Senior Analyst, Cybersecurity Compliance

Job Description The Role: The Cybersecurity Compliance u2013 Information Lifecycle Management (ILM), Export & Business Continuity Planning (BCP) Senior Analyst supports the Governance, Risk & Compliance (GRC) organization by providing enterprise oversight of ILM, Export Controls, and BCP across IT and Cybersecurity. This role is accountable for designing, operating, and sustaining ILM, Export, and BCP control frameworks, translating corporate policy and regulatory requirements into clear, actionable controls, processes, and metrics. The position monitors compliance dashboards, attestations, and formal reporting; proactively identifies control gaps and emerging risks; and drives remediation in partnership with Legal, ILM Coordinators, Export Compliance Officer (ECO)/Subu2011ECOs, application owners, BCP teams, and Cybersecurity functions. The role also integrates ILM, Export, and BCP control posture, risk, and trends across the NIST Cybersecurity Framework (NIST CSF) for broad cyber and regulatory risk reporting to leadership, supporting risku2011informed, complianceu2011focused decisions. What You'll Do: Compliance Oversight & Risk Management + Implement and maintain a comprehensive cybersecurity compliance program for ILM, Export, and BCP that is aligned to the NIST Cybersecurity Framework (NIST CSF), using its Functions, Categories, and Subcategories to structure policies, controls, assessments, and reporting, while also meeting applicable regulatory and industry standards. + Conduct regular compliance assessments of ILM, Export, and BCP controls, evaluating inherent and residual risk across these domains. + Analyze and prioritize identified issues based on compliance impact and likelihood; recommend risk treatment strategies and control enhancements. + Monitor and track mitigation activities to closure, assessing impacts to residual compliance risk and recommending adjustments to the unified control set. ILM Program Compliance + Design, operate, and continuously improve the ILM control framework, ensuring alignment with corporate ILM policy, data classification standards, retention schedules, and privacy requirements. + Define and document control requirements for data creation, classification, retention, archival, and destruction across key systems and repositories. + Establish and manage ILM attestation processes with ILM Coordinators, application owners, and business stakeholders to confirm control design and operating effectiveness. + Partner with Legal, Privacy, and Records Management to ensure ILM controls support litigation hold, regulatory, and privacy obligations. Export Controls Compliance + Translate Export Control policy and regulatory obligations into practical, testable controls across IT and Cyber environments. + Partner with the ECO/Subu2011ECO network to define, document, and operationalize Export controls (e.g., access restrictions, system configuration, logging/monitoring). + Monitor compliance with Export requirements through dashboards, attestations, exception reviews, and periodic control testing. + Support investigations, issues management, and remediation for Exportu2011related control deficiencies and incidents. Business Continuity & Cyber Resilience + Integrate BCP and resilience requirements into cybersecurity controls and standards, ensuring critical cyber and IT services can withstand and recover from disruptive events. + Collaborate with enterprise BCP and Crisis Management teams to align BCP plans, recovery strategies, and technical controls (e.g., backup, recovery, failover). + Support exercises, simulations, and postu2011event reviews to validate the effectiveness of BCPu2011related cyber controls and drive continuous improvement. Reporting, Dashboards & Executive Communication + Develop clear, concise compliance and risk reports on ILM, Export, and BCP for senior leadership, risk committees, and other stakeholders. + Build and maintain dashboards and metrics (e.g., control coverage, testing results, exceptions, attestations, remediation progress) to demonstrate posture and trends. + Translate technical compliance and control findings into plainu2011language, decisionu2011ready insights for nonu2011technical stakeholders, emphasizing business and regulatory impact. Data, Automation & GRC Platforms + Manage Cybersecurityu2019s GRC platform (e.g., ServiceNow IRM) for ILM, Export, and BCP use cases, including issues, controls, tests, and attestations. + Support configuration and enhancement of modules to enable standardized workflows, evidence collection, and reporting for ILM, Export, and BCP. + Collaborate with Cybersecurity and IT teams to populate and maintain highu2011quality risk and compliance data for these domains. + Design and implement data integration strategies to consolidate control, issue, and risk information from multiple sources into unified dashboards and reports. Your Skills & Abilities (Required Qualifications): + Bacheloru2019s degree in Cybersecurity, Computer Science, Information Systems, Information Technology, Risk Management, or a related field. + Minimum 7 years of experience in cybersecurity, GRC, risk management, audit, or related compliance roles, preferably in a large, global organization. + Demonstrated experience with cybersecurity risk and compliance frameworks (e.g., NIST CSF, NIST 800u201153, ISO 27001, CIS) and enterprise risk/compliance frameworks (e.g., FAIR, ERM, COSO). + Familiarity with legal and regulatory requirements impacting cybersecurity, data, and export controls (e.g., SOX, PCIu2011DSS, GDPR, CCPA, export regulations, records/retention requirements). + Understanding of incident response, vulnerability management, and business continuity processes and how they intersect with compliance obligations. + Experience managing or supporting GRC software tools and platforms (preferably ServiceNow IRM), including workflows, control libraries, and reporting. + Excellent communication, presentation, and interpersonal skills; able to translate technical compliance topics into concise, executiveu2011ready messages. + Proven ability to manage multiple complex initiatives, prioritize effectively, and work both independently and collaboratively in a matrixed environment. What Will Give You A Competitive Edge (Preferred Qualifications): + Advanced degree in Cybersecurity, Information Systems, Risk Management, or a related field. + Knowledge of enterprise ILM frameworks and practices, including familiarity with models such as the SNIA ILM Maturity Model and tools such as ServiceNow Lifecycle Management. + Knowledge of BCP models and best practices, including familiarity with frameworks such as ISO 22301, NIST SP 800u201134, and COBIT DSS04. + Understanding of EAR, ITAR, the U.S. Consolidated Screening List (CSL), and other export control regulations, including requirements for managing controlled technologies, safeguarding sensitive data, and supporting export control compliance activities. + Demonstrated experience in IT control auditing and assurance, including testing internal controls and supporting audits aligned with NIST, ISO 27001, SOX, or similar standards. + Professional certifications such as CGRC, CRISC, CISA, CISM, CISSP, or PMP. + Experience implementing or maturing ILM, Export Controls, or BCP programs within a regulated, global enterprise. + Experience working with globally distributed teams and crossu2011functional stakeholders (e.g., Legal, Privacy, Records, BCP, IT, and Cybersecurity). #LI-SB3 GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc).This role is categorized as hybrid. This means the selected candidate is expected to report to a specific location at least 3 times a week {or other frequency dictated by their manager}.This job is not eligible for relocation benefits. Any relocation costs would be the responsibility of the selected candidate. About GM Our vision is a world with Zero Crashes, Zero Emissions and Zero Congestion and we embrace the responsibility to lead the change that will make our world better, safer and more equitable for all. Why Join Us We believe we all must make a choice every day u2013 individually and collectively u2013 to drive meaningful change through our words, our deeds and our culture. Every day, we want every employee to feel they belong to one General Motors team. Benefits Overview From day one, we're looking out for your well-beingu2013at work and at homeu2013so you can focus on realizing your ambitions. Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources (. Non-Discrimination and Equal Employment Opportunities (U.S.) General Motors is committed to being a workplace that is not only free of unlawful discrimination, but one that genuinely fosters inclusion and belonging. We strongly believe that providing an inclusive workplace creates an environment in which our employees can thrive and develop better products for our customers. All employment decisions are made on a non-discriminatory basis without regard to sex, race, color, national origin, citizenship status, religion, age, disability, pregnancy or maternity status, sexual orientation, gender identity, status as a veteran or protected veteran, or any other similarly protected status in accordance with federal, state and local laws. We encourage interested candidates to review the key responsibilities and qualifications for each role and apply for any positions that match their skills and capabilities. Applicants in the recruitment process may be required, where applicable, to successfully complete a role-related assessment(s) and/or a pre-employment screening prior to beginning employment. To learn more, visit How we Hire (. Accommodations General Motors offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email () us or call us at 1-800-865-7580. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying. We are leading the change to make our world better, safer and more equitable for all through our actions and how we behave. Learn more about: Our Company ( Our Culture How we hireu200bu200bu200bu200bu200bu200bu200b ( Our diverse team of employees bring their collective passion for engineering, technology and design to deliver on our vision of a world with Zero Crashes, Zero Emissions and Zero Congestion. We are looking for adventure-seekers and imaginative thought leaders to help us transform mobility. Explore our global locations ( We are determined to lead change for the world through technology, ingenuity and harnessing the creativity of our diverse team. Join us to help lead the change that will make our world better, safer and more equitable for all by becoming a member of GMu2019s Talent Community () (. As a part of our Talent Community, you will receive updates about GM, open roles, career insights and more. Please note that filling out the form below will not add you to our Talent Community automatically; you will need to use the link above. If you are seeking to apply to a specific role, we encourage you to click u201cApply Nowu201d on the job posting of interest.The policy of General Motors is to extend opportunities to qualified applicants and employees on an equal basis regardless of an individual's age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity/expression or veteran status. Additionally, General Motors is committed to being an Equal Employment Opportunity Employer and offers opportunities to all job seekers including individuals with disabilities. If you need a reasonable accommodation to assist with your job search or application for employment, email us at .In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

Created: 2026-03-30