Jobs · Information Technology · Georgia

Advisor, Information Security GRC

Mercedes-Benz USA · Atlanta, GA · 1 wk ago
Information TechnologyFull-time

About Us

Mercer-Benz USA is responsible for the sales, marketing and service of all Mercedes-Benz and Maybach products in the United States. In our people, you will find tremendous commitment to our corporate values. Our products and employees reflect this dedication. We are looking for diverse top-notch individuals to join the Mercedes-Benz Team and uphold these hallmarks.

Roles and Responsibilities

  • Lead the design, implementation, and continuous improvement of Governance, Risk, and Compliance (GRC) programs to ensure alignment with regulatory requirements, corporate policies, and industry frameworks.
  • Drive a risk-based security posture, ensure sustainable, audit-ready controls while reducing organizational risk and maintaining a defensible compliance position.
  • Provide security governance, risk management, compliance monitoring, and audit management, in close collaboration with the Information Security Officer (ISO), senior leadership, and global cybersecurity stakeholders.
  • Establish and monitor KPIs to proactively identify risk trends through Risk & Business Impact Assessments.
  • Partner with senior leadership to drive a consistent, repeatable, and measurable risk management strategy.
  • Oversee Business Continuity and resiliency programs ensuring organizational readiness.
  • Audit, Compliance & Regulatory Assurance: Ensure audit readiness and drive successful closure of all Audits (corporate, AMBISS and internal assessments).
  • Lead audit planning, execution, and audit preparedness activities, including internal audits and control testing.
  • Leverage AI to predict audit findings, identify control gaps early, and recommend remediation actions.
  • Design and implement controls, policies, and procedures driven by audit requirements.
  • Maintain controls monitoring dashboards and provide transparency on compliance posture.
  • Coordinate with DPO and BISO to ensure adherence to data privacy regulations (state and global).
  • Act as the primary interface with auditors, regulators, and internal compliance stakeholders.
  • Embed security into the software lifecycle and enable secure digital transformation.
  • Integrate AI-driven security testing and code analysis across SDLC and DevSecOps pipelines.
  • Leverage AI for automated vulnerability triage, root cause analysis, and remediation recommendations.
  • Enable "shift-left + auto-fix" capabilities, reducing resolution time through intelligent automation/AI.
  • Drive adoption of AI copilots for developers to enforce secure coding practices in real time.
  • Govern security quality gates with AI-backed risk scoring before production releases.
  • Lead third-party cyber risk management (TPCRM) ensuring vendors meet security and compliance requirements.
  • Conduct cloud security assessments and ensure alignment with enterprise security standards.
  • Define and Implement AI-powered third-party cyber risk management (TPCRM) for continuous vendor monitoring and risk scoring.
  • Establish governance frameworks for AI systems, including model risk, data integrity, and adversarial threats.
  • Leverage AI to analyze vendor risks, detect anomalies, and automate risk mitigation strategies.
  • Support governance and risk management for emerging technologies including AI and digital platforms.
  • Ensure all external and SaaS integrations adhere to corporate security and privacy standards.
  • Drive operational excellence, incident preparedness, and a security-first culture.
  • Develop and maintain enterprise Incident Response plans covering key cyber-attack scenarios.
  • Support cybersecurity incident response activities and post-incident improvements.
  • Lead enterprise-wide security awareness programs including phishing campaigns, training, and annual events.
  • Modernize awareness programs using AI-driven simulations, adaptive phishing campaigns, and behavioral insights.
  • Train application owners and business leaders on security policies, ensuring consistent adoption.

Qualifications

  • Minimum of 10+ years of relevant work experience in IT.
  • Deep knowledge of Information Security Governance, Risk Management, and Compliance frameworks (NIST, ISO 27001, Mercedes-Benz A22 RISE).
  • Strong understanding of enterprise risk management, audit processes, control design, and regulatory compliance.
  • Knowledge of audit methodologies, evidence collection, and control validation techniques.
  • Familiarity with data privacy regulations and frameworks (state, global, GDPR-aligned concepts).
  • Understanding of AI/ML fundamentals and their application in cybersecurity and risk management.
  • Knowledge of AI governance principles, including Model risk, data integrity, and adversarial threats.
  • Ability to create awareness, accountability, and ownership across the organization.
  • Strong ability to deal with conflicts.
  • Experience with networking, SAP Security, cloud-based applications, server hardening/security baseline standards, patch management, and remediations.
  • Experience with Security Operations, Incident Response Identity, and Access Management (MFA, SSO).
  • Excellent written, verbal communication, interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Strong proficiency with common management frameworks, regulatory requirements, and industry-leading practices.
  • Relevant cyber security certifications (CISA/CISM/CISSP preferred).
  • Experience with or willingness to pursue AI-related security certifications is strongly preferred.
  • Pursue Current & Future Mercedes-Benz-mandated certifications.

Similar jobs