Ally

About the Company

Ally Financial Inc. (NYSE: ALLY) is a leading digital financial services company and a top 25 U.S. financial holding company offering financial products for consumers, businesses, automotive dealers and corporate clients. NMLS #3015 | #181005 | https://www.nmlsconsumeraccess.org/ Ally's legacy dates back to 1919, and the company was redesigned in 2009 with a distinctive brand, innovative approach and relentless focus on its customers. Ally has an award-winning online bank (Ally Bank, Member FDIC), one of the largest full service auto finance operations in the country, a complementary auto-focused insurance business, and a trusted corporate finance business offering capital for equity sponsors and middle-market companies. We extend equal employment opportunities to qualified applicants and employees on an equal basis regardless of an individual's age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity or expression, pregnancy status, marital status, military or veteran status, genetic disposition or any other reason protected by law. Fast Company's Best Workplace for Innovators, 2021 Crain's Fast 50: Southeast Michigan's Fastest Growing Companies, 2021 Forbes Best Employers for Diversity, 2021 DiversityInc Top 50 Companies for Diversity, 2021 Best Places to Work for LGBTQ Equality, 2020 Adweek Brand Genius Award, 2020 Brand Film Best Employee Engagement Campaign, Moguls in the Making 2020 AdAge Top 10 Marketers of the Year, 2019 DiversityInc Noteworthy Company, 2019

Listed Jobs

Company Name

Ally

Job Title

CSIRT Incident Response Manager

Job Description

**Job Title** CSIRT Incident Response Manager **Role Summary** Lead and coordinate investigations of information security events, drive containment and remediation, maintain and enhance the Cybersecurity Incident Response plan, and ensure compliance with audit and legal requirements. Act as a primary escalation point for PCI environments and collaborate with internal technical teams and external vendors to resolve incidents efficiently. **Expectations** - Minimum 5 years of information security experience. - Strong leadership in incident investigation and response. - Ability to develop and prioritize use cases and improve detection processes. - Effective communication with technical and non‑technical stakeholders. - Commitment to staying current on threat intelligence and security best practices. **Key Responsibilities** - Lead end‑to‑end investigations of security incidents and perform root‑cause analyses. - Direct containment actions and remediation efforts during and after incidents. - Maintain, test, and continuously improve the organization’s Incident Response plan. - Manage audit requirements, track remediation of identified gaps, and ensure timely risk reduction. - Contribute to the creation and prioritization of security use cases and detection rules. - Develop new detection capabilities and refine response processes based on emerging threats. - Coordinate with SOC, CSIRT, technical teams, and third‑party vendors to resolve incidents swiftly. - Document all incidents accurately to satisfy audit, legal, and regulatory obligations. - Serve as the escalation point for PCI‑related monitoring and response activities. **Required Skills** - Deep knowledge of network protocols, server/workstation operating systems, and troubleshooting. - Broad experience with security controls across all layers and protocols. - Hands‑on experience securing multi‑cloud environments, FaaS, and CI/CD pipelines. - Proficiency analyzing large and unstructured data sets to detect anomalies and malicious activity. - Strong familiarity with current security threats, attack techniques, and threat‑intel integration. - Experience with cyber‑threat hunting using SIEM, enterprise search, or similar tools. - Excellent verbal and written communication; strong problem‑solving and troubleshooting abilities. **Required Education & Certifications** - Bachelor’s degree in Information Systems, Computer Science, Cybersecurity, or a related field (or equivalent professional experience). - Relevant security certifications (e.g., CISSP, CISM, GSEC) are preferred but not mandatory.

Charlotte, United states

Hybrid

Mid level

12-10-2025