Job Description :
Position: Data Security Analyst
Location: Charlotte, NC
Pay- $55/hr on W2 - No benefits
Job Responsibilities
Evaluate third party supplier risk information security controls and ensure they are aligned with Ally internal standards
Evaluate data at rest internal and determine if the appropriate data protection controls are in place
Respond to requests to transmit data outside the firm and validate data protection controls are applied
Apply corporate methodologies relating to information security as well as the Operational Risk Management Methodology and approaches
Develop data protection control recommendations for use by Global Supply Chain, Information Protection and Risk Management, line of business personnel, and various risk councils within Ally
Participate in developing quantitative risk models to assist with communicating and evaluating risk
Enter and track findings in enterprise systems (e.g., Ariba, OpenPages)
Participate in the development and improvement of assessment methodology and tools
Maintain subject matter expertise in information security as well as supplier management
Provide advice to Sourcing Consultants, Legal, etc. to on risk areas during contract negotiations
Assess supplier controls in regards to the specific services they are providing to Ally.
Examples of analysis include:
o Review data protection controls for data at rest, in-motion and in-use
o Review supplier policies, standards & procedures
o Review supplier responses to supplier risk questionnaire and review all pertinent artifacts
o Review independent assessments conducted by risk and compliance organizations
o Assess supplier information technology general controls or review assessments thereof
o Discuss risk and controls with suppliers and Ally risk managers to clarify as needed
o Conduct on-site supplier inspections of supplier controls
o Participate in quantitative analysis to evaluate risk.
Qualifications
Experience in the banking industry; preferably at a large bank holding company (BHC)
Experience with SQL reporting and R-Coding
Experience with Imperva and Titus tools to perform data scans for assigning data classification labels
Understanding of federal banking guidelines/requirements
Knowledge of:
o Information systems' security risks and controls
o Federal Financial Institutions Examination Council (FFIEC) guidance and work plans
o Recognized information security-related standards such as ISO2700x, COBIT, PCI-DSS
o Compliance aspects of GLBA, EU Data Protection Directive, Sarbanes-Oxley, and other relevant laws and regulations
Industry certification preferred (e.g., CISSP, CISM)
BS/BA or equivalent experience required
Ability to interact with a variety of internal and external people in a professional manner that creates confidence in his/her knowledge and abilities and helps foster mutually satisfactory resolution to risk gaps and issues