ILM frameworks and practices including familiarity with models such as the SNIA ILM Maturity Model and tools such as ServiceNow Lifecycle Management.

• Knowledge of BCP models and best practices including familiarity with frameworks such as ISO 22301 NIST SP 80034 and COBIT DSS04.

• Understanding of EAR ITAR the U.S. Consolidated Screening List (CSL) and other export control regulations including requirements for managing controlled technologies safeguarding sensitive data and supporting export control compliance activities.

• Demonstrated experience in IT control auditing and assurance including testing internal controls and supporting audits aligned with NIST ISO 27001 SOX or similar standards.

• Professional certifications such as CGRC CRISC CISA CISM CISSP or PMP.

• Experience implementing or maturing ILM Export Controls or BCP programs within a regulated global enterprise.

• Experience working with globally distributed teams and crossfunctional stakeholders (e.g. Legal Privacy Records BCP IT and Cybersecurity).

#LI-SB3

About GM

Our vision is a world with Zero Crashes Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better safer and more equitable for all.

Why Join Us

We believe we all must make a choice every day individually and collectively to drive meaningful change through our words our deeds and our culture. Every day we want every employee to feel they belong to one General Motors team.

Benefits Overview

From day one were looking out for your well-beingat work and at homeso you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.

Non-Discrimination and Equal Employment Opportunities (U.S.)

General Motors is committed to being a workplace that is not only free of unlawful discrimination but one that genuinely fosters inclusion and belonging. We strongly believe that providing an inclusive workplace creates an environment in which our employees can thrive and develop better products for our customers.

All employment decisions are made on a non-discriminatory basis without regard to sex race color national origin citizenship status religion age disability pregnancy or maternity status sexual orientation gender identity status as a veteran or protected veteran or any other similarly protected status in accordance with federal state and local laws.

We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. Applicants in the recruitment process may be required where applicable to successfully complete a role-related assessment(s) and/or a pre-employment screening prior to beginning employment. To learn more visit How we Hire.

Accommodations

General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment email us or call your email please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.