CONTRACT: Security Analyst III

CONTRACT: Security Analyst III in Charlotte, North Carolina Posted 09/15/21

• Top 25 U.S. digital financial services company committed to developing award-winning technology and services.
• Named one of the top three fastest-growing banking brands in the U.S. in 2020.
• Offers a full suite of products including mortgage lending, personal lending, and a variety of deposit and other banking products (savings, money-market, and checking accounts, certificates of deposit (CDs), and individual retirement accounts (IRAs)), self-directed and investment-advisory services, and capital for equity sponsors and middle-market companies.

• Understand Ally's control environment and build effective tests against identified controls.
• Perform testing for IT/IS controls which includes assessing the design and operating effectiveness of the control structure and compliance with policies and standards
• Document test results and provide support for an informed, objective opinion of the risk exposure
• Draft testing observations and provide recommendations to management both verbally and in writing
• Review management action plans to assess effectiveness of proposed remediation and appropriateness of the timeline
• Identify emerging technology risks and lead the dialog among stakeholders to ensure that these risks are considered for entry into the IT risk register
• Identify integration points across teams and facilitate discussions to ensure alignment of milestones, deliverables, and key tasks
• Develop and maintain strong working relationships with internal business partners and Business Line Executive Leadership
• Engage directly with Business Line to understand business offerings, processes and procedures; work effectively with Business Line associates while maintaining independence necessary to fulfill IPRM's review and testing responsibilities
• Monitor and drive Information Technology's adherence to enterprise policies
• Establish processes and cadences for independent monitoring and testing of Information Technology's controls and processes and drive timely execution and completion of IPRM monitoring and testing responsibilities
• Prepare and deliver presentations to IT and IPRM management as appropriate
• Escalate and report technology and operational risks concerns as necessary

• 2-4 years of experience in Quality Assurance/Quality Control, IT Risk Management, or Information Security
• Experience in the banking industry, preferred
• Ability to interact with a variety of internal and external people in a professional manner that creates confidence in his/her knowledge and abilities and helps foster mutually satisfactory resolution to risk gaps and issues.
• Knowledge and experience in performing assessments aligned with regulatory standards
• Knowledge of and experience with developing and implementing risk management related processes
• Strong detail orientation with ability to research, compile, and report on data
• Ability to work effectively as a member of a cross-functional team
• Demonstrated ability to effectively synthesize and communicate ideas and insights across the organization, including with executive leadership
• Organized, energetic, motivated, and action-oriented
• Excellent analytical and organizational skills, ability to establish priorities
• Strong written and verbal communication skills
• Ability to multi-task and comfortable working in an evolving and dynamic environment (agile based)
• Proficiency in MS Office applications, including Outlook, Word, Excel and PowerPoint