Aufgaben About UsMercedes-Benz USA is responsible for the sales marketing and service of all Mercedes-Benz and Maybach products in the United States. In our people you will find tremendous commitment to our corporate values. Our products and employees reflect this dedication. We are looking for diverse top- notch individuals to join the Mercedes-Benz Team and uphold these hallmarks.The Information Security GRC Lead is responsible for leading the design implementation and continuous improvement of Governance Risk and Compliance GRC programs to ensure alignment with regulatory requirements corporate policies and industry frameworks.This role will drive a risk-based security posture ensure sustainable audit-ready controls while reduce organizational risk and maintaining a defensible compliance position.The GRC Lead provides security governance risk management compliance monitoring and audit management in close collaboration with the Information Security Officer ISO senior leadership and global cybersecurity stakeholders.This role will lead the team through establishing highly effective policies based on the RISE Regulations for Information Security Cybersecurity Framework establishing sustainable processes for assessing and tracking cybersecurity risk performing security control testing and delivering performance metrics and reporting for each program under its management scope.In addition this role requires a forward-thinking person who is committed to evolving into a strong AI-oriented cybersecurity professional capable of leveraging AI and automation to enhance risk detection improve audit efficiency and accelerate remediation outcomes.Roles and ResponsibilitiesGovernance Risk & Compliance GRC· Lead and continuously enhance the Information Security Risk Management Program aligned with Mercedes-Benz A22 RISE policies· Establish governance for secure and responsible adoption of AI AI-on-AI security ensuring compliance with corporate and regulatory expectations· Define implement and enforce security policies standards and control frameworks across business and technology units· Establish and monitor KPIs to proactively identify risk trends through Risk & Business Impact Assessments· Maintain enterprise security architecture aligned with evolving threat landscape and business strategy· Partner with senior leadership to drive a consistent repeatable and measurable risk management strategy· Oversee Business Continuity and resiliency programs ensuring organizational readinessAudit Compliance & Regulatory Assurance· Ensure audit readiness and drive successful closure of all Audits corporate AMBISS and internal assessments· Lead audit planning execution and audit preparedness activities including internal audits and control testing· Use AI to predict audit findings identify control gaps early and recommend remediation actions· Implement AI-driven control validation and evidence collection to accelerate audit cycles and reduce manual effort· Design and implement controls policies and procedures driven by audit requirements· Maintain controls monitoring dashboards and provide transparency on compliance posture· Coordinate with DPO and BISO to ensure adherence to data privacy regulations state and global· Act as the primary interface with auditors regulators and internal compliance stakeholdersAI- Enabled Secure SDLC DevSecOps & Application Security· Embed security into the software lifecycle and enable secure digital transformation· Integrate AI-driven security testing and code analysis across SDLC and DevSecOps pipelines· Leverage AI for automated vulnerability triage root cause analysis and remediation recommendations· Enable shift-left auto-fix" capabilities reducing resolution time through intelligent automationAI· Drive adoption of AI copilots for developers to enforce secure coding practices in real time· Govern security quality gates with AI-backed risk scoring before production releasesAI -Driven Third-Party Cloud & Emerging Technology Security· Lead third-party cyber risk management TPCRM ensuring vendors meet security and compliance requirements· Define and enforce security requirements in procurement processes and vendor onboarding· Conduct cloud security assessments and ensure alignment with enterprise security standards· Define and Implement AI-powered third-party cyber risk management TPCRM for continuous vendor monitoring and risk scoring· Establish governance frameworks for AI systems including model risk data integrity and adversarial threats· Leverage AI to analyze vendor risks detect anomalies and automate risk mitigation strategies· Support governance and risk management for emerging technologies including AI and digital platforms· Ensure all external and SaaS integrations adhere to corporate security and privacy standardsSecurity Operations Governance Incident Readiness & Awareness· Drive operational excellence incident preparedness and a security-first culture· Develop and maintain enterprise Incident Response plans covering key cyber-attack scenarios· Support cybersecurity incident response activities and post-incident improvements· Lead enterprise-wide security awareness programs including phishing campaigns training and annual events· Modernize awareness programs using AI-driven simulations adaptive phishing campaigns and behavioral insightsTrain application owners and business leaders on security policies ensuring consistent adoptionThis position reports to NAFTA Information Security Officer closely working with the Director Cyber Security & Cross Functions. Qualifikationen QualificationsEducationBachelors Degree accredited school or equivalent with emphasis inComputer ScienceInformation TechnologyKnowledge Skills & AbilitiesMinimum of 10 years of relevant work experience in ITExperience in many of the following areasDeep knowledge of Information Security Governance Risk Management and Compliance frameworks NIST ISO 27001 Mercedes-Benz A22 RISEStrong understanding of enterprise risk management audit processes control design and regulatory complianceKnowledge of audit methodologies evidence collection and control validation techniquesFamiliarity with data privacy regulations and frameworks state global GDPR-aligned conceptsUnderstanding of AIML fundamentals and their application in cybersecurity and risk managementKnowledge of AI governance principles including Model risk data integrity and adversarial threatsResponsible AI usage and compliance expectationsDrive adoption of AIautomation to significantly reduce remediation timelines and manual effortsAbility to create awareness accountability and ownership across the organizationSkills to train coach and empower teams to integrate security into daily operationsAbility to translate complex security audit and AI concepts into simple business-relevant outcomesAwareness of automation and analytics tools that enhance risk detection and remediationKnowledge of IT guidelines and corporate IT policies IT standards knowledge of IT organization e.g. for escalation paths for non-standard requestsOverview of current threats risks information security techniques and controls to mitigate themIn-depth knowledge of IT security in particular firewalls protocols encryption authentication and authorization and secure system design and programmingo Experience with MBUSA Mercedes-Benzs work culture and association with IT leadership supervisors and employees would be a big plus.Strong ability to deal with conflictso Driving initiatives and successfully managing scope timeline budgets and quality.o Motivating and inspiring team members.o Experience with Networking SAP Security Cloud-based applications Server hardeningsecurity baseline standards patch management and remediations.o Experience with Security Operations Incident Response Identity and Access Management MFA SSOo Identify and estimate the future needs of the organization through constant interaction with the users and IT leadership conducting regularly scheduled user statusplanning meetingso Excellent written verbal communication interpersonal and collaborative skills and the ability to communicate security and risk-related concepts to technical and non-technical audiences.o Strong proficiency with common management frameworks regulatory requirements and industry-leading practicesCertifications· The ideal candidate must have relevant cyber security certifications. CISACISMCISSP preferred· Experience with or willingness to pursue AI-related security certifications is strongly preferred· The ideal candidate must pursue Current & Future Mercedes-Benz-mandated certifications Additional Information· No SponsorshipVisa Transfer Available· Must be able to work flexible hourswork schedule· Travel Domestic and International· Work Holidays Weekends when requiredEEO StatementMercedes-Benz USA is committed to fostering an inclusive environment that appreciates and leverages the diversity of our team. Accordingly we provide equal employment opportunity EEO to all qualified applicants and employees without regard to race color ethnicity gender age national origin religion marital status and veteran status physical or other disability sexual orientation or gender identity.