Manager Product Cyber Security Compliance

General Motors is undergoing a major transformation both in how we operate and in how we will influence the future of transportation. Our Software Services team is on the forefront of this work emboldening our culture by seeking out determined innovative individuals who will join our team to help move us forward and achieve our mission.

About the Role

The ManagerCybersecurity Engineeris a senior people leadership role within GM Cybersecurityand part ofthe Cybersecurity Governance Risk & Complianceteam. This role owns GMs vehicle product cybersecurity compliance posture includingconductingthreat analysis and risk assessmentproviding requirements to GMs Cybersecuritypolicyandunderlyingstandardsensuringglobal regulatory compliance andorchestratinggovernment-facing audits while driving control gap remediation across vehicle engineering and product teams.

As the regulatory landscape continues to evolve this role is also responsible for incorporating emerging vehicle theft-relatedandcompliance requirements into GMs product cybersecurity controls framework. The ideal candidate is a seasoned cybersecurity GRC professional with deep automotive regulatoryexpertise a collaborative leadership style and a proventrack recordmanaging high-performing teams while influencing cross-functional stakeholders.

Key Responsibilities

Product Cybersecurity Compliance

• Own andmaintainGMs product cybersecuritycontrols framework ensuring coverage across all applicable vehicle programs markets and regulatory requirements.

• Lead and overseeThreat Analysis and Risk Assessment (TARA)activities for vehicle product systems ensuring threat models are current comprehensive and integrated into the vehicle development lifecycle.

• Provide requirements for and input toproductcybersecurity policies and standardsaligned to evolving threats regulatory mandates and industry best practices; drive necessary approvals and ensure cross-functional integration.

• Monitor and interpret global automotive cybersecurity regulations and standards (e.g. ISO/SAE 21434 ISO 24089 UNECE WP.29 frameworks) translating changes into actionable compliance obligations for internal teams.

• Track emerging vehicle theft-related cybersecurity compliance requirements and drive necessary programmatic responses across applicable vehicle programs and markets.

• UNR155 & Vehicle Type Approval:Own GMs compliance program forUnited Nations Regulation No. 155 (UNR155) the global standard for automotive cybersecurity and serve as the lead orchestrator forVehicle Type Approval (VTA)andCybersecurity Management System (CSMS) auditswith government agencies and technical services globally.

• Manage all aspects of audit readiness evidence preparation submission coordination and post-audit remediation across multiple regulatoryjurisdictions.

• Build andmaintainproductive relationships with government authoritiestypeapproval bodies and technical service organizations (e.g. IDIADA etc.) across international markets.

• Ensure audit artifacts compliance documentation and CSMS evidence packages are current complete and audit-readyat all times.

Control Gap Identification & Remediation

• Lead the identification assessment and prioritization of cybersecurity control gaps across vehicle product systems aligned to UNR155 ISO/SAE 21434 and other applicable frameworks.

• Drive cross-functional remediation efforts partnering with Vehicle Cybersecurity Engineering and other engineering teams to develop and execute corrective action plans.

• Establish andmaintaintracking mechanisms forcontrolgap closure reporting status to senior leadership on a regularcadence.

• Conduct or oversee root cause analyses of identified control deficiencies and systemic risk trends ensuring durable remediation strategies are implemented.

Cross-Functional Partnership

• Partner closely with theVehicle Cybersecurity Engineeringteam and other engineering organizations to align compliance requirements to design and development processes throughout the vehicle lifecycle.

• Collaborate with Legal Government Affairs Program Management and Supplier teams to ensure a coordinated approach to regulatory compliance.

• Provide cybersecurity GRCexpertiseand compliance guidance to internal stakeholders translating complex regulatory requirements into clear actionable direction for engineering andprogramteams.

• Represent GMs product cybersecurity GRC program in external-facing engagements including regulatory submissions audits and industry working groups.

People Leadership & Team Management

• Lead develop and mentor a team of cybersecurity GRC professionals fostering a high-performance culture grounded in accountability collaboration and continuous growth.

• Set clearobjectivesestablishKey Performance Indicators (KPIs) and own delivery of team results aligned to organizational and GM strategic priorities.

• Manage workforce planning talent development and performance management for all direct reports.

• Build a team with theoptimalmix ofexpertiseand experience supporting hiring and onboarding activities as needed.

• Champion GMs behaviors and values fostering an inclusive and psychologically safe team environment.

Your Skills & Abilities (Required Qualifications)

• Bachelors orMastersdegreein Cybersecurity Computer Science Engineering or a related field

• Minimum 10 years of experiencein cybersecurity with a focus on GRC regulatory compliance or product/automotive cybersecurity

• Demonstrated experience leading teams including people management performance management and talent development

• Deep knowledge ofUNR155UNECE WP.29NIST CSFand global automotive cybersecurity regulatory frameworks

• Experience orchestrating or directlyparticipatinginVehicle Type Approvalprocesses and/orCSMS auditswith government or regulatory bodies

• Hands-on experience withThreat Analysis and Risk Assessment (TARA)methodologies and integration into the vehicle development lifecycle

• Strongexpertisein cybersecurity controls frameworks (e.g.ISO/SAE 21434 ISO 27001 NIST CSF NIST SP 800-53)

• Experience developing ormaintainingcybersecurity policies and standardsaligned to regulatory and industry requirements

• Proven ability toidentifycontrol gaps develop remediation strategies and drive closure across cross-functional engineering teams

• Experience managing complex multi-stakeholder programs across global geographically distributed organizations

• Strong analytical problem-solving and critical thinking skills with ability to assess systemic issues and translate findings into executive-ready reports

• Excellent communication presentation and interpersonal skills able to engage effectively with technical teams senior leadership and government representatives

• Ability to manage multiple high-complexity programs concurrently and prioritize effectively under shifting regulatory demands

• Strong work ethic attention to detail and commitment to excellence

What Will Give You A Competitive Edge (Preferred Qualifications)

(Not mandatory but would give candidates a competitive edge)

• Relevant professional certifications (e.g.CGRCCRISCCISACISSPISO/SAE 21434 Lead AuditorPMP)

• Familiarity with vehicle theft-related cybersecurity regulations and compliance obligations (e.g. NHTSA guidance regional anti-theft mandates)

• Experience with GRC software tools and platforms (e.g. Archer ServiceNow IBM OpenPages)

• Working knowledge of automotive embedded systems vehicle Electronic Control Unit (ECU) architecture or connected vehicle technologies

• Experience engaging with technical service organizations (e.g.IDIADA etc.) in the context of type approval

• Familiarity with automotive supply chain cybersecurity requirements and partner/supplier compliance programs

• Data analytics dashboard development or GRC platform reporting experience

• Prior experience in a global automotive Original Equipment Manufacturer (OEM) Tier 1 supplier or government agency environment

• Experience with enterprise risk frameworks (e.g. COSO FAIR ERM) in a product cybersecurity context