Home / Jobs

Lucid Technologies Inc

The Logical Solutions

IT Risk Analyst
Job Title: IT Risk Analyst V
Location: Charlotte, NC 28202

Hybrid: Mandatory 3 days onsite (i.e., Tuesday-Thursday)
Interview process -2 round

Job Description
Technology Business Line Testing Job Description

This role is within the Technology organization functioning as a first line of defense. The role performs tests over the design and effectiveness for Technology, Data, and Information Security process, applications, and infrastructure controls across Ally and risk management practices.

The role will work closely with multiple stakeholders including the Technology leaders and subject matter experts. BL Technology Risk professionals in this role build and manage relationships with subject matters and Technology partners. Partnership and collaboration with Enterprise Risk, Compliance, and Information Security teams is needed evaluate, report, and resolve (as needed) risk and controls.

In this role, individuals are expected to:

Execute and perform test of design and test of effectiveness of Technology, Information Security, and data controls.
Identify gaps in the operational effectiveness and compliance with Policies, Standards, regulatory requirements, and industry best practices.
Develop and present reports and action plans to business partners and senior management resulting from testing.
Evaluate Technology, Cyber Security, and Data Management processes and systems for opportunities to improve compliance with Internal Policies/Standard requirements, alignment to regulatory expectations, process improvement and risk management.
Design, coordinate and oversee testing procedures to verify the security of systems, networks, and applications, and manage the remediation of risks.
Identify process improvement opportunities and develop subsequent plans of action to resolve gaps with minimal management intervention.

  • Completed at least an undergraduate degree in Information Systems, Information Technology, Cybersecurity, or Computer Science
  • 2-4 years of experience in performing audits for Technology or Cybersecurity, Audit, Compliance, and/or Risk Management
  • Perform audits for IT/IS controls which includes evaluate the design and operating effectiveness of the control structure and compliance with internal Policies and Standards, as well as industry guidance
  • Knowledge and understanding of Technology and Cybersecurity industry frameworks and guidance (i.e., NIST, FFIEC, ISO 27001/27002)
  • General understanding of fundamental technology and cyber security principles (e.g., Identity and Access Management, Vulnerability Management, Capacity Management, SDLC, Data Classifications, etc.)
  • Ability to exercise judgement, make conclusions and influence a technology risk mindset with stakeholders
  • Ability to function in a matrix organization and cross-functional team
  • Ability to interact and influence personnel at all levels across the organization including associated to mid-level leadership
  • Attention to detail and maintain relevant risk industry knowledge
  • Critical thinking, problem solving and analytical skills
  • Demonstrated ability to effectively synthesize and communicate ideas and insights across the organization, including with executive leadership
  • Develop and maintain strong working relationships with internal Technology, risk, compliance and audit partners
  • Document test results and provide support for an informed, objective opinion of the risk exposure
  • Communicate testing results, observations, and recommendations verbally and in writing
  • Engage directly with Business Line to understand business offerings, processes and procedures
  • Work effectively with peers and leaders while maintaining independence necessary to fulfill Technology review and testing responsibilities
  • Escalate and report technology and operational risks concerns as necessary
  • Proficient use of Microsoft Office products: Word, Excel, PowerPoint, and SharePoint
  • Identify emerging technology risks and lead the dialog among stakeholders
  • Proficient written and verbal communication
  • Monitor and drive Information Technology’s adherence to enterprise policies
  • Review management action plans to assess effectiveness of proposed remediation and appropriateness of the timeline
  • Strong detail orientation with ability to research, compile, and report on data
  • Understanding of different types of systems (e.g., applications, servers, virtual servers, APIs, SaaS, Cloud computing)

Meeting notes:
Performing the audit
Testing design
ITRA Background
Audit Function
Industry Framework 
Fundamental Principles
test of designing and effectiveness
IAM Management 
Vulnerability Management
Financial Experience is helpful
Charlotte or Detroit (Charlotte Preference)
certification will be great -CRISC, CISA, CISSP 

Thanks & Regards

Siva Krishna D
Sr. US IT Recruiter
Lucid Technologies Inc
E: siva.d@lucidtechinc.com
O: 214-385-4144 Ext: 218
F: 214-889-5857
W: www.LucidTechINC.com