Technology Compliance & Vendor Management Analyst

The Technology Compliance & Vendor Management Analyst is responsible for safeguarding the integrity of Novus Home Mortgage's technology environment through disciplined risk management, regulatory readiness, and overall vendor governance. This role serves as the primary technology compliance liaison for all internal and external audit activity, manages the company's IT risk assessment program, and maintains policy alignment with applicable federal and state regulatory requirements. Operating at the intersection of technology, operations, and compliance, this individual contributor role requires the ability to communicate effectively across all levels of the organization while managing multiple regulatory relationships simultaneously.

ESSENTIAL DUTIES and RESPONSIBILITIES:

IT Audit Coordination 

• Serve as the primary coordinator for all internal IT audit activity, partnering with external audit

firms to plan, schedule, and facilitate the execution of technology-focused audits. 

• Manage the end-to-end audit lifecycle including evidence collection, stakeholder preparation,

finding documentation, remediation tracking, and close-out reporting. 

• Maintain a consolidated audit calendar and ensure cross-functional teams are informed of

upcoming audit activities, timelines, and required deliverables. 

• Track and report on the status of open audit findings and management responses to the CTO

and relevant stakeholders on a regular cadence.

Technology Risk Assessment 

• Own and maintain the enterprise IT risk assessment program, producing and updating risk

assessments on a scheduled and event-driven basis. 

• Collaborate with Information Security team members to align risk assessment methodologies

with applicable frameworks and industry standards. 

• Translate risk findings into actionable reporting for the CTO and ELT, clearly articulating risk

posture, trends, and mitigation priorities. 

• Monitor the technology risk landscape for emerging threats, regulatory changes, or operational

shifts that warrant reassessment. 

Policy Management 

• Maintain and administer the full library of technology-related policies and standards, ensuring

documents remain current, accurate, and aligned with regulatory expectations. 

• Establish and manage a recurring policy review cycle, coordinating with stakeholders across

Technology, Compliance, Legal, and Operations to review, update, and ratify policy content. 

• Identify gaps between existing policies and evolving regulatory or industry requirements and

drive resolution in partnership with relevant subject matter experts. 

• Communicate policy updates to impacted teams and support the development of training or

awareness materials as needed.

Vendor Management 

• Administer the vendor management program, owning the end-to-end vendor lifecycle inclusive

of onboarding due diligence, ongoing oversight, periodic reassessment, and offboarding. 

• Conduct and document technology vendor risk assessments, evaluating vendors against

defined criteria including security posture, business continuity, data handling practices, and  

regulatory compliance. 

• Maintain the vendor inventory and associated risk ratings, ensuring records are current and

accessible for internal and regulatory review. 

• Coordinate with General Counsel and Legal on contract-related matters while retaining

ownership of the risk and compliance dimensions of vendor relationships. 

• Monitor vendor performance against service level expectations and escalate concerns to the

CTO and appropriate stakeholders. 

Regulatory Examination Management 

• Serve as the primary technology point of contact for all regulatory examinations conducted by

the FDIC, Fannie Mae, Freddie Mac, and the Wisconsin Department of Financial Institutions (WDFI). 

• Coordinate the preparation, scheduling, and execution of regulatory technology examinations,

ensuring internal stakeholders are briefed and examination materials are accurate and complete. 

• Manage examiner data requests, document production, and interview coordination throughout

the examination process. 

• Track and drive resolution of any examination findings or matters requiring attention (MRAs)

within required timeframes, reporting progress to the CTO and Compliance leadership. 

• Maintain examination readiness as a continuous posture rather than an event-driven activity,

conducting periodic self-assessments and gap analyses in anticipation of scheduled exams. 

An individual in this position must be able to successfully perform the essential duties and responsibilities listed above. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position. 

KNOWLEDGE, SKILLS AND ABILITIES:

• Working knowledge of technology risk assessment practices and the ability to produce and
• present risk reporting to senior leadership.
• Strong written and verbal communication skills with the ability to translate complex technical and regulatory concepts for non-technical audiences.

QUALIFICATIONS:

• 5 years of progressive experience in technology risk, IT compliance, vendor management, or a

related discipline within financial services, mortgage lending, or a regulated banking environment. 

• Demonstrated experience coordinating IT audits and managing regulatory examination

processes, including evidence gathering, examiner communications, and finding remediation. 

• Experience administering a vendor management program including due diligence, ongoing

oversight and risk-tiered reassessment processes. 

• Familiarity with regulatory expectations for technology within FDIC-affiliated institutions; working

knowledge of or exposure to the FFIEC IT Examination Handbook is a plus. 

• Experience in the mortgage lending industry and familiarity with GSE (Fannie Mae / Freddie

Mac) technology expectations are preferred.  Requires education generally equivalent to a high school diploma.

• Experience using Microsoft Office products (i.e. Word, Excel, Outlook, PowerPoint, SharePoint).

This is an on-site position located in Brookfield, WI.