Sr. Specialist -- Third Party Cyber Risk
Ally's Third Party Cyber Risk team is expanding our capabilities to include risk monitoring of third parties that handle Ally data or provide essential services to Ally. This team will monitor several hundred suppliers and are responsible for the monitoring, review, escalation and reporting of cyber risks within Ally's supplier base. Using various tools, the team discovers, rates and takes action on items that may pose a risk to Ally or our customers. This team will engage with supplier relationship owner and internal Ally security and compliance teams to address these risks. This team will also generate metrics to provide insight into risk themes and trends across the supplier base.
The Senior Specialist, Cyber Security Monitoring position at Ally is a member of the Business Line Risk Governance (BLRG) team in Information Protection and Risk Management (IPRM).
This Senior Specialist role will be the front line for monitoring and escalating IT risks in the Ally 3rd party supplier base. This role will monitor numerous suppliers for various IT risks and escalate when defined risk limits are reached. The Senior Specialist will define risk setpoints, help create processes to respond to these risks and create metrics to allow Ally to understand their supplier security posture and identify risk trends and themes.
Responsible for monitoring and analysis of external cyber security supplier risks using dedicated monitoring tools and determining reporting or escalation path as required.
Engage Relationship Owners to understand and communicate risk to third party and provide consulting or follow up with them as needed.
Engage Ally risk, fraud and compliance teams in response to monitoring triggers and ensure correct responses are taken and follow up or escalate as needed.
Establish and maintain procedures to respond to various supplier risks.
Establish and maintain criteria for trigger events and thresholds.
Create and maintain metrics for reporting / dashboards.
Identify emerging risks or trends across reported supplier base.
Working knowledge of common information security and technology concepts, risks and best practices related to:
Risk and vulnerability Management
Web and Infrastructure Security
3+ years of Information Technology and Risk experience including:
2+ years of Information Security, Compliance, Risk or Audit experience
1+ years of general or 'hands-on' information technology experience (Network Engineer, System Admin, Database Admin, Programmer, etc.)
Consultative skills with the ability to build collaborative relationships within all levels of an organization
Strong written and oral communication skills including the ability to create organized and articulate reports and presentations from underlying data that are easily understood by teammates and Business Partners
Ability to take ownership of an initiative/issue thru completion
The ability to mentor and lead junior team members.
Experience in the finance / banking industry is a plus
Security, technology or audit/compliance related certifications are a plus
Ally Financial Inc. (NYSE: ALLY) is a leading digital financial services company and a top 25 U.S. financial holding company offering financial products for consumers, businesses, automotive dealers and corporate clients. Ally's legacy dates back to 1919, and the company was redesigned in 2009 with a distinctive brand, innovative approach and relentless focus on its customers. Ally has an award-winning online bank (member FDIC), one of the largest full service auto finance operations in the country, a complementary auto-focused insurance business, a growing digital wealth management and online brokerage platform, and a trusted corporate finance business offering capital for equity sponsors and middle-market companies.
Business Unit/Enterprise Function
Ally's Information Technology (IT) organization is focused on supporting and improving the position of our industry-leading business franchises through cost effective, innovative IT solutions, as well as overseeing critical functions that enable the day-to-day operations of the entire Ally Financial enterprise. IT is also responsible for the administration and execution of information protection, disaster recovery and IT risk management.
Total Rewards Information
Ally's compensation program offers market-competitive base pay and pay-for-performance incentives (bonuses) based on achieving personal and company goals. But Ally's total compensation -- or total rewards -- extends beyond your paycheck and is designed to support and enrich your personal and professional life, including:
Time Away: competitive holiday and flexible paid-time-off, including time off for volunteering and voting.
Planning for the Future: benefits to help you plan for the near and long term including an industry-leading 401K retirement savings plan with matching and company contributions, student loan and 529 educational assistance programs, tuition reimbursement and other financial well-being programs.
Supporting your Health & Well-being: flexible health and insurance options including dental and vision, pre-tax Health Savings Account with employer contributions and a total well-being program that helps you and family stay on track physically, socially, emotionally and financially.
Building a Family: adoption, surrogacy and fertility support as well as benefits that help you take care of your family -- parental and caregiver leave, back-up child and adult/elder day care program and child care discounts.
Work-Life Integration: other benefits including LifeMatters Employee Assistance Program, subsidized and discounted Weight Watchers program and other employee discount programs.
Ally is an Equal Opportunity Employer
Ally is an Equal Opportunity Employer We extend equal employment opportunities to qualified applicants and employees on an equal basis regardless of an individual's age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity or expression, pregnancy status, marital status, military or veteran status, genetic disposition or any other reason protected by law.
Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled