Cybersecurity Manager -SOC

Overview GM Financial (GMF) is the wholly owned captive finance subsidiary of General Motors and is headquartered in Texas. We are a global provider of auto finance solutions, with operations in North America, South America and Asia. Through our long-standing relationships with auto dealers, we offer attractive retail financing and lease programs to meet the needs of each customer. We also offer commercial lending products to dealers to help them finance and grow their businesses. At GMF our Cybersecurity organization is a global team consisting of architecture, engineering, operations, governance, and risk functions under the Chief Information Security Officer reporting directly to the CEO. The Cybersecurity Manager is responsible for managing a portion of the GM Financial (GMF) Cybersecurity Program designed to advise the organization on its management of Cybersecurity risk by supporting risk based management decisions; developing, deploying, monitoring, tuning, evaluating, reporting on and maintaining systems and procedures; and identifying and mitigating threats to the corporate network, corporate assets, and corporate users to ensure the security of company systems and information assets. This team member is responsible for leading both technical implementation of systems, and communication of security requirements to management and security leadership. Additionally, this team member will be responsible, as necessary, with leading investigations into security threats, working with internal and external groups to ensure the Cybersecurity program is operating effectively and efficiently, and developing strong partnerships across the enterprise to ensure information assets are protected at the appropriate level. Responsibilities

• Build and develop a team of individuals responsible triage, analysis, and specific response functions.
• Manage a "first-line of defense" team with eyes-on-glass for a number of alerts associated with Phishing, Data Loss Prevention, Policy Violations, User-Behavior Analytics, and Network and Host-based anomalies.
• Build KPIs for tracking team performance, reporting on a regular basis to Cybersecurity Leadership.
• Mentor, Train and Develop staff members in triage and investigation methodologies.
• Support Incident Response in coordination with HR, Legal, Privacy and Corporate Security initiatives and investigations.
• Escalate technical investigations or complex items to the Incident Response AVP.
• Identify opportunities for enhanced data enrichment, alert creation & tuning, or automation, based on the teams need; share those with our Incident Response AVP who will coordinate delivery.
• Manage any MSSP engagements (onboarding, expectations and deliverables) alongside the Incident Response AVP.
• Partner with our Governance, Architecture, and Engineering and Operations organizations to develop process enhancements and Tabletop Exercises to further our maturity.
• Hold the team accountable for responsiveness, ensuring queries to CSIRT and Cybersecurity are directed to the appropriate team(s) and/or individual(s).
• Ability to manage conflicting priorities, identifying and executing on critical paths to drive forward progress.
• Enjoy a fast-paced environment that will accelerate career growth in the Cybersecurity and Incident Response industry.
• Stay current on threats impacting the automotive, financial and IT industries, as well as defensive strategies to detect and thwart threat actors.
• Be a good steward of Cybersecurity practices and principles, offering guidance and support to peers in other departments within GM Financial.

• Local and wide area networking concepts, principles and protocols
• Advanced knowledge in Infrastructure design and management
• Working knowledge of management processes such as personnel administration, planning and budgeting
• Strong working knowledge of Intel platforms, iSeries and pSeries servers
• Advanced understanding of IT Service Management (ITSM) best practices and processes
• Experience with UML Design Tools
• Advanced knowledge of TCP/IP, OSI model and imp subnetting
• High level understanding of technology infrastructure, security concepts and platforms
• Demonstrated success in project management
• Advanced knowledge of the OSI model and security that is associated with each layer
• Understanding of routing and switching protocols as they relate to load balancing
• Strong understanding of application layer protocols including HTTP, SSH, SSL and DNS
• Knowledge and stay abreast on the latest security and privacy legislation, regulations, advisories, alerts and vulnerabilities
• Knowledge of IT security processes and controls as well as IT infrastructure and networking technical knowledge
• Practical experience and knowledge of the latest Cybersecurity legislations, regulations, advisories, alerts, vulnerabilities and Cybersecurity frameworks

• Ability to think strategically and make collaborative decisions
• Ability to apply structured analysis methods to various types of data to establish trends, determine variability and business impact
• Communicates quickly, clearly, concisely, appropriately and intelligently
• Foster open communication, speaks with impact, listens to others and writes effectively
• Experience with alternate management methods using SSH, serial connections and the command-line interface TMSH
• Ability to effectively negotiate with vendors on upgrades and acquisitions
• Effective planning, time management, negotiation, and delegation skills
• Expert level IT security processes and controls knowledge as well as IT infrastructure and networking technical knowledge
• Ability to approach problems with an open-mind and create new and innovative ideas and methods
• Advanced technical writing
• Experience in documentation tools such as Visio and Microsoft Office products
• Advanced information security standards/frameworks (ie, NIST Cybersecurity Framework, ISO 27001) skills
• Advanced experience with Network and VLAN segmentation
• Strong analytical skills
• Ability to approach problems with an open-mind, use existing information and resources
• Creative, Innovative, problem-solving and maximizing your potential to solve problems and improve methods
• Think positively when faced with obstacles, build on others ideas, think logically and intuitively
• Detailed oriented

• High School Diploma required
• Bachelor's Degree in related field or equivalent work experience preferred

• Minimum of 4 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information Technology, Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design, Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security Audit, IT or Security Compliance required
• 7-10 years of experience in large and complex business environments with a successful track record working directly with senior level management preferred

• Information Security Certifications strongly preferred

• Normal office environment subject to stressful situations
• Possibility of working long hours including weekends/holidays or split shifts may be required
• Limited travel may be required to support business needs