AVP Cybersecurity, Threat and Vulnerability Management

Flexible hybrid work environment: 4-days a week in office.

Why GMF Cybersecurity?

Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work.

As a part of GM Financial, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.

• Establish governance for vulnerability scanning, prioritization, and remediation across all technology domains.
• Define and track key performance indicators (KPIs) and service-level agreements (SLAs) to measure program effectiveness.
• Build and mentor a high-performing team, fostering a culture of accountability and continuous learning.
  

• Oversee vulnerability scanning and assessment for infrastructure, applications, and cloud platforms.
• Implement risk-based prioritization using factors such as asset criticality, exploitability, and threat intelligence.
• Ensure integration of vulnerability management processes into the software development lifecycle (SDLC) and change management workflows.
• Maintain awareness of emerging threats, tools, and best practices to continuously improve program maturity.
  

• Partner with IT, development, and business teams to ensure timely remediation of vulnerabilities.
• Provide clear, actionable reporting to technical teams and concise risk summaries for senior leadership.
• Act as a subject matter expert on vulnerability management and related security practices.

• Strategic Leadership in TVM: Proven ability to lead enterprise-wide Threat & Vulnerability Management programs, aligning vulnerability remediation with business priorities and risk appetite.
• Deep Expertise in Vulnerability Lifecycle: Advanced knowledge of vulnerability identification, risk scoring, prioritization, and remediation processes across complex, global environments.
• Risk-Based Approach: Skilled in leveraging frameworks such as CVSS, NIST, and MITRE to assess and communicate risk effectively to technical and executive stakeholders.
• Technology and Process Integration: Hands-on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7) and application security and code scanning platforms (e.g., Checkmarx One, Veracode, SonarQube) and vulnerability reporting platforms for automated workflows and expedited reporting.
• Regulatory and Compliance Alignment: Ensures TVM operations meet or exceed standards such as NIST, FFIEC, NYDFS, GDPR, CCPA/CPRA, and other global regulatory requirements.
• Influential Communicator: Exceptional ability to translate technical risk into business impact, influencing senior leaders and driving accountability across IT and business units.
• People-Centric Leadership: Strong track record in building and leading high-performing teams, fostering collaboration, and developing talent through coaching and mentorship.
• Operational Excellence: Adept at managing multiple initiatives, prioritizing based on risk, and delivering measurable improvements in vulnerability posture under tight deadlines.
• Industry Insight: Experience in financial services and automotive sectors, with a commitment to continuous improvement and innovation in vulnerability management practices.

• Information Security Certifications preferred
• Subject to stressful situations
• After-hours work and periodic 24x7 on call support may be required
• Some travel (estimated at 20%) may be required to support business needs
• 6 years of experience in large and complex business environments with a successful track record working directly with senior level management Req
• 5-7 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information Technology,
• Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design,
• Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security
• Audit, IT or Security Compliance required
• Bachelor’s Degree or equivalent experience Preferred
  

I-JI1

#LI-Hybrid

#GMFjobs