The Senior Manager, Information Security is responsible for overall security of the IT support system and applications. The role manages resources, internal and external, to meet the security requirements of the business and, participates with other senior managers in IT operations to evaluate system risks and makes recommendations on architecture decisions to the Director, IT Operations. The role also consults, advises and collaborates with Legal on matters dealing with data governance, privacy, risk and compliance. Key Responsibilities: Coordinate operational activities, as necessary, with other security and privacy functions within GMAC, including Legal (data privacy), GMAT Operations (test security), and HR/Administration (personnel/facilities). Identify requirements and manage the creation, implementation, documentation, and ongoing maintenance of IT security policies and procedures, aligning them with the strategic direction of the business. Coordinate security awareness program; manage communications and compliance across the organization; report results to Director, IT Operations on an annual basis. Manage security incident response plan and procedures; manage incident response activities in the event that a security incident is identified Build and oversee a threat and vulnerability management program, including network and systems security testing and reporting to management. Manage the selection, development, documentation, and deployment of IT security management and monitoring systems and tools. Evaluate and recommend IT security systems and architectures. Assist in planning, testing, implementation, and review of hardware and software upgrades and modifications, including patches, Microsoft upgrades and, hardware modifications. Act as a security consultant or lead on IT and data privacy/security projects. Serve as liaison with GMAC service providers and vendors on IT security related matters Coordinate annual 3rd party assessment of information systems. Develop and manage the IT asset security classification program. Assist in developing and implementing a formal security awareness training program for all personnel. Hire, develop and retain a strong information security team. Other responsibilities and duties, as assigned. Minimum Requirements: Bachelor’s degree in related field (e.g., MIS or CS); Or equivalent combination of education, skills, and experience. 5 years’ experience in the field of information technology and information security. 2 years’ of progressive supervisory experience. CISSP certification. Experience with Microsoft OS and TCP/IP network security. In depth and demonstrated knowledge of LAN/WAN technologies, network protocol analysis, firewalls, intrusion detection systems, encryption and VPN technology, and security tools. Knowledge of computer viruses and computer security incident troubleshooting procedures. Knowledge of relevant security and compliance frameworks, standards and regulations. Strong project management skills and understanding how to manage the priorities of multiple stakeholders in a complex environment. Ability to guide others in resolving complex issues of significance to the organization. Exceptional organizational, project planning, and time management skills. Ability to work independently with minimal supervision and in a team setting, and across external and internal stakeholder groups. Excellent verbal and written communication skills; Strong attention to detail, with a keen focus on quality. Ability to interact successfully with all levels of technical and non-technical staff. Strong analytical skills. Comfort with multi-tasking. Ability to work in-office and remotely according to GMAC’s hybrid work environment. The physical demands and work environment characteristics described are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Desired Skills/Experience: 10 years’ experience in the field of information technology and information security. PMP and/or GCPM certification. SANS GIAC certified, CCNA, CCSP, MCSE: Security, MCSA: Security, and CompTIA Security certifications a plus. Ability to lead a team. A motivated self-starter and strong problem solver. Professional demeanor with excellent customer service and team player orientation. Capable of working in a fast paced, dynamically changing and team-oriented environment. Ability to find innovative solutions while working with existing resources. FLSA Status: Exempt Report to: Director, IT Operations GMAC’s value proposition offers our talented employees the ideal climate for innovation, and colleagues who are motivated and proactive, with diverse backgrounds and approaches. As a global organization, we understand and appreciate the benefits of myriad cultural perspectives. GMAC is wholly committed to recruiting, developing, and retaining a diverse group of talented people, and providing equal employment opportunities to all employees and applicants without regard to the basis of actual or perceived race, creed, color, religion, national origin, ancestry, age, disability, sex (including pregnancy, childbirth, and related medical conditions), marital status, veteran status, sexual orientation, gender identity, genetic information, or any other characteristic protected by applicable federal, state or local laws. Additionally, to ensure a safe office environment, recognizing the tremendous contributions that vaccinations play in ensuring our mutual wellbeing, GMAC has implemented a mandatory vaccination policy. All employees must be fully vaccinated against the COVID-19 virus. GMAC may make accommodations or allow for exemption from this requirement for medical or religious reasons.