The Information Security GRC Lead is responsible for leading the design, implementation, and continuous improvement of Governance, Risk, and Compliance (GRC) programs to ensure alignment with regulatory requirements, corporate policies, and industry frameworks This role will drive a risk-based security posture, ensure sustainable, audit-ready controls while reduce organizational risk and maintaining a defensible compliance position The GRC Lead provides security governance, risk management, compliance monitoring, and audit management, in close collaboration with the Information Security Officer (ISO), senior leadership, and global cybersecurity stakeholders This role will lead the team through establishing highly effective policies based on the RISE (Regulations for Information Security) Cybersecurity Framework, establishing sustainable processes for assessing and tracking cybersecurity risk, performing security control testing, and delivering performance metrics and reporting for each program under its management scope In addition, this role requires a forward-thinking person who is committed to evolving into a strong AI-oriented cybersecurity professional, capable of leveraging AI and automation to enhance risk detection, improve audit efficiency, and accelerate remediation outcomes Roles and Responsibilities: Governance, Risk & Compliance (GRC)  Lead and continuously enhance the Information Security Risk Management Program aligned with Mercedes-Benz A22 RISE policies  Establish governance for secure and responsible adoption of AI (AI-on-AI security) ensuring compliance with corporate and regulatory expectations  Define, implement, and enforce security policies, standards, and control frameworks across business and technology units  Establish and monitor KPIs to proactively identify risk trends through Risk & Business Impact Assessments  Maintain enterprise security architecture aligned with evolving threat landscape and business strategy  Partner with senior leadership to drive a consistent, repeatable, and measurable risk management strategy  Oversee Business Continuity and resiliency programs ensuring organizational readiness Audit, Compliance & Regulatory Assurance  Ensure audit readiness and drive successful closure of all Audits (corporate, AMBISS and internal assessments)  Lead audit planning, execution, and audit preparedness activities, including internal audits and control testing  Use AI to predict audit findings, identify control gaps early, and recommend remediation actions  Implement AI-driven control validation and evidence collection to accelerate audit cycles and reduce manual effort  Design and implement controls, policies, and procedures driven by audit requirements  Maintain controls monitoring dashboards and provide transparency on compliance posture  Coordinate with DPO and BISO to ensure adherence to data privacy regulations (state and global)  Act as the primary interface with auditors, regulators, and internal compliance stakeholders AI- Enabled Secure SDLC, DevSecOps & Application Security  Embed security into the software lifecycle and enable secure digital transformation  Integrate AI-driven security testing and code analysis across SDLC and DevSecOps pipelines  Leverage AI for automated vulnerability triage, root cause analysis, and remediation recommendations  Enable "shift-left + auto-fix" capabilities, reducing resolution time through intelligent automation/AI  Drive adoption of AI copilots for developers to enforce secure coding practices in real time  Govern security quality gates with AI-backed risk scoring before production releases AI -Driven Third-Party, Cloud & Emerging Technology Security  Lead third-party cyber risk management (TPCRM) ensuring vendors meet security and compliance requirements  Define and enforce security requirements in procurement processes and vendor onboarding  Conduct cloud security assessments and ensure alignment with enterprise security standards  Define and Implement AI-powered third-party cyber risk management (TPCRM) for continuous vendor monitoring and risk scoring  Establish governance frameworks for AI systems, including model risk, data integrity, and adversarial threats  Leverage AI to analyze vendor risks, detect anomalies, and automate risk mitigation strategies  Support governance and risk management for emerging technologies including AI and digital platforms  Ensure all external and SaaS integrations adhere to corporate security and privacy standards Security Operations Governance, Incident Readiness & Awareness  Drive operational excellence, incident preparedness, and a security-first culture  Develop and maintain enterprise Incident Response plans covering key cyber-attack scenarios  Support cybersecurity incident response activities and post-incident improvements  Lead enterprise-wide security awareness programs including phishing campaigns, training, and annual events  Modernize awareness programs using AI-driven simulations, adaptive phishing campaigns, and behavioral insights Train application owners and business leaders on security policies, ensuring consistent adoption This position reports to NAFTA Information Security Officer, closely working with the Director Cyber Security & Cross Functions Qualifications Education: Bachelor's Degree (accredited school) or equivalent with emphasis in: Computer Science/Information Technology Knowledge, Skills & Abilities:  Minimum of 10+ years of relevant work experience in IT  Experience in many of the following areas:  Deep knowledge of Information Security Governance, Risk Management, and Compliance frameworks (NIST, ISO 27001, Mercedes-Benz A22 RISE)  Strong understanding of enterprise risk management, audit processes, control design, and regulatory compliance  Knowledge of audit methodologies, evidence collection, and control validation techniques  Familiarity with data privacy regulations and frameworks (state, global, GDPR-aligned concepts)  Understanding of AI/ML fundamentals and their application in cybersecurity and risk management  Knowledge of AI governance principles, including Model risk, data integrity, and adversarial threats  Responsible AI usage and compliance expectations  Drive adoption of AI/automation to significantly reduce remediation timelines and manual efforts  Ability to create awareness, accountability, and ownership across the organization  Skills to train, coach, and empower teams to integrate security into daily operations  Ability to translate complex security, audit, and AI concepts into simple, business-relevant outcomes  Awareness of automation and analytics tools that enhance risk detection and remediation  Knowledge of IT guidelines and corporate IT policies, IT standards, knowledge of IT organization (e.g., for escalation paths for non-standard requests)  Overview of current threats, risks, information security techniques, and controls to mitigate them  In-depth knowledge of IT security, in particular firewalls, protocols, encryption, authentication and authorization, and secure system design and programming o Experience with MBUSA, Mercedes-Benz's work culture, and association with IT leadership, supervisors, and employees would be a big plus  Strong ability to deal with conflicts o Driving initiatives and successfully managing scope, timeline, budgets, and quality o Motivating and inspiring team members o Experience with Networking, SAP Security, Cloud-based applications, Server hardening/security baseline standards, patch management, and remediations o Experience with Security Operations, Incident Response Identity, and Access Management (MFA, SSO) o Identify and estimate the future needs of the organization through constant interaction with the users and IT leadership, conducting regularly scheduled user status/planning meetings o Excellent written, verbal communication, interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences o Strong proficiency with common management frameworks, regulatory requirements, and industry-leading practices Certifications:  The ideal candidate must have relevant cyber security certifications. CISA/CISM/CISSP preferred  Experience with or willingness to pursue AI-related security certifications is strongly preferred  The ideal candidate must pursue Current & Future Mercedes-Benz-mandated certifications Additional Information  No Sponsorship/Visa Transfer Available  Must be able to work flexible hours/work schedule  Travel Domestic and International  Work Holidays, Weekends when required