IT Controls Engineer

About The Position

Requirements

• Bachelor’s degree in information systems, Computer Science, Cybersecurity, or a related field required; equivalent experience may be considered.
• 3–5 years of experience in IT Risk Management, IT Controls, IT Audit, or GRC functions within financial services or a technology-driven organization.
• Hands-on experience with ServiceNow IRM or other GRC platforms, including risk, control, and issue management; UCF integration experience preferred.
• Experience performing RCSA, control testing, and issue management, with familiarity in frameworks such as NIST CSF, ISO 27001, COBIT, FFIEC CAT, and GLBA/NYDFS.
• Working knowledge of data analytics and SQL scripting to support control testing and risk reporting.
• Professional certifications such as CRISC, CISA, CISSP, or ITIL Foundation preferred.
• Demonstrates knowledge of, adherence to, monitoring, and responsibility for compliance with applicable regulatory and framework requirements including NIST CSF, ISO 27001, COBIT, FFIEC CAT, and GLBA/NYDFS Part 500.
• Demonstrates knowledge of IT Risk Management and Governance principles, including execution of RCSA, identification of key risks and controls, and assessment of residual risk exposure.
• Demonstrates hands-on experience performing control testing, including evidence collection, validation of control design and operating effectiveness, and documentation of results.
• Demonstrates understanding of core IT control domains, including but not limited to, access management, change management, configuration management, asset management, backup and recovery, vulnerability management, network security and operations, SDLC, product management, and data management.
• Demonstrates proficiency in data analytics and SQL scripting to extract, analyze, and validate data supporting risk assessments, control testing, and issue verification activities.
• Demonstrates experience maintaining and reporting on IT Risk Registers, metrics, and dashboards that communicate risk posture, control performance, and issue remediation progress.
• Demonstrates practical experience using GRC tools, preferably ServiceNow IRM, for documenting risks, controls, and issues; maintaining workflow integrity; and generating governance reports.
• Analytical and problem-solving skills with the ability to evaluate complex data, identify control gaps or process weaknesses, and recommend actionable improvements.
• Project management skills with the ability to manage multiple assessments, control testing activities, and reporting deliverables simultaneously.
• Relationship-building and influencing skills with the ability to communicate risk and control concepts clearly to technical and non-technical audiences.
• Effective organizational and time-management skills with the ability to balance competing priorities and meet deadlines in a dynamic environment.
• Exceptional verbal, written, and interpersonal communication skills with attention to accuracy, clarity, and documentation quality.
• Ability to prepare and deliver formal and informal presentations to management, audit, or governance committees regarding risk assessment and control testing results.
• Intermediate to advanced proficiency with Microsoft Office applications (Excel, Word, PowerPoint, Outlook) and familiarity with data visualization tools such as Power BI or Tableau.
• Ability to work independently with minimal supervision while maintaining accountability for assigned deliverables and quality standards.
• Demonstrates knowledge of Unified Compliance Framework (UCF) principles and the ability to support integration of UCF content into ServiceNow IRM to align control mappings, automate evidence collection, and standardize compliance reporting.

Responsibilities

• Execute IT RCSA by coordinating with control owners to identify, assess, and document key risks, controls, and residual risk ratings.
• Support ongoing IT risk management by maintaining the Risk Register, performing risk assessments across processes, applications, and infrastructure, and monitoring changes in risk exposure.
• Track and validate remediation of issues and findings from RCSA, audits, and assessments; collaborate with issue owners to define corrective action plans and ensure timely resolution.
• Generate and maintain risk reports, dashboards, and metrics for management and governance committees, ensuring data integrity and traceability within the system of record (e.g., ServiceNow IRM).
• Apply knowledge of GRC and IT control frameworks (NIST CSF, ISO 27001, COBIT, FFIEC CAT, GLBA/NYDFS) to ensure consistent alignment of assessments, controls, and reporting.
• Support internal and external audit activities by providing control documentation, evidence, and status updates.
• Identify and recommend process and tool enhancements to improve efficiency, automation, and overall GRC program maturity in collaboration with IT, Security, Data, and Risk partners.

Benefits

• Competitive compensation package based on experience, skillset and overall fit for #TeamloanDepot.
• Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive
• Work with other passionate, purposeful, and customer-centric people
• Extensive internal growth and professional development opportunities including tuition reimbursement
• Comprehensive benefits package including Medical/Dental/Vision
• Wellness program to support both mental and physical health
• Generous paid time off for both exempt and non-exempt positions