AVP Cybersecurity, Threat and Vulnerability Management

1 week ago

Irving, TX, United States GM Financial Full time
Job Description

Flexible hybrid work environment: 4-days a week in office.

Why GMF Cybersecurity?

Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work.

As a part of GM Financial, you'll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.

Responsibilities

The Assistant Vice President, Threat & Vulnerability Management will lead the strategy and execution of our enterprise vulnerability management program. This role is responsible for identifying, prioritizing, and driving remediation of vulnerabilities across infrastructure, applications, and cloud environments. You will lead a team of professionals, implement risk-based processes, and partner with technology and business stakeholders to reduce exposure and strengthen our security posture.

In this role, you will:

Strategic Leadership

Develop and execute a comprehensive threat and vulnerability management strategy aligned with business objectives and risk appetite.
  • Establish governance for vulnerability scanning, prioritization, and remediation across all technology domains.
  • Define and track key performance indicators (KPIs) and service-level agreements (SLAs) to measure program effectiveness.
  • Build and mentor a high-performing team, fostering a culture of accountability and continuous learning.
Technical Oversight
  • Oversee vulnerability scanning and assessment for infrastructure, applications, and cloud platforms.
  • Implement risk-based prioritization using factors such as asset criticality, exploitability, and threat intelligence.
  • Ensure integration of vulnerability management processes into the software development lifecycle (SDLC) and change management workflows.
  • Maintain awareness of emerging threats, tools, and best practices to continuously improve program maturity.
Communication & Collaboration
  • Partner with IT, development, and business teams to ensure timely remediation of vulnerabilities.
  • Provide clear, actionable reporting to technical teams and concise risk summaries for senior leadership.
  • Act as a subject matter expert on vulnerability management and related security practices.
Qualifications

What makes you a dream candidate?
  • Strategic Leadership in TVM: Proven ability to lead enterprise-wide Threat & Vulnerability Management programs, aligning vulnerability remediation with business priorities and risk appetite.
  • Deep Expertise in Vulnerability Lifecycle: Advanced knowledge of vulnerability identification, risk scoring, prioritization, and remediation processes across complex, global environments.
  • Risk-Based Approach: Skilled in leveraging frameworks such as CVSS, NIST, and MITRE to assess and communicate risk effectively to technical and executive stakeholders.
  • Technology and Process Integration: Hands-on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7) and application security and code scanning platforms (e.g., Checkmarx One, Veracode, SonarQube) and vulnerability reporting platforms for automated workflows and expedited reporting.
  • Regulatory and Compliance Alignment: Ensures TVM operations meet or exceed standards such as NIST, FFIEC, NYDFS, GDPR, CCPA/CPRA, and other global regulatory requirements.
  • Influential Communicator: Exceptional ability to translate technical risk into business impact, influencing senior leaders and driving accountability across IT and business units.
  • People-Centric Leadership: Strong track record in building and leading high-performing teams, fostering collaboration, and developing talent through coaching and mentorship.
  • Operational Excellence: Adept at managing multiple initiatives, prioritizing based on risk, and delivering measurable improvements in vulnerability posture under tight deadlines.
  • Industry Insight: Experience in financial services and automotive sectors, with a commitment to continuous improvement and innovation in vulnerability management practices.
Experience
  • Information Security Certifications preferred
  • Subject to stressful situations
  • After-hours work and periodic 24x7 on call support may be required
  • Some travel (estimated at 20%) may be required to support business needs
  • 6 years of experience in large and complex business environments with a successful track record working directly with senior level management Req
  • 5-7 years of experience in one or more of the following domains: Cybersecurity, Information Security, Network Engineering or Operations, Information Technology,
  • Application Development, Access Control, Security Governance, Risk Management, Software Development Security, Cryptography, Security Architecture and Design,
  • Operational Security, Business Continuity & Disaster Recovery, Legal Regulations, Investigations and Compliance, Physical (Environmental) Security, IT or Security
  • Audit, IT or Security Compliance required
  • Bachelor's Degree or equivalent experience Preferred


What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture. We have an environment that welcomes new ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than. work - we thrive.

Compensation: Competitive salary and bonus eligibility; this role is eligible for company vehicle program.

Work Life Balance: Flexible hybrid work environment, 4-days a week in office.

I-JI1

#LI-Hybrid

#GMFjobs

  • Senior Principal Cybersecurity Engineer, Threat and Vulnerability

    2 weeks ago

    Irving, TX, United States GM Financial Full time

    Job DescriptionHybrid work environment: 4 days onsite and 1 day remoteWhy GM Financial Cybersecurity? Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response,...

  • Senior Principal Cybersecurity Engineer, Threat and Vulnerability

    57 minutes ago

    Irving, TX, United States GM Financial Full time

    Job DescriptionHybrid work environment: 4 days onsite and 1 day remoteWhy GM Financial Cybersecurity? Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident Response,...

  • Associate Cybersecurity Analyst

    2 weeks ago

    Irving, TX, United States GM Financial Full time

    Job DescriptionFlexible hybrid work environment, 4 days a week in the office.Why GM Financial Cybersecurity? Innovation isn't just a talking point at GM Financial, it's how we operate. By joining our team, you'll work in a mission-focused environment with specialized teams, including Engineering, Threat Intelligence, Vulnerability Management, Incident...

  • Cybersecurity Engineer

    4 days ago

    Irving, TX, United States Abacus Full time

    Job Title: Cybersecurity Engineer Job Description Cybersecurity Engineer assesses, formulates, and executes tasks related to SIEM, IDS/IPS, Privileged Account Management, Certificate Lifecycle Management, WAF, NDR, CI/DI, AIP, EDR, HSM, Threat Analytics, and other Cybersecurity tools. Partners with Cyber Operations, IAM, Cyber Architecture, Network...

  • Cybersecurity Engineer

    4 hours ago

    Irving, TX, United States Abacus Full time

    Job Title: Cybersecurity Engineer Job Description Cybersecurity Engineer assesses, formulates, and executes tasks related to SIEM, IDS/IPS, Privileged Account Management, Certificate Lifecycle Management, WAF, NDR, CI/DI, AIP, EDR, HSM, Threat Analytics, and other Cybersecurity tools. Partners with Cyber Operations, IAM, Cyber Architecture, Network...

  • Principal Cybersecurity Engineer- Architecture

    7 days ago

    Irving, TX, United States OneMain Financial Full time

    Position Overview: The Principal Cybersecurity Engineer is ideally based Baltimore, MD. Candidates may also be considered in Irving TX, Evansville IN, and Fort Mill SC. The Principal Cybersecurity Engineer will be responsible for designing, documenting, and reviewing the implementation of security controls across on-premises and cloud...

  • Principal Cybersecurity Engineer- Architecture

    2 weeks ago

    Irving, TX, United States OneMain Financial Full time

    Position Overview: The Principal Cybersecurity Engineer is ideally based Baltimore, MD. Candidates may also be considered in Irving TX, Evansville IN, and Fort Mill SC. The Principal Cybersecurity Engineer will be responsible for designing, documenting, and reviewing the implementation of security controls across on-premises and cloud...

  • Identity & Access Management Engineer

    7 days ago

    Irving, TX, United States Prestige Staffing Information Technology Job Full time

    JobID: 49549 Identity & Access Management (IAM) EngineerSkills: 5 to 8 years of experience in IAM engineering, with a strong focus on Microsoft Entra ID (Azure AD) Location: Irving, TX (Hybrid) Type: Full-time Our client has deep experience and a strong track record of success in the commercial HVAC industry. They make long-term investments in top-tier,...

  • Identity & Access Management Engineer

    3 days ago

    Irving, TX, United States Prestige Staffing Information Technology Job Full time

    JobID: 49549 Identity & Access Management (IAM) EngineerSkills: 5 to 8 years of experience in IAM engineering, with a strong focus on Microsoft Entra ID (Azure AD) Location: Irving, TX (Hybrid) Type: Full-time Our client has deep experience and a strong track record of success in the commercial HVAC industry. They make long-term investments in top-tier,...

  • Identity & Access Management Engineer

    5 days ago

    Irving, TX, United States Prestige Staffing Information Technology Job Full time

    JobID: 49549 Identity & Access Management (IAM) EngineerSkills: 5 to 8 years of experience in IAM engineering, with a strong focus on Microsoft Entra ID (Azure AD) Location: Irving, TX (Hybrid) Type: Full-time Our client has deep experience and a strong track record of success in the commercial HVAC industry. They make long-term investments in top-tier,...