03 Nov
AVP Cybersecurity
Texas, Arlington

Vacancy expired!

GM Financial - AVP Cybersecurity

Overview GM Financial (GMF) is the wholly owned captive finance subsidiary of General Motors and is headquartered in Texas. We are a global provider of auto finance solutions, with operations in North America, South America and Asia. Through our long-standing relationships with auto dealers, we offer attractive retail financing and lease programs to meet the needs of each customer. We also offer commercial lending products to dealers to help them finance and grow their businesses.At GMF our Cybersecurity organization is a global team consisting of architecture, engineering, operations, governance, and risk functions under the Chief Information Security Officer reporting directly to the CEO.The AVP Cybersecurity is responsible for managing a portion of the GM Financial (GMF) Cybersecurity Program designed to advise the organization on its management of Cybersecurity risk by supporting risk based management decisions; developing, deploying, monitoring, tuning, evaluating, reporting on and maintaining systems and procedures; and identifying and mitigating threats to the corporate network, corporate assets and corporate users to ensure the security of company systems and information assets. This team member is responsible for leading both technical implementation of systems and communication of security requirements to management and security leadership. Additionally, this team member will be responsible, as necessary, with leading investigations into security threats, working with internal and external groups to ensure the Cybersecurity program is operating effectively and efficiently, and developing strong partnerships across the enterprise to ensure information assets are protected at the appropriate level. Responsibilities JOB DUTIES

  • Leads Cybersecurity Operations group and is responsible for engineer talent management
  • Coordinate with Senior IT Security leaders to set direction and operation of the group
  • Prepares roadmaps, guidelines and direction for the department
  • Preparing technical requirements and standards
  • Manage project assignment and delegate tasks as needed
  • Provide conflict resolution and disciplinary actions for the department
  • Identify, engineer and design security technologies including, but not limited to: Security Incident and Event Managers (SIEM) and threat intelligence solutions, Web filtering (proxy, network AV), Intrusion Detection and Prevention Systems (IDS/IPS), Endpoint security solutions, Data Loss Prevention (DLP), Vulnerability Management (VM), Threat Intelligence and Threat Detection, Web Application Firewalls (WAF), Email Gateways, Breach Mitigation, Certificate Management, SSL encryption and decryption, Identity Management, Cloud Security, Database Security, Web Gateways and VPNs and Firewalls
  • Communicate critical threats and remediation efforts for the enterprise
  • Perform analysis of system logs to identify unauthorized use or access
  • Creation, analyze and communicate of security metrics to senior leadership
  • Designs and monitor secure access to the network infrastructure, including routers, switches and access points
  • Participate in emergency response team activities for responding to various security incidents
  • Provide in-depth support for information security incidents including internal violations, hacker attacks, virus and system outages
  • Prepare and update information procedures, standards and/or other technical requirement documents
  • Act as a technical resource to department management and others within the company who are seeking more information about security
  • Participate in periodic information systems risk assessments
  • Develop detailed proposals and plans for new information security systems that would enhance or enable new capabilities for network or host systems
  • Recommends and evaluates security tools to identify more efficient and effective security measures
  • Perform other duties as assigned
  • Conform with all company policies and procedures
Qualifications Knowledge
  • Detail oriented
  • Local and wide area networking concepts, principles and protocols
  • Advanced knowledge in infrastructure design and management
  • Working knowledge of management processes such as personnel administration, planning and budgeting
  • Strong working knowledge of Intel platforms, iSeries and pSeries servers
  • Advanced understanding of IT Service Management (ITSM) best practices and processes
  • Experience with UML Design Tools
  • TCP/IP, OSI model and imp subnetting
  • High level understanding of technology infrastructure, security concepts and platforms
  • Demonstrated success in project management
  • Advanced knowledge of IBM pSeries hardware, operating systems and TSM backup infrastructure
  • Advanced knowledge of the OSI model and security that is associated with each layer
  • Understanding of routing and switching protocols as they relate to load balancing
  • Strong understanding of application layer protocols including HTTP, SSH, SSL and DNS
  • Knowledge and stay abreast on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities
  • Knowledge of IT security processes and controls as well as IT infrastructure and networking technical knowledge
  • Must have demonstrable experience supporting security requirements of a large, global enterprise environment
Skills
  • Ability to think strategically and make collaborative decisions
  • Ability to apply structured analysis methods to various types of data to establish trends, determine variability and business impact
  • Communicates quickly, clearly, concisely, appropriately and intelligently
  • Foster open communication, speaks with impact, listens to others and writes effectively
  • Experience with alternate management methods using SSH, serial connections and the command-line interface TMSH
  • Ability to effectively negotiate with vendors on upgrades and acquisitions
  • Effective planning, time management, negotiation and delegation skills
  • Strong level IT security processes and controls knowledge as well as IT infrastructure and networking technical knowledge
  • Ability to approach problems with an open-mind and create new and innovative ideas and methods
  • Advanced technical writing
  • Experience in documentation tools such as Visio and Microsoft Office products
  • Advanced information security standards/frameworks (ie, NIST Cybersecurity Framework, ISO 27001) skills
  • Advanced experience with Network and VLAN segmentation
  • Strong analytical skills
  • Ability to approach problems with an open-mind, use existing information and resources
  • Creative, innovative, problem-solving and maximizing potential to solve problems and improve methods
  • Think positively when faced with obstacles, build on others ideas, think logically and intuitively
Education
  • Bachelor's Degree or equivalent experience preferred
Experience
  • 6 years of experience in large and complex business environments with a successful track record working directly with senior level management required
  • 5-7 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance required
Licenses
  • Information Security Certifications preferred
Working Conditions
  • Normal office environment
  • Subject to stressful situations
  • After-hours work and periodic 24x7 on call support may be required
  • Some travel (estimated at 20%) may be required to support business needs
#LI-WB1

Vacancy expired!