Sr Information Technology Risk Analyst - IT Services

Overview

Why GMF Technology?

GM Financial is set to change the auto finance industry and is leading the path of embarking on tech modernization - we have a startup mindset, and preserve our small company culture, in a public company environment with financial stability and intense growth over a decade-long history. We are data junkies and trust in data and insights to advance our business objectives.

We take our goal of zero emission, zero collision, zero congestion, and zero friction very seriously. We believe as the auto finance market leader we are in the driver's seat to lead us in the GM EV mission to change the world.

We are building global platforms, LATAM, Europe, China - and we are looking to grow our high-performing team. GMF is comprised of over 10,000 team members globally. Join our fintech culture within a Blue-Chip company where we are changing the way we use technology to support our customers and business.

Responsibilities

About the role:

The IT Risk Analyst is responsible for proactively and independently recognizing, assessing and documenting risk assessments report data for GMF. This team member is responsible for the assessment document gathering and development, monitoring, tracking and drive continuous risk improvements across the enterprise. This role is integral in identifying, mitigating both inherent and residual risks, performing risk assessments of applications, infrastructure, business and technology against GMF's defined risk management framework. The position's overall responsibility is evaluating business and IT risk, communicate findings, recommendations and mitigation plans in a timely and precise manner. The ideal candidate should be passionate about continuing to build an IT Risk Management and Assessment program, willing to adapt to a changing environment and the ability to articulate complex issues to management. Understand, communicate, and commit to the organization's vision, goals and strategies relating to risk, governance and compliance. The Sr IT Risk Analyst will work to improve the overall posture of Information Technology Risk at GM Financial.

JOB DUTIES

• Schedule and perform IT risk and gap assessments using risk methodology; identify and document control deficiencies in business processes and technology systems

• Develop and execute compliance reviews to evaluate the effectiveness of general controls and operating processes, including documentation, presentations and action plan remediation assistance

• Work with business to understand the potential risk findings identified through the risk assessment process

• Provide risk remediation recommendations that the business and IT may implement to mitigate the identified control gaps

• Evaluate management and document owner responses to ensure that remediation plans and tasks adequately address identified control gaps

• Document risk issues in a designated risk register

• Participate in and influence information risk continuous process improvement

• Develop strong partnerships across our organization

• Strong interaction and collaboration with project management and technical teams to convey risk mitigation requirements

• Assist with repeatable data collection processes to drive consistent measurement and reporting of risk metrics

• Leverage data to identify emerging risks, process improvements, and/or areas requiring increased risk focus

• Develop business specific key risk and key performance indicators to keep pulse on significant risks within the line of business

• Provide services to IT personnel in the development of policy, standard, and process

• Analyze and interpret audit request to provide consultation and expert advice on how to formally respond and remediate issues

• Maintain GMF's IT risks, controls, policies, standards and action plans using the Governance, Risk and Compliance systems (GRC)

• As the Sr IT Risk Analyst, you will provide leadership and subject matter expertise to ensure risk is being identified and reviewed within GMF and compliant with company security policies and practices

• Utilize a risk based approach to set requirements for recommended remediation

• Work with internal project managers and security architects and engineers in determining if new designs and projects will expose data, risk or threats

• Actively participate in IT governance committees across GMF

• Perform other duties as assigned

• Conform with all company policies and procedures

Qualifications

What makes you a dream candidate?

Knowledge

• Advanced working knowledge of financial industry best practices and concepts, as it relates to IT and the financial industry sector

• Proficient in the use of Microsoft Office products (Excel, PowerPoint, Word, Access, Visio)

• Knowledgeable in industry laws and regulations governing GMF (eg SOX)

• Knowledge of principles and procedures involved in handling sensitive data

• High integrity and business ethics

• Knowledge of enterprise Governance, Risk and Compliance systems (eg, Archer)

• Proficient knowledge of enterprise policies and standards

Skills

• Detail oriented, self-motivated, work with little supervision, timely completions of projects, adapts to changing priorities

• Strong ability to influence through discussions and presentations to all levels of stakeholders

• Can articulate business requirements and functional risk specifications clearly, as well as listen to and considers others' ideas and expertise for risk resolution

• Exhibit effective written and oral communication, to convey information in a clear and concise manner

• Work efficiently and effectively, with the ability to work through stressful situations

• Ability to analyze relevant and complex data and information into risk requirements

• Superior organizational and time management skills

• Ability to work independently and make sound decisions while meeting time sensitive deadlines

Experience and Education

• 5-7 years in technology, specifically focused in IT Risk Assessments, Compliance and Internal Audit, reviewing and testing controls as integral components of risk and compliance identification required

• Extensive experience analyzing enterprise-wide risk and executing mitigation plans accordingly required

• Experience writing user documentation required

• Financial Services industry experience preferred

• Bachelor's Degree in related field or equivalent work or military experience required

• CRISC, CISA, CIPP certification preferred

What We Offer: Generous benefits package available on day one to include: 401K matching, bonding leave for new parents (12 weeks, 100% paid), tuition assistance, training, GM employee auto discount, community service pay and nine company holidays.

Our Culture: Our team members define and shape our culture - an environment that welcomes innovative ideas, fosters integrity, and creates a sense of community and belonging. Here we do more than work - we thrive.

Compensation: Competitive pay and bonus eligibility.

Work Life Balance: Flexible hybrid work environment, 2 days a week in the office.

#LI-Hybrid

#LI-SG1