IT Controls Analyst

About The Position

Requirements

• Bachelor's degree from a four-year college or university
• Two plus years of information technology compliance experience
• SOX and Operational Control testing experience
• Understanding of NIST and COBIT frameworks
• Ability to update policies/procedures based on current operations
• Proficiency with MS Office and email

Nice To Haves

• CPA or CIA a plus
• CISSP (Info System Security Professional), CISM (Info Security Manager) or CISA (Info System Auditor) certification recommended
• Other applicable certifications are a plus
• Mortgage Industry/Financial Regulatory knowledge is a plus
• Five years’ experience in the IT Compliance field in a finance/lending related industry preferred
• Experience with information technology in application development or infrastructure support preferred

Responsibilities

• Perform analysis of internal business as well as external events to ensure organizational risk is properly assessed and meets the organization IT Compliance needs
• Assist with development and implementation of security policies, standards and education efforts
• Maintain all existing policy and procedures to ensure they continue to address all compliance needs
• Draft, implement, and track management action plans
• Collaborate with the Corporate Information Security and IT Controls teams to review security policies, standards, procedures and guidelines
• Business Continuity Plan creation, planning, maintenance and testing
• Disaster Recovery Plan creation, planning, maintenance and testing
• Create and maintain Vendor Risk Assessment templates and evaluations
• Work with stakeholders and subject matter experts on the maintenance and/or development of documentation as a result of audit or compliance findings
• Research privacy-related topics to enhance departmental privacy efforts
• Provide input to the information security awareness, training and education program
• Drive for timely completion of Business Continuity, Disaster Recovery, Vendor Management, Information Security projects to meet business needs
• Responsible for reviewing all official Compliance documentation maintained by the department
• Responsible for weekly status reporting to the IT Cyber Security Risk Officer, escalation of issues and written communication, and presentation materials
• Coordinate work with internal and external audit as needed
• Maintain current knowledge regarding industry compliance regulations, requirements, policies and amendments to regulations
• Develop and maintain positive relationships with IT staff and customers
• Monitor activities to ensure compliance with applicable internal policies, procedures and external regulations including monthly, quarterly and annual account activity review
• Manage day to day compliance risk and make recommendations to management for continuous improvement
• Ensure risk management reviews are conducted
• Conducts all business in a professional and ethical manner to serve customers and increase the goodwill and profit of the company
• Ability to travel overnight

Benefits

• Medical, Dental and Vision
• 401(K)
• Employee Stock Purchase Plan
• Flex Spending Accounts
• Life & Disability Insurance
• Vacation, Sick, Personal Time and Company Holidays
• Multiple Voluntary and Company provided Benefits