CrawlJobs Logo
General Motors Logo General Motors · IT - Administration

Senior Analyst, Cybersecurity Compliance

United States, Austin, Texas · Job Posted April 16, 2026
Apply Position
Job Link Share

Job Description

The Cybersecurity Compliance – Information Lifecycle Management (ILM), Export & Business Continuity Planning (BCP) Senior Analyst supports the Governance, Risk & Compliance (GRC) organization by providing enterprise oversight of ILM, Export Controls, and BCP across IT and Cybersecurity. This role is accountable for designing, operating, and sustaining ILM, Export, and BCP control frameworks, translating corporate policy and regulatory requirements into clear, actionable controls, processes, and metrics. The position monitors compliance dashboards, attestations, and formal reporting; proactively identifies control gaps and emerging risks; and drives remediation in partnership with Legal, ILM Coordinators, Export Compliance Officer (ECO)/Sub‑ECOs, application owners, BCP teams, and Cybersecurity functions. The role also integrates ILM, Export, and BCP control posture, risk, and trends across the NIST Cybersecurity Framework (NIST CSF) for broad cyber and regulatory risk reporting to leadership, supporting risk‑informed, compliance‑focused decisions.

Job Responsibility

  • Implement and maintain a comprehensive cybersecurity compliance program for ILM, Export, and BCP that is aligned to the NIST Cybersecurity Framework (NIST CSF)
  • Conduct regular compliance assessments of ILM, Export, and BCP controls, evaluating inherent and residual risk across these domains
  • Analyze and prioritize identified issues based on compliance impact and likelihood
  • recommend risk treatment strategies and control enhancements
  • Monitor and track mitigation activities to closure, assessing impacts to residual compliance risk and recommending adjustments to the unified control set
  • Design, operate, and continuously improve the ILM control framework, ensuring alignment with corporate ILM policy, data classification standards, retention schedules, and privacy requirements
  • Define and document control requirements for data creation, classification, retention, archival, and destruction across key systems and repositories
  • Establish and manage ILM attestation processes with ILM Coordinators, application owners, and business stakeholders to confirm control design and operating effectiveness
  • Partner with Legal, Privacy, and Records Management to ensure ILM controls support litigation hold, regulatory, and privacy obligations
  • Translate Export Control policy and regulatory obligations into practical, testable controls across IT and Cyber environments
  • Partner with the ECO/Sub‑ECO network to define, document, and operationalize Export controls (e.g., access restrictions, system configuration, logging/monitoring)
  • Monitor compliance with Export requirements through dashboards, attestations, exception reviews, and periodic control testing
  • Support investigations, issues management, and remediation for Export‑related control deficiencies and incidents
  • Integrate BCP and resilience requirements into cybersecurity controls and standards, ensuring critical cyber and IT services can withstand and recover from disruptive events
  • Collaborate with enterprise BCP and Crisis Management teams to align BCP plans, recovery strategies, and technical controls (e.g., backup, recovery, failover)
  • Support exercises, simulations, and post‑event reviews to validate the effectiveness of BCP‑related cyber controls and drive continuous improvement
  • Develop clear, concise compliance and risk reports on ILM, Export, and BCP for senior leadership, risk committees, and other stakeholders
  • Build and maintain dashboards and metrics (e.g., control coverage, testing results, exceptions, attestations, remediation progress) to demonstrate posture and trends
  • Translate technical compliance and control findings into plain‑language, decision‑ready insights for non‑technical stakeholders, emphasizing business and regulatory impact
  • Manage Cybersecurity’s GRC platform (e.g., ServiceNow IRM) for ILM, Export, and BCP use cases, including issues, controls, tests, and attestations
  • Support configuration and enhancement of modules to enable standardized workflows, evidence collection, and reporting for ILM, Export, and BCP
  • Collaborate with Cybersecurity and IT teams to populate and maintain high‑quality risk and compliance data for these domains
  • Design and implement data integration strategies to consolidate control, issue, and risk information from multiple sources into unified dashboards and reports

Requirements

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Information Technology, Risk Management, or a related field
  • Minimum 7 years of experience in cybersecurity, GRC, risk management, audit, or related compliance roles, preferably in a large, global organization
  • Demonstrated experience with cybersecurity risk and compliance frameworks (e.g., NIST CSF, NIST 800‑53, ISO 27001, CIS) and enterprise risk/compliance frameworks (e.g., FAIR, ERM, COSO)
  • Familiarity with legal and regulatory requirements impacting cybersecurity, data, and export controls (e.g., SOX, PCI‑DSS, GDPR, CCPA, export regulations, records/retention requirements)
  • Understanding of incident response, vulnerability management, and business continuity processes and how they intersect with compliance obligations
  • Experience managing or supporting GRC software tools and platforms (preferably ServiceNow IRM), including workflows, control libraries, and reporting
  • Excellent communication, presentation, and interpersonal skills
  • able to translate technical compliance topics into concise, executive‑ready messages
  • Proven ability to manage multiple complex initiatives, prioritize effectively, and work both independently and collaboratively in a matrixed environment

Nice to have

  • Advanced degree in Cybersecurity, Information Systems, Risk Management, or a related field
  • Knowledge of enterprise ILM frameworks and practices, including familiarity with models such as the SNIA ILM Maturity Model and tools such as ServiceNow Lifecycle Management
  • Knowledge of BCP models and best practices, including familiarity with frameworks such as ISO 22301, NIST SP 800‑34, and COBIT DSS04
  • Understanding of EAR, ITAR, the U.S. Consolidated Screening List (CSL), and other export control regulations, including requirements for managing controlled technologies, safeguarding sensitive data, and supporting export control compliance activities
  • Demonstrated experience in IT control auditing and assurance, including testing internal controls and supporting audits aligned with NIST, ISO 27001, SOX, or similar standards
  • Professional certifications such as CGRC, CRISC, CISA, CISM, CISSP, or PMP
  • Experience implementing or maturing ILM, Export Controls, or BCP programs within a regulated, global enterprise
  • Experience working with globally distributed teams and cross‑functional stakeholders (e.g., Legal, Privacy, Records, BCP, IT, and Cybersecurity)
General Motors - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Senior Analyst, Cybersecurity Compliance

8 matching positions

Senior GRC Analyst

We are seeking an experienced Senior Governance, Risk, and Compliance (GRC) Anal...
Location
Location
United States , Chicago
Salary
Salary:
90000.00 - 130000.00 USD / Year
blumeglobal.com Logo
Blume Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on experience in GRC, preferably with a focus on acquisition integration
  • Strong knowledge of regulatory compliance requirements, risk management frameworks, including ISO 27001, NIST
  • Experience with SOC1/2, GDPR, and privacy frameworks
  • Proficiency in information security tools, techniques, and controls
  • Experience with metrics and KPIs to measure and track information security risk
  • Ability to develop policies, standards, and guidelines
  • ISO27001:2022 Lead Implementer and lead auditor certifications are a must
  • CISA, CISM, CISSP, or CRISC certifications are desirable
  • Experience with GRC tools, such as Vanta, Archer, ServiceNow Risk modules is highly desirable
  • Exposure to CMMC/FedRAMP is highly desirable
Job Responsibility
Job Responsibility
  • Acquisition Assessment: Collaborate with cross-functional teams to assess the GRC landscape of newly acquired companies, identifying gaps and alignment opportunities
  • Integration Planning: Develop comprehensive integration plans tailored to each acquisition, ensuring alignment with the company's overarching GRC strategy
  • Risk Management: Evaluate and mitigate risks associated with integration processes, working closely with risk management teams
  • Policy and Procedure Harmonization: Bridge gaps between existing practices and those of acquired entities, harmonizing policies, procedures, and controls
  • Communication and Stakeholder Management: Effectively communicate integration plans and progress, fostering strong relationships with key stakeholders
  • Reporting and Documentation: Maintain accurate documentation of integration activities and generate insightful reports for senior management
  • Continuous Improvement: Identify areas for improvement and drive enhancements to the integration process
  • Customer Security Questionnaire Support: Collaborate with various teams to ensure accurate and comprehensive responses to customer security questionnaires
  • Fulltime
Read More
Arrow Right

Senior GRC Analyst

We are seeking an experienced Senior Governance, Risk, and Compliance (GRC) Anal...
Location
Location
United States , Chapel Hill
Salary
Salary:
Not provided
blumeglobal.com Logo
Blume Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of hands-on experience in GRC, preferably with a focus on acquisition integration
  • Strong knowledge of regulatory compliance requirements, risk management frameworks, including ISO 27001, NIST
  • Experience with SOC1/2, GDPR, and privacy frameworks
  • Proficiency in information security tools, techniques, and controls
  • Experience with metrics and KPIs to measure and track information security risk
  • Ability to develop policies, standards, and guidelines
  • ISO27001:2022 Lead Implementer, and lead auditor certifications are a must
  • CISA, CISM, CISSP, or CRISC certifications are desirable
  • Experience with GRC tools, such as Vanta, Archer, ServiceNow Risk modules is highly desirable
  • Exposure to CMMC/FedRAMP is highly desirable
Job Responsibility
Job Responsibility
  • Acquisition Assessment: Collaborate with cross-functional teams to assess the GRC landscape of newly acquired companies, identifying gaps and alignment opportunities
  • Integration Planning: Develop comprehensive integration plans tailored to each acquisition, ensuring alignment with the company's overarching GRC strategy
  • Risk Management: Evaluate and mitigate risks associated with integration processes, working closely with risk management teams
  • Policy and Procedure Harmonization: Bridge gaps between existing practices and those of acquired entities, harmonizing policies, procedures, and controls
  • Communication and Stakeholder Management: Effectively communicate integration plans and progress, fostering strong relationships with key stakeholders
  • Reporting and Documentation: Maintain accurate documentation of integration activities and generate insightful reports for senior management
  • Continuous Improvement: Identify areas for improvement and drive enhancements to the integration process
  • Customer Security Questionnaire Support: Collaborate with various teams to ensure accurate and comprehensive responses to customer security questionnaires
Read More
Arrow Right

Senior Trust Analyst

The Trust Engagement team is a globally distributed group of risk professionals ...
Location
Location
Salary
Salary:
Not provided
https://www.atlassian.com Logo
Atlassian
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-7+ years experience working with customers across Security, Governance, Risk and Compliance domain areas
  • Expertise to guide discussions about security and risk trade-offs
  • Customer facing or consulting engagement experience
  • Success with customer, executive, or board member briefings on strategy
  • Knowledge of security, compliance and privacy frameworks & standards (e.g., GDPR, HIPAA, SOC2, ISO27001, NIST 800-53, PCI-DSS)
  • Experience working with Regulatory Compliance, Global Privacy Programs, Cloud Security or related functions
  • Familiarity with large-scale enterprise SaaS platforms and challenges across security, privacy and compliance related to customer trust
  • Understanding of cybersecurity principles and their application in a SaaS context
  • Understanding infrastructure and delivery models of SaaS products
  • Proficient knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud) and their services
Job Responsibility
Job Responsibility
  • Represent Atlassian with our customers to remove trust as a blocker for customer acquisition, customer migration, and long term customer retention
  • Be accountable for engaging in a variety of Atlassian customer facing initiatives. Your primary focus will involve helping our customers gain an understanding of Atlassian’s commitment to Trust by articulating our Security practices, Compliance posture, and Privacy measures
  • Manage complex customer security reviews & audits
  • Support legal in negotiating security and compliance terms & exhibits for Atlassian Customer Agreements
  • Represent the Voice of the Customer by identifying deal blockers and friction points to influence Security, Product & Engineering strategy in meeting customer expectations
  • Drive customer facing Trust collateral by publishing publicly facing materials, presentations, white papers
  • Provide security, compliance, and privacy education and training to internal partner teams in Sales, Product Marketing, Legal, etc.
  • Mentor team through technical leadership and knowledge sharing
What we offer
What we offer
  • health and wellbeing resources
  • paid volunteer days
Read More
Arrow Right

Compliance Analyst

insightsoftware is seeking a detail-oriented and proactive Compliance Analyst to...
Location
Location
United States , Remote
Salary
Salary:
Not provided
insightsoftware.com Logo
insightsoftware
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in information security, Cybersecurity, Computer Science, Risk Management, Legal Studies, Business Administration, or related field
  • Minimum 3+ years of experience in compliance program management, risk management, or information security roles, preferably in regulated industries or technology companies
  • Demonstrated experience responding to third-party risk assessments, security audits, customer security questionnaires, RFPs, and compliance due diligence requests
  • Working knowledge of regulatory frameworks and standards (e.g., ISO 27001, SOC 2 (Type II), NIST, FedRAMP, CMMC, PCI DSS, GDPR, CCPA), trade control regulations (EAR, ITAR), anti-bribery/corruption laws (FCPA, UK Bribery Act), and data privacy principles
  • A strong knowledge of at least one regulatory framework governing matters pertaining to data privacy, cybersecurity, trade compliance, or third-party risk management
  • Experience with third-party screening tools and vendor risk management platforms
  • Familiarity with GRC or data protection management platforms (e.g., OneTrust, ServiceNowMetricStream)
Job Responsibility
Job Responsibility
  • Support the development, implementation, and maintenance of a global compliance program, including trade compliance, anti-bribery/corruption, anti-trust, and business ethics
  • Conduct secondary screening of third parties (vendors, partners, customers) , and assess potential matches against government watchlists of denied, debarred, sanctioned, or restricted parties to ensure compliance with applicable trade compliance, export control and sanctions regulations (e.g., U.S. Department of the Treasury Office of Foreign Assets Control ("OFAC"), U.S. Department of Commerce Bureau of Industry and Security ("BIS"), U.K. Office of Financial Sanctions Implementation ("OFSI"), European Union, and United Nations)
  • Assist with export classification determinations and licensing requirements for software products and services, including evaluation of Export Control Classification Numbers ("ECCNs")
  • Support the company's compliance with applicable data protection regulatory frameworks (e.g., GDPR, CCPA)
  • Support the Corporate Counsel, Data Privacy, AI, Cybersecurity with data protection initiatives and obligations including data mapping exercises, processing activity records, and privacy impact assessments, and coordinate responses to data subject access requests ("DSARs") and privacy-related inquiries
  • Support privacy management tools and platforms for consent management and privacy workflow automation
  • Partner with company counsel, InfoSec, and other stakeholders with compliance audits, data privacy questionnaires, and third-party risk assessment processes including vendor due diligence and ongoing monitoring
  • Support risk and control self-assessments ("RCSA"), audit management, and remediation tracking
  • Collaborate with stakeholders including the Chief Information Security Officer ("CISO") and the team to quantify, monitor, and report on security and compliance performance
  • Maintain GRC platforms (e.g., ServiceNow, Archer, MetricStream) to track compliance activities, risks, and controls
Read More
Arrow Right

Senior Systems Analyst

We are looking for an experienced Senior Systems Analyst to join our team in Bro...
Location
Location
United States , Brockport
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A minimum of 5 years of experience in systems analysis or a related IT role
  • Proficiency with Microsoft 365 Enterprise and Office 365 applications
  • Strong understanding of computer networking concepts, including TCP/IP, VLAN, VPN, and DNS
  • Experience with systems hardware and tools such as Microsoft Hyper-V, Zabbix, and Linux
  • Familiarity with cybersecurity tools and practices, including CrowdStrike
  • Ability to utilize scripting tools like PowerShell to enhance efficiency
  • Knowledge of cloud migration processes and strategies
  • Expertise in troubleshooting network servers and resolving technical issues effectively
Job Responsibility
Job Responsibility
  • Collaborate with users to identify their needs and translate them into system specifications, considering workflows, access requirements, and security protocols
  • Plan, install, configure, and test computer systems, servers, software, and both local and wide area networks
  • Establish robust security measures, including access controls, regular system monitoring, and disaster recovery planning to ensure compliance with industry standards and regulations
  • Develop and maintain comprehensive documentation for IT systems, including policies, procedures, and user guidelines
  • Work with vendors to evaluate and implement software updates, new features, and system improvements
  • Monitor budgets by preparing cost estimates and tracking IT-related expenses
  • Stay updated on emerging technologies and industry trends through ongoing development activities such as training and networking
  • Safeguard organizational data by implementing privacy protocols and cybersecurity best practices
  • Provide advanced technical support and serve as an escalation point for other IT team members
  • Manage and support the organization's Office 365 environment, ensuring optimal functionality and user satisfaction
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • 401(k) plan
  • free online training
  • Fulltime
Read More
Arrow Right

Senior Software Quality Analyst

This senior-level position will establish testing strategy, mentor QA personnel,...
Location
Location
United States , McLean
Salary
Salary:
Not provided
bln24.com Logo
BLN24
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Technology, or a related field
  • 8–10 years of experience in software quality assurance, with at least 3 years in a QA leadership role
  • Strong background in automated testing, test planning, and performance validation
  • Familiarity with federal cybersecurity frameworks and compliance testing
Job Responsibility
Job Responsibility
  • Define and maintain the overall QA strategy across a portfolio of cloud-migrated applications
  • Lead performance, regression, and compliance testing efforts in AWS environments
  • Oversee and mentor junior QA analysts and ensure consistent testing practices across teams
  • Ensure all software meets NOAA IT Security standards and Federal Data Strategy compliance requirements
  • Proactively identify risks, escalate issues, and provide QA reporting to program leadership
What we offer
What we offer
  • generous medical, dental, and vision plans
  • opportunity to work in different sectors
  • Flexibility at BLN24 allows each individual the opportunity to balance quality work and their personal lives
  • remote working opportunities
  • Fulltime
Read More
Arrow Right

Senior Information System Security Officer

We are seeking a highly skilled and mission-driven Senior Information Systems Se...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field (or equivalent combination of education and experience)
  • 8+ years of progressive experience in information systems security, with at least 3 years in a senior-level or lead ISSO role supporting federal or state government agencies
  • Strong working knowledge of: NIST 800-53, RMF, FISMA, OWASP Top 10, and SANS Institute standards
  • SAFe Agile environments and integrating security in Agile workflows
  • Networking, Linux/Windows system administration, and secure software development practices
  • Cloud platforms (AWS, Azure, GCP) and related security tools (e.g., AWS Security Hub, Azure Defender)
  • Experience in managing security documentation, participating in audits, and working with compliance frameworks
  • Relevant certifications such as CISSP, CISM, Security+, CEH, or equivalent
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead the implementation and maintenance of system security controls in compliance with federal cybersecurity frameworks, including NIST SP 800-53, RMF, OWASP, DISA STIGs, and Common Criteria
  • Oversee the full lifecycle of Authorization to Operate (ATO) processes, including preparation of System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and risk assessments
  • Serve as a senior security advisor and liaison to system owners, developers, DevOps engineers, and government stakeholders
  • Participate in technical reviews of system architecture and ensure secure design of virtualized and software-defined infrastructures
  • Support integration of security controls into CI/CD pipelines using DevSecOps principles and tools (e.g., Jenkins, GitLab CI, SonarQube, Snyk)
  • Provide security engineering support for modern cloud environments, including AWS, Azure, or Google Cloud Platform, and assess cloud-native security capabilities
  • Conduct vulnerability assessments, interpret scan results from tools like Tenable, Nessus, Splunk, or Qualys, and lead remediation efforts
  • Mentor junior ISSOs and analysts on security policies, best practices, and tool usage
  • Ensure continuous monitoring activities are aligned with organizational risk tolerance and compliance goals
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

Senior Cybersecurity Analyst – CMMC & DoD Compliance

The Cybersecurity Analyst will help lead the CMMC compliance efforts to enable p...
Location
Location
United States , Austin, Texas; Warren, Michigan
Salary
Salary:
Not provided
gm.com Logo
General Motors
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent practical experience
  • 5+ years of cybersecurity experience in regulated or government‑contract environments
  • Experience supporting federally regulated cybersecurity requirements
  • Experience preparing for third‑party or government assessments
  • Ability to translate and communicate DoD cybersecurity requirements for application teams
  • Knowledge in the following areas: Identity & Access Management (IAM): RBAC, least privilege, privileged access workflows, MFA, service accounts, access reviews, joiner/mover/leaver processes
  • Windows & Linux security: GPO/Intune or equivalent, local admin controls, secure baselines (e.g., CIS-aligned), logging configuration, patch management, hardening validation
  • Network security: segmentation concepts, firewall rulesets, VPN/ZTNA, secure remote administration, network device logging, NAC fundamentals, DNS security basics
  • Endpoint security: EDR capabilities, alert triage/validation, policy enforcement, device encryption, removable media controls
  • Vulnerability management: scan coverage, risk-based prioritization, remediation workflows, exception handling, validation reporting
Job Responsibility
Job Responsibility
  • Drive the overall governance for government programs
  • Execute annual self-assessments (Continuous Monitoring) on CMMC/NIST controls and document findings
  • Coordinate internal teams (IAM, cloud, infrastructure, SOC, endpoint, vulnerability management, application owners) to validate control implementation and operational effectiveness
  • Identify compliance gaps, manage security exceptions (POA&Ms), and drive remediation prior to audit or customer assessments
  • Lead CMMC readiness and sustainment activities for GM Defense programs, aligned to NIST SP 800‑171 and DoD expectations for CUI protection
  • Build and maintain assessment‑ready evidence packages (policies, procedures, configurations, logs, tickets, reports) aligned to CMMC and DFARS requirements
What we offer
What we offer
  • This job may be eligible for relocation benefits
  • Fulltime
Read More
Arrow Right