Onsite in Charlotte for Hybrid model. **3rd Party Security Analyst**Third Party risk and controls – regulatory review for compliance on controls; ** Information protection and security – solid understanding; Business continuity; **SOC reports **Must have excellent communication skills and work well independently and collaboratively. **
The Ally Supply Chain Third Party Risk & Controls IP/BCDR (Information Protection/Security and Business Continuity – Disaster Recovery)
Risk Analyst will function as a Subject Matter Expert in conducting due diligence and ongoing monitoring controls review activities for Ally's third-party relationships. The IP/BCDR Senior Risk Analysts will serve as a primary or secondary SME in one or more risk areas.
The Work Itself
The IP/BCDR Sr. Risk Analyst will function as a Subject Matter Expert in conducting due diligence and ongoing monitoring controls review
activities for Ally's third-party relationships. This position will serve as a primary or secondary SME in one or more risk areas of Information
Protection (Information Security) and Business Continuity/Disaster Recovery.
Responsible for completing reviews of third-party policy documentation and evidence for alignment with Ally’s “Third Party Requirements”
(TPR), regulatory requirements, policies, and industry best practices during the execution of the Control Effectiveness Review (CER).
Responsible for completing CER test scripts documenting the review, providing rationale, writing review summaries assigning a conclusion,
and documenting issues.
Responsible for meeting or exceeding timelines and deliverables and ensuring that documentation and system updates are properly performed.
Responsible for identification/articulation and coding of issues in alignment with Ally Issue Management Policy and procedures.
Responsible for educating and assisting our Business Line customers with understanding of issues, the associated risk, and recommendations and options for remediation.
Responsible for reviewing Issue Action Plans and Remediation evidence and providing necessary SME feedback to close Findings.
Responsible for performing ad hoc requests related to Risk & Controls CER functions.
The Skills You Bring
3+ years of risk management, IP/BCDR examination or audit experience within financial or other regulated industries and professions.(SOC auditors are encouraged to apply.)
Bachelor's degree or equivalent experience required.
Certifications in one or more areas of subject matter expertise such as CRVPM, CASRA, CTPRP, CISM, CISA, CompTIA Security+, GISF, CISSP, CCSP a plus.
General to advanced understanding or third-party regulatory guidance such as OCC 2013-29 and FED SR 13-19a1, Interagency Guidance on Third-Party Relationships: Risk Management, etc.
Strong interpersonal, written, verbal and presentation communication skills with an ability to communicate effectively across business levels (both vertically and horizontally).
Requires minimal supervision or direction to effectively implement deliverables and objectives.
A strong candidate is highly organized with strong attention to detail and has an investigative mindset combined with critical thinking and problem-solving skills to promptly identify gaps in Information Protection and Business Continuity/Disaster Recovery controls and articulate associated risks in a timely manner.
Experience with Microsoft 365, strongly preferred.
US Military Veterans with Intelligence and Risk Analysis, or Information Protection experience is encouraged to apply.