Information Security GRC Analyst, Sr

About The Position

Requirements

• Minimum of six (6) + years’ experience working in Cybersecurity GRC, policy development, risk management, or a similar field.
• Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust).
• Proficiency in using data analysis and reporting tools (e.g., Excel, Power BI).
• Relevant certifications such as CISM and/or CISA are highly desirable.
• Bachelor’s Degree in Information Security, Computer Science, Information Technology, or a related field preferred.
• Employees located within a commutable distance of our hub offices (Irvine, Scottsdale, Chandler, Southfield, or Plano) are expected to work on-site four days per week.

Nice To Haves

• Relevant certifications such as CISM and/or CISA are highly desirable.

Responsibilities

• Leads the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines.
• Continuously evaluates and updates cybersecurity and IT policies to ensure they remain current and effective.
• Ensures policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX and PCI-DSS).
• Collaborates with teams, working closely with IT, legal, compliance, and other departments, to gain a deep understanding of business needs to ensure cybersecurity policies align with business objectives.
• Transforms complex information and documentation into simple concepts that are easy to understand by the end-users.
• Offers specialized expertise and consultation to cross-functional teams to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommends prioritized, actionable solutions to mitigate risks and enhance loanDepot’s overall security posture.
• Stays informed about the latest cybersecurity threats, trends, and best practices.
• Ensures accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses.
• Benchmarks the organization's policies against industry standards and best practices.
• Develops and implements governance frameworks for cybersecurity policy management.
• Monitors key performance indicators, conducts gap analysis, risk assessments and implements frameworks, as needed.
• Tests and monitors effectiveness of controls.
• Establishes a feedback loop and analyzes metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats.
• Actively leads and supports on internal and external audits and assessments of cybersecurity policies and practices.
• Accountable for ensuring identified audit and assessment findings and actions are tracked to closure.
• Maintains comprehensive documentation of all cybersecurity policies, procedures, and related activities.
• Communicates policy requirements and updates to all relevant stakeholders.
• Identifies opportunities for innovation and improvement in cybersecurity policy and practice.
• Proposes suitable mitigation strategies and verifies the effectiveness of remediation plans.

Benefits

• Comprehensive benefits package including Medical/Dental/Vision
• Wellness program to support both mental and physical health
• Generous paid time off for both exempt and non-exempt positions
• Extensive internal growth and professional development opportunities including tuition reimbursement