IT Governance, Risk and Compliance Analyst

Exceed the expectations of our residential mortgage borrowers & business partners through superior service, simple processes, and effective communications.

We deliver on this mission by empowering our employees by encouraging and recognizing superior performance and innovative solutions, by promoting teamwork and divisional cooperation.

Primary Function

This position is a SME contributor as a part of the Information Security group. This individual must have broad knowledge of security related auditing methodology. This role is a mix of Security Analyst and Auditor. The individual is responsible for Security related tasks including the day-to-day administration of the different information security controls and reviews, creation of new processes and facilitating ongoing audits.

Principal Duties

• Support IT compliance program: Assist in developing, implementing, and executing the Company’s IT compliance program.
• Identify SOX/SOC/Regulatory issues: Determine the proper root cause and provide guidance on potential remediation actions.
• Identify and address audit concerns: Recognize existing or potential issues and conduct further research, as necessary. Examples include: Segregation of Duties (SoD) concerns, improvements to processes, and evidence of approval.
• Collaborate with cross-functional teams: Interface with various departments, consultants, and vendors to participate in SOX/SOC audits and recommendations meetings.
• Liaison with auditors: Facilitate communication with external and internal auditors, acting as a liaison between auditors and the IT department.
• Align policies and procedures: Provide input to align IT and Security policies, standards, and procedures with compliance requirements.
• Support compliance with laws and regulations: Assist process owners, control owners, control performers, and compliance coordinators in ensuring controls are well-defined and compliant with applicable laws and regulations.
• Continuous monitoring: Experience in building control testing and evidence collection to efficiently collect and analyze the effectiveness of controls.
• Evaluate security and controls: Assess the security and controls of various on-premises and cloud-based technologies.
• Create documentation as needed and ensure it reflects a high level of quality.
• Additional duties as required by management.
  
  

Education and Experience

• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience
• Holds or is working toward one or more of the following: CISSP, CISA, CRISC, CGEIT, or GRCP
• At least 3 years' experience in cybersecurity or audit and exposure with various security frameworks.
• Experience and understanding of various regulatory requirements and laws, including but not limited to: SOX, FFIEC and GLBA. Additional experience in one or more of the following: ISO 2700X, ITIL, or NIST.
  
  

Knowledge, Skills, And Abilities

• Knowledge of IT controls and governance frameworks: Demonstrate a fundamental understanding of general computer control areas, IT governance frameworks, and Sarbanes-Oxley
• Experience with internal controls design and implementation: Possess fundamental experience in designing and implementing a system of internal controls, preferably within a large-scale management-led SOX organization.
  
  

While this description is intended to be an accurate reflection of the position’s requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Okta Verify and Microsoft Authenticator. Employment will be contingent on this requirement.

By applying to this position candidate acknowledges that this is not a remote role and is required to be on-site.

Additional Information

While this description is intended to be an accurate reflection of the position’s requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Okta Verify and Microsoft Authenticator. Employment will be contingent on this requirement.

Company Benefits

Newrez is a great place to work but we are only as strong as our greatest asset, our employees, so we believe in rewarding them!

• Medical, dental, and vision insurance
• Health Savings Account with employer contribution
• 401(k) Retirement plan with employer match
• Paid Maternity Leave/Parental Bonding Leave
• Pet insurance
• Adoption Assistance
• Tuition reimbursement
• Employee Loan Program
• The Newrez Employee Emergency and Disaster Fund is a new program to support our team members
  
  

Newrez NOW

• Our Corporate Social Responsibility program, Newrez NOW, empowers employees to become leaders in their communities through a robust program that includes volunteering, philanthropy, nonprofit grants, and more
• 1 Volunteer Time Off (VTO) day, company-paid volunteer day where all eligible employees may participate in a volunteer event with a nonprofit of their choice
• Employee Matching Gifts Program: We will match monetary employee donations to eligible non-profit organizations, dollar-for-dollar, up to $1,000 per employee
• Newrez Grants Program: Newrez hosts a giving portal where we provide employees an abundance of resources to search for an opportunity to donate their time or monetary contributions
  
  

Equal Employment Opportunity

We're proud to be an equal opportunity employer- and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.

CA Privacy Policy

CA Notice at Collection