Job Specifications
Job Description
Flexible hybrid work environment: 4-days a week in office.
Why GMF Cybersecurity?
Our Cybersecurity team is tasked with security engineering, regulatory response, third party risk, and incident response capabilities necessary to secure GM Financial, the captive auto finance subsidiary of General Motors. Reporting directly to the CEO, our Cybersecurity team enjoys unprecedented support to deliver the highest level of security capabilities using cutting edge technologies and automating mundane tasks, allowing our teams to focus on interesting and rewarding security work.
As a part of GM Financial, you’ll have the opportunity to work on Cybersecurity projects across financial services, automotive, manufacturing, high-tech, and military industries. We are looking for team players who want the freedom to innovate leading edge capabilities to join our growing Cybersecurity team.
Responsibilities
The Assistant Vice President, Threat & Vulnerability Management will lead the strategy and execution of our enterprise vulnerability management program. This role is responsible for identifying, prioritizing, and driving remediation of vulnerabilities across infrastructure, applications, and cloud environments. You will lead a team of professionals, implement risk-based processes, and partner with technology and business stakeholders to reduce exposure and strengthen our security posture.
In This Role, You Will
Strategic Leadership
Develop and execute a comprehensive threat and vulnerability management strategy aligned with business objectives and risk appetite.
Establish governance for vulnerability scanning, prioritization, and remediation across all technology domains.
Define and track key performance indicators (KPIs) and service-level agreements (SLAs) to measure program effectiveness.
Build and mentor a high-performing team, fostering a culture of accountability and continuous learning.
Technical Oversight
Oversee vulnerability scanning and assessment for infrastructure, applications, and cloud platforms.
Implement risk-based prioritization using factors such as asset criticality, exploitability, and threat intelligence.
Ensure integration of vulnerability management processes into the software development lifecycle (SDLC) and change management workflows.
Maintain awareness of emerging threats, tools, and best practices to continuously improve program maturity.
Communication & Collaboration
Partner with IT, development, and business teams to ensure timely remediation of vulnerabilities.
Provide clear, actionable reporting to technical teams and concise risk summaries for senior leadership.
Act as a subject matter expert on vulnerability management and related security practices.
Qualifications
What makes you a dream candidate?
Strategic Leadership in TVM: Proven ability to lead enterprise-wide Threat & Vulnerability Management programs, aligning vulnerability remediation with business priorities and risk appetite.
Deep Expertise in Vulnerability Lifecycle: Advanced knowledge of vulnerability identification, risk scoring, prioritization, and remediation processes across complex, global environments.
Risk-Based Approach: Skilled in leveraging frameworks such as CVSS, NIST, and MITRE to assess and communicate risk effectively to technical and executive stakeholders.
Technology and Process Integration: Hands-on experience with vulnerability scanning tools (e.g., Qualys, Tenable, Rapid7) and application security and code scanning platforms (e.g., Checkmarx One, Veracode, SonarQube) and vulnerability reporting platforms for automated workflows and expedited reporting.
Regulatory and Compliance Alignment: Ensures TVM operations meet or exceed standards such as NIST, FFIEC, NYDFS, GDPR, CCPA/CPRA, and other global regulatory requirements.
Influential Communicator: Exceptional ability to translate technical risk into business impact, influencing senior leaders and driving accountability across IT and business units.
People-Centric Leadership: Strong track record in building and leading high-performing teams, fostering collaboration, and developing talent through coaching and mentorship.
Operational Excellence: Adept at managing multiple initiatives, prioritizing based on risk, and delivering measurable improvements in vulnerability posture under tight deadlines.
Industry Insight: Experience in financial services and automotive sectors, with a commitment to continuous improvement and innovation in vulnerability management practices.
Experience
Information Security Certifications preferred
Subject to stressful situations
After-hours work and periodic 24x7 on call support may be required
Some travel (estimated at 20%) may be required to support business needs
6 years of experience in large and complex business environments with a successful track record working directly with senior level management Req
5-7 years of experience in one or more of the following domains: Cybersecurity, Information
About the Company
GM Financial is the captive finance company and the wholly owned subsidiary of General Motors and is headquartered in Fort Worth, Texas. The company is a global provider of auto finance solutions, with operations in North America, Latin America and China. Through our long-standing relationships with auto dealers, we offer attractive retail loan and lease programs to meet the needs of each customer. We also offer commercial lending products to dealers to help them finance and grow their businesses. GM Financial employs more t...
Know more