Principal – Cyber Security

Ally Financial only succeeds when its people do - and that’s more than some cliché people put on job postings. We live this stuff! We see our people as, well, people - with interests, families, friends, dreams, and causes that are all important to them. Our focus is on the health and safety of our teammates as well as work‑life balance and diversity and inclusion.

From generous benefits to a variety of employee resource groups, we strive to build paths that encourage employees to stretch themselves professionally. We want to help you grow, develop, and learn new things. You’re constantly evolving, so shouldn’t your opportunities be, too?

Work Schedule:

Ally designates roles as (1) fully on‑site, (2) hybrid, or (3) fully remote. Hybrid roles are generally expected to be in the office a certain number of days per week as indicated by your manager. Your hiring manager will discuss this role’s specific work requirements with you during the hiring process. All work requirements are subject to change at any time based on leader discretion and/or business need.

At Ally, you get a startup feel, but experience the benefits of a company that has worked out the kinks and is fulfilling its purpose. We are always evolving and see that as a good thing. From owning our work to seeing its impact in the real world, our team is relentless in finding new ways technology can help make experiences better and help people.

We are problem solvers, we value diverse thinking, we support one another, and we challenge ourselves to think bigger in the journey to deliver customer‑obsessed tech solutions. To read more about what our tech team does, be sure to visit our tech blog h.

• Work with the Director Cyber Security Lead to ensure the security program addresses identified risks and business requirements.
• Manage the process of gathering, analyzing and assessing the current and future threat landscape, and provide the Director Cyber Security Lead with a realistic overview of risks and threats in the enterprise environment.
• Oversee enterprise‑wide data discovery and classification efforts, ensuring accurate identification and categorization of sensitive information across structured and unstructured data sources.
• Champion data obfuscation strategies, including masking, tokenization, de‑identification, and redaction, to safeguard confidential data in production and non‑production environments.
• Develop and maintain data privacy controls, aligning with regulatory requirements (PCI, SOX, GLBA, NYDFS, Sarbanes‑Oxley, etc.) and internal policies.
• Collaborate with Risk Assessment and Data Governance teams to remediate risk findings and implement mitigation strategies.

• Ensure the organization’s data security posture meets audit and regulatory standards.
• Prepare and validate checklists and documentation for compliance reviews and regulatory exams.
• Stay current on evolving privacy laws and regulations, translating requirements into actionable security controls.

• Design and implement data security solutions for on‑premises and cloud environments (AWS, Azure).
• Manage deployment and sustainment of data security technologies (e.g., Delphix, IBM Optim, BigID, Informatica, Gen Rocket).
• Guide the team in developing and maintaining automated tools for data profiling, masking, and reporting.
• Measure KPI & KRIs against defined objectives and proactively predict potential critical risks.

• Mentor and develop team members, fostering a culture of continuous improvement and innovation.
• Build strong relationships with business, IT, and compliance stakeholders to align security objectives with organizational goals.
• Communicate effectively with technical and non‑technical partners, including senior leadership.
• Design and enhance support processes, perform data analysis, track workflow burndown to meet milestones, and deliver KPI/KRI reporting to improve the stability, resiliency, and performance of business‑critical applications.

• 5+ years in IT, data security,…