Staff Technical Program Manager – Governance, Risk and Compliance

General Motors • Full-time • United States • 6d ago

Staff Technical Program Manager – Governance, Risk and Compliance

Hybrid: This role is categorized as Hybrid, and the successful candidate is expected to report to the Global Technical Center in Warren, MI three times per week, at minimum.

At General Motors, our product teams are redefining mobility. Through a human-centered design process, we create vehicles and experiences that are designed not just to be seen, but to be felt. We’re turning today’s impossible into tomorrow’s standard – from breakthrough hardware and battery systems to intuitive design, intelligent software, and next-generation safety and entertainment features.

Every day, our products move millions of people as we aim to make driving safer, smarter, and more connected, shaping the future of transportation on a global scale.

The Role

As a Staff Technical Program Manager for Governance, Risk, and Compliance (GRC), you will be the operational backbone of GM’s GRC organization – driving execution, discipline, and visibility across all compliance and security-related programs. You will lead cross-organizational initiatives, run business-critical operating rhythms, and elevate our program maturity by ensuring accountability, readiness, and transparency at scale.

In this role, you will partner across multiple GRC functions including Threat Analysis & Risk Management, Policy & Contracts, Third Party Cybersecurity, Legal & Regulatory Compliance, and Cyber Resiliency.

What You’ll Do

Program Delivery

Provide program management rigor, structure, and execution support for high-impact compliance initiatives.
Lead planning, milestone development, dependency mapping, and risk/issue management across multiple GRC domains.
Align cross-functional teams to deliver predictable, high‑quality outcomes in a safety-critical environment.

Tracking & Reporting

Define and maintain OKRs, KPIs, dashboards, and reporting mechanisms to measure compliance maturity, performance, and operational health.
Build repeatable reporting frameworks to support executive reviews, audits, and governance forums.

Stakeholder Engagement

Serve as a trusted representative of the GRC organization with Legal, Cybersecurity, Engineering, Product, and Executive stakeholders.
Drive alignment, surface risks early, and remove organizational blockers through effective communication and influence.
Translate complex requirements into clear, actionable program plans for both technical and non‑technical audiences.

Operational Excellence

Establish, refine, and scale a disciplined operating model for GRC programs, including standardized processes, cadences, and workflows.
Implement structured review cycles, program scorecards, readiness assessments, and repeatable governance routines.
Foster a culture of accountability, program rigor, and proactive issue resolution.
Ensure ongoing audit readiness and predictable execution across all GRC initiatives.

Your Skills & Abilities (Required Qualifications)

10+ years driving large‑scale, cross‑functional programs in Compliance, Cybersecurity, Risk Management, or Operations
Strong Technical Program Management expertise, including roadmap planning, milestone tracking, risk/issue management, and cross-team dependency resolution
Solid understanding of secure software development, risk and governance frameworks, and enterprise compliance requirements
Experience supporting audit readiness or implementing regulatory/certification frameworks such as ISO 27001, SOC 2, NIST CSF, or GDPR
Proficiency with modern program and portfolio management tools (e.g., Azure DevOps, JIRA, Confluence, Power BI)
Excellent communication skills with proven success preparing executive- and board-level reporting and driving enterprise operating cadences
Demonstrated ability to lead complex, multi-stakeholder initiatives and influence outcomes across engineering, cybersecurity, legal, and business teams.
Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related technical field, or equivalent hands-on experience in highly regulated, safety‑critical, or enterprise technology environments

What Will Give You a Competitive Edge (Preferred Qualifications)

Experience in automotive, cloud, aerospace, defense, or other safety‑critical environments (OEM or Tier‑1 preferred)
Familiarity with cybersecurity, safety, and compliance requirements for vehicle systems, connected platforms, or cloud-based architectures
Professional certifications such as CISM, CISSP, CIPP/E, ISO 27001 Lead Auditor, PMP, or PgMP
Experience defining, scaling, or operating cybersecurity or compliance governance models and executive reporting structures
Advanced degree (MBA, JD, MS in Cybersecurity, Engineering, or Risk Management)

GM does not provide immigration-related sponsorship for this role. Do not apply for this role if you will need GM immigration sponsorship now or in the future. This includes direct company sponsorship, entry of GM as the immigration employer of record on a government form, and any work authorization requiring a written submission or other immigration support from the company (e.g., H1-B, OPT, STEM OPT, CPT, TN, J-1, etc.).

Company Vehicle: Upon successful completion of a motor vehicle report review, you will be eligible to participate in a company vehicle evaluation program, through which you will be assigned a General Motors vehicle to drive and evaluate. Note: program participants are required to purchase/lease a qualifying GM vehicle every four years unless one of a limited number of exceptions applies.

This job may be eligible for relocation benefits.