Advisor, Information Security GRC
About Us
Mercedes-Benz USA is responsible for the sales, marketing and service of all Mercedes-Benz and Maybach products in the United States. In our people, you will find tremendous commitment to our corporate values. Our products and employees reflect this dedication. We are looking for diverse top- notch individuals to join the Mercedes-Benz Team and uphold these hallmarks.
The Information Security GRC Lead is responsible for leading the design, implementation, and continuous improvement of Governance, Risk, and Compliance (GRC) programs to ensure alignment with regulatory requirements, corporate policies, and industry frameworks.
This role will drive a risk-based security posture, ensure sustainable, audit-ready controls while reduce organizational risk and maintaining a defensible compliance position.
The GRC Lead provides security governance, risk management, compliance monitoring, and audit management, in close collaboration with the Information Security Officer (ISO), senior leadership, and global cybersecurity stakeholders.
This role will lead the team through establishing highly effective policies based on the RISE (Regulations for Information Security) Cybersecurity Framework, establishing sustainable processes for assessing and tracking cybersecurity risk, performing security control testing, and delivering performance metrics and reporting for each program under its management scope.
In addition, this role requires a forward-thinking person who is committed to evolving into a strong AI-oriented cybersecurity professional, capable of leveraging AI and automation to enhance risk detection, improve audit efficiency, and accelerate remediation outcomes.
Roles and Responsibilities\:
Governance, Risk & Compliance (GRC)
· Lead and continuously enhance the Information Security Risk Management Program aligned with Mercedes-Benz A22 RISE policies
· Establish governance for secure and responsible adoption of AI (AI-on-AI security) ensuring compliance with corporate and regulatory expectations
· Define, implement, and enforce security policies, standards, and control frameworks across business and technology units
· Establish and monitor KPIs to proactively identify risk trends through Risk & Business Impact Assessments
· Maintain enterprise security architecture aligned with evolving threat landscape and business strategy
· Partner with senior leadership to drive a consistent, repeatable, and measurable risk management strategy
· Oversee Business Continuity and resiliency programs ensuring organizational readiness
Audit, Compliance & Regulatory Assurance
· Ensure audit readiness and drive successful closure of all Audits (corporate, AMBISS and internal assessments)
· Lead audit planning, execution, and audit preparedness activities, including internal audits and control testing
· Use AI to predict audit findings, identify control gaps early, and recommend remediation actions
· Implement AI-driven control validation and evidence collection to accelerate audit cycles and reduce manual effort
· Design and implement controls, policies, and procedures driven by audit requirements
· Maintain controls monitoring dashboards and provide transparency on compliance posture
· Coordinate with DPO and BISO to ensure adherence to data privacy regulations (state and global)
· Act as the primary interface with auditors, regulators, and internal compliance stakeholders
AI- Enabled Secure SDLC, DevSecOps & Application Security
· Embed security into the software lifecycle and enable secure digital transformation
· Integrate AI-driven security testing and code analysis across SDLC and DevSecOps pipelines
· Leverage AI for automated vulnerability triage, root cause analysis, and remediation recommendations
· Enable “shift-left + auto-fix” capabilities, reducing resolution time through intelligent automation/AI
· Drive adoption of AI copilots for developers to enforce secure coding practices in real time
· Govern security quality gates with AI-backed risk scoring before production releases
AI -Driven Third-Party, Cloud & Emerging Technology Security
· Lead third-party cyber risk management (TPCRM) ensuring vendors meet security and compliance requirements
· Define and enforce security requirements in procurement processes and vendor onboarding
· Conduct cloud security assessments and ensure alignment with enterprise security standards
· Define and Implement AI-powered third-party cyber risk management (TPCRM) for continuous vendor monitoring and risk scoring
· Establish governance frameworks for AI systems, including model risk, data integrity, and adversarial threats
· Leverage AI to analyze vendor risks, detect anomalies, and automate risk mitigation strategies
· Support governance and risk management for emerging technologies including AI and digital platforms
· Ensure all external and SaaS integrations adhere to corporate security and privacy standards
Security Operations Governance, Incident Readiness & Awareness
· Drive operational excellence, incident preparedness, and a security-first culture
· Develop and maintain enterprise Incident Response plans covering key cyber-attack scenarios
· Support cybersecurity incident response activities and post-incident improvements
· Lead enterprise-wide security awareness programs including phishing campaigns, training, and annual events
· Modernize awareness programs using AI-driven simulations, adaptive phishing campaigns, and behavioral insights
Train application owners and business leaders on security policies, ensuring consistent adoption
This position reports to NAFTA Information Security Officer, closely working with the Director Cyber Security & Cross Functions.