Technology Risk Analyst Sr.
Cenlar

Start something good. Empower your career. Become an employee owner at Cenlar.

Employee owners have made Cenlar the nation's leading mortgage loan subservicer. Our unique culture is defined by our core values of respect, trust, integrity and care. Company ownership, a promote-from-within philosophy, and opportunities for continuous professional growth make Cenlar a great place to launch or boost your career. Consider this opportunity to join our team as Technology Risk Analyst Sr.

The role supports the establishment of Cenlar's Technology Risk Management function and helps implement the 2nd level Line-of-Defense (LOD) oversight of Cenlar's Information Technology (IT) related functions and activities across the company. The Analyst utilizes the Technology Risks and Controls framework and matrix (RCM), assists in their development and maintenance working with the staff and leadership of Information Technology (IT) at Cenlar. This position is responsible for helping to implement an ongoing and/or recurring testing and validation process that addresses key IT governance and IT general control measures, as well as testing and validation activities aligned to the approved RCM.

The analyst is responsible for developing and conducting risk management testing measures for IT and expanding those to cover emerging areas such as cloud, rapid development and deployment models, and cybersecurity and understanding risk exposures and updating our Technology Risk and Control Framework to include adequate risk and controls documentation.

This position assists in the development of our Technology Risk and Control Framework to align to regulatory requirements and guidance, including the Federal Financial Institutions Examination Council's (FFIEC) IT Examination Handbook, as well as the FFIEC Cybersecurity Assessment Tool (CAT) and other third-party risks and controls frameworks (e.g., COBIT 5).

Responsibilities:

• Coordinates with Information Technology, Corporate Security, Legal, Compliance, Internal Audit, Finance, Human Resources, and Bank Secrecy Act (BSA)/Anti-Money Laundering AML)/Fraud Loss Protection resources, to facilitate the development of information technology governance, risk measurement, and compliance tracking measures
• Develops and reports on key activity and performance and risk indicators concerning IT risk management
• Assists in managing the inventory of IT and security controls, determining the desired level of assurance that the controls are effective in their application
• Ensures oversight measures cover: Asset Management, Change and Release Management, Physical and Environmental controls, Patch and Vulnerability Management, Inventory and Configuration Management, Virtual Systems Management, Systems Development and Software Acquisition
• Ensures that risk management evaluation and testing activities occur based on leadership direction to cover risks and controls as related to Cenlar's information assets.
• Ensures all activities are in accordance with company and regulatory risk and compliance requirements
• May provide mentoring to analysts on the team
• May review work produced by analysts on the team
• Other duties as assigned

Qualifications:

• Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field required; Master's degree in a related field is advantageous
• CRISC, CISA, CISSP, and/or CISM certification(s) would be advantageous
• Minimum of 5+ or more years of experience in IT risk management, Technology Audit, and/or other IT, security or risk-related positions
• Exposure to technology risk and control frameworks such as COBIT, ISF, ISO27002, NIST, etc.
• Must have familiarity and experience with Sarbanes Oxley (SOX) Section 404/302 Financial Controls; Gramm-Leach-Bliley Act (GLBA), Identity Theft & Red Flags; Federal Financial Institutions Examination Council (FFIEC) guidance; and third party risk assessments involving the review and assessment of Statement on Standards for Attestation Engagements (SSAE) No. 18 - Service Organization Controls (SOC) reports and related or alternative documentation
• Working knowledge of technology governance concepts; policy and standards development; documentation of risk management frameworks and ability to assist in the reporting of IT risk metrics
• Strong understanding of audit and assessment processes and concepts
• Able to effectively interact with technology teams, information security and business representatives
• Competencies in technology controls, emerging threats, information security and cybersecurity
• Strong communication and presentation skills are required

Total Rewards:

As an employee-owner at Cenlar, you'll receive an outstanding benefits package that includes paid medical, dental, and life insurance, 401(k), and tuition assistance as well as opportunities for training and professional advancement.

Cenlar is a drug-free workplace and an equal employment opportunity/affirmative action employer M/F/D/V/SO.

This job has expired.