IT Governance, Risk and Compliance Analyst

IT Governance, Risk and Compliance Analyst page is loaded## IT Governance, Risk and Compliance Analyst locations:
TX, Coppelltime type:
Full time posted on:
Posted Yesterday job requisition :
R9053## Exceed the expectations of our residential mortgage borrowers & business partners through superior service, simple processes, and effective communications.## We deliver on this mission by empowering our employees by encouraging and recognizing superior performance and innovative solutions, by promoting teamwork and divisional cooperation.# Primary Function This position is a SME contributor as a part of the Information Security group. This individual must have broad knowledge of security related auditing methodology.

This role is a mix of Security Analyst and Auditor. The individual is responsible for Security related tasks including the day-to-day administration of the different information security controls and reviews, creation of new processes and facilitating ongoing audits.

Principal Duties:
* Support IT compliance program:
Assist in developing, implementing, and executing the Company’s IT compliance program.
* Identify SOX/SOC/Regulatory issues:
Determine the proper root cause and provide guidance on potential remediation actions.
* Identify and address audit concerns:
Recognize existing or potential issues and conduct further research, as necessary. Examples include:
Segregation of Duties (SoD) concerns, improvements to processes, and evidence of approval.
* Collaborate with cross-functional teams:
Interface with various departments, consultants, and vendors to participate in SOX/SOC audits and recommendations meetings.
* Liaison with auditors:
Facilitate communication with external and internal auditors, acting as a liaison between auditors and the IT department.
* Align policies and procedures:
Provide input to align IT and Security policies, standards, and procedures with compliance requirements.
* Support compliance with laws and regulations:
Assist process owners, control owners, control performers, and compliance coordinators in ensuring controls are well-defined and compliant with applicable laws and regulations.
* Continuous monitoring:
Experience in building control testing and evidence collection to efficiently collect and analyze the effectiveness of controls.
* Evaluate security and controls:
Assess the security and controls of various on-premises and cloud-based technologies.
* Create documentation as needed and ensure it reflects a high level of quality.
* Additional duties as required by management.#

Education and Experience
* Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent industry experience
* Holds or is working toward one or more of the following: CISSP, CISA, CRISC, CGEIT, or GRCP
* At least 3+ years' experience in cybersecurity or audit and exposure with various security frameworks.
* Experience and understanding of various regulatory requirements and laws, including but not limited to: SOX, FFIEC and GLBA. Additional experience in one or more of the following: ISO 2700X, ITIL, or NIST.# Knowledge, Skills, and Abilities
* Knowledge of IT controls and governance frameworks:
Demonstrate a fundamental understanding of general computer control areas, IT governance frameworks, and Sarbanes-Oxley
* Experience with internal controls design and implementation:
Possess fundamental experience in designing and implementing a system of internal controls, preferably within a large-scale management-led SOX organization.

While this description is intended to be an accurate reflection of the position’s requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Okta Verify and Microsoft Authenticator. Employment will be contingent on this requirement.
** By applying to this position candidate acknowledges that this is not a remote role and is required to be on-site.
**** Additional Information:
** While this…