Staff Technical Program Manager – Governance, Risk and Compliance
About the position
At General Motors, our product teams are redefining mobility. Through a human-centered design process, we create vehicles and experiences that are designed not just to be seen, but to be felt. We’re turning today’s impossible into tomorrow’s standard – from breakthrough hardware and battery systems to intuitive design, intelligent software, and next-generation safety and entertainment features. Every day, our products move millions of people as we aim to make driving safer, smarter, and more connected, shaping the future of transportation on a global scale.
The Role
As a Staff Technical Program Manager for Governance, Risk, and Compliance (GRC), you will be the operational backbone of GM’s GRC organization – driving execution, discipline, and visibility across all compliance and security-related programs. You will lead cross-organizational initiatives, run business-critical operating rhythms, and elevate our program maturity by ensuring accountability, readiness, and transparency at scale. In this role, you will partner across multiple GRC functions including Threat Analysis & Risk Management, Policy & Contracts, Third Party Cybersecurity, Legal & Regulatory Compliance, and Cyber Resiliency.
Responsibilities
• Program Delivery
Provide program management rigor, structure, and execution support for high-impact compliance initiatives.
• Lead planning, milestone development, dependency mapping, and risk/issue management across multiple GRC domains.
• Align cross-functional teams to deliver predictable, high‑quality outcomes in a safety-critical environment.
• Tracking & Reporting
Define and maintain OKRs, KPIs, dashboards, and reporting mechanisms to measure compliance maturity, performance, and operational health.
• Build repeatable reporting frameworks to support executive reviews, audits, and governance forums.
• Stakeholder Engagement
Serve as a trusted representative of the GRC organization with Legal, Cybersecurity, Engineering, Product, and Executive stakeholders.
• Drive alignment, surface risks early, and remove organizational blockers through effective communication and influence.
• Translate complex requirements into clear, actionable program plans for both technical and non‑technical audiences.
• Operational Excellence
Establish, refine, and scale a disciplined operating model for GRC programs, including standardized processes, cadences, and workflows.
• Implement structured review cycles, program scorecards, readiness assessments, and repeatable governance routines.
• Foster a culture of accountability, program rigor, and proactive issue resolution.
• Ensure ongoing audit readiness and predictable execution across all GRC initiatives.
Requirements
• 10+ years driving large‑scale, cross‑functional programs in Compliance, Cybersecurity, Risk Management, or Operations
• Strong Technical Program Management expertise, including roadmap planning, milestone tracking, risk/issue management, and cross-team dependency resolution
• Solid understanding of secure software development, risk and governance frameworks, and enterprise compliance requirements
• Experience supporting audit readiness or implementing regulatory/certification frameworks such as ISO 27001, SOC 2, NIST CSF, or GDPR
• Proficiency with modern program and portfolio management tools (e.g., Azure DevOps, JIRA, Confluence, Power BI)
• Excellent communication skills with proven success preparing executive- and board-level reporting and driving enterprise operating cadences
• Demonstrated ability to lead complex, multi-stakeholder initiatives and influence outcomes across engineering, cybersecurity, legal, and business teams.
• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related technical field, or equivalent hands-on experience in highly regulated, safety‑critical, or enterprise technology environments
Nice-to-haves
• Experience in automotive, cloud, aerospace, defense, or other safety‑critical environments (OEM or Tier‑1 preferred)
• Familiarity with cybersecurity, safety, and compliance requirements for vehicle systems, connected platforms, or cloud-based architectures
• Professional certifications such as CISM, CISSP, CIPP/E, ISO 27001 Lead Auditor, PMP, or PgMP
• Experience defining, scaling, or operating cybersecurity or compliance governance models and executive reporting structures
• Advanced degree (MBA, JD, MS in Cybersecurity, Engineering, or Risk Management)
Benefits
• From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.
• Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.
Apply Now
Apply Now
At General Motors, our product teams are redefining mobility. Through a human-centered design process, we create vehicles and experiences that are designed not just to be seen, but to be felt. We’re turning today’s impossible into tomorrow’s standard – from breakthrough hardware and battery systems to intuitive design, intelligent software, and next-generation safety and entertainment features. Every day, our products move millions of people as we aim to make driving safer, smarter, and more connected, shaping the future of transportation on a global scale.
The Role
As a Staff Technical Program Manager for Governance, Risk, and Compliance (GRC), you will be the operational backbone of GM’s GRC organization – driving execution, discipline, and visibility across all compliance and security-related programs. You will lead cross-organizational initiatives, run business-critical operating rhythms, and elevate our program maturity by ensuring accountability, readiness, and transparency at scale. In this role, you will partner across multiple GRC functions including Threat Analysis & Risk Management, Policy & Contracts, Third Party Cybersecurity, Legal & Regulatory Compliance, and Cyber Resiliency.
Responsibilities
• Program Delivery
Provide program management rigor, structure, and execution support for high-impact compliance initiatives.
• Lead planning, milestone development, dependency mapping, and risk/issue management across multiple GRC domains.
• Align cross-functional teams to deliver predictable, high‑quality outcomes in a safety-critical environment.
• Tracking & Reporting
Define and maintain OKRs, KPIs, dashboards, and reporting mechanisms to measure compliance maturity, performance, and operational health.
• Build repeatable reporting frameworks to support executive reviews, audits, and governance forums.
• Stakeholder Engagement
Serve as a trusted representative of the GRC organization with Legal, Cybersecurity, Engineering, Product, and Executive stakeholders.
• Drive alignment, surface risks early, and remove organizational blockers through effective communication and influence.
• Translate complex requirements into clear, actionable program plans for both technical and non‑technical audiences.
• Operational Excellence
Establish, refine, and scale a disciplined operating model for GRC programs, including standardized processes, cadences, and workflows.
• Implement structured review cycles, program scorecards, readiness assessments, and repeatable governance routines.
• Foster a culture of accountability, program rigor, and proactive issue resolution.
• Ensure ongoing audit readiness and predictable execution across all GRC initiatives.
Requirements
• 10+ years driving large‑scale, cross‑functional programs in Compliance, Cybersecurity, Risk Management, or Operations
• Strong Technical Program Management expertise, including roadmap planning, milestone tracking, risk/issue management, and cross-team dependency resolution
• Solid understanding of secure software development, risk and governance frameworks, and enterprise compliance requirements
• Experience supporting audit readiness or implementing regulatory/certification frameworks such as ISO 27001, SOC 2, NIST CSF, or GDPR
• Proficiency with modern program and portfolio management tools (e.g., Azure DevOps, JIRA, Confluence, Power BI)
• Excellent communication skills with proven success preparing executive- and board-level reporting and driving enterprise operating cadences
• Demonstrated ability to lead complex, multi-stakeholder initiatives and influence outcomes across engineering, cybersecurity, legal, and business teams.
• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related technical field, or equivalent hands-on experience in highly regulated, safety‑critical, or enterprise technology environments
Nice-to-haves
• Experience in automotive, cloud, aerospace, defense, or other safety‑critical environments (OEM or Tier‑1 preferred)
• Familiarity with cybersecurity, safety, and compliance requirements for vehicle systems, connected platforms, or cloud-based architectures
• Professional certifications such as CISM, CISSP, CIPP/E, ISO 27001 Lead Auditor, PMP, or PgMP
• Experience defining, scaling, or operating cybersecurity or compliance governance models and executive reporting structures
• Advanced degree (MBA, JD, MS in Cybersecurity, Engineering, or Risk Management)
Benefits
• From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.
• Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.
Apply Now
Apply Now