Technology Risk Analyst

Walker & Dunlop

2d•$75,000 - $85,000•Remote

About The Position

We are Walker & Dunlop. We are one of the largest providers of capital to the commercial real estate industry, enabling real estate owners and operators to bring their visions of communities — where people live, work, shop, and play — to life. We are committed to creating meaningful social, environmental, and economic change in our communities. Department Overview WDTech is W&D’s in-house technology team – a group of highly skilled technology professionals, all of whom are leading experts in real estate data, data science, and technology. WDTech Information Security protects W&D's information assets by way of a comprehensive policy framework that oversees and operates cybersecurity countermeasures and technology risk controls. The Impact You Will Have Technology Risk Management is a critical function within Information Security and a key connector across the organization. In this role, you will help operationalize the technology risk program by ensuring risk assessments, control evidence, remediation efforts, and executive reporting are timely, accurate, and audit-ready. You will monitor control performance, enforce security standards, and translate complex technical telemetry into actionable compliance insights. Your work will enable leadership to make informed, risk-adjusted decisions that protect and strengthen our technology environment.

Requirements

Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Risk, Finance/Accounting, or related field (or equivalent practical experience).
3+ years of experience in technology risk, information security, IT audit, compliance, GRC, or IT operations.
Working knowledge of identity and access management principles, including least privilege, multi-factor authentication, and access reviews.
Familiarity with SDLC and change management controls, incident management processes, vulnerability management, and basic security monitoring concepts.
Understanding of third-party risk management practices and penetration testing processes.
General knowledge of networking, operating systems, enterprise IT systems, and cloud computing concepts.
Familiarity with security and risk management frameworks such as NIST and SOC 2.
Proficiency with spreadsheets, documentation platforms, ticketing/work management tools (e.g., Jira), and collaboration tools.
Ability to translate complex security concepts into clear, actionable communication for both technical and non-technical audiences.
Strong organizational, analytical, and critical thinking skills with high attention to detail and commitment to quality.
Demonstrated ability to manage and influence multiple stakeholders across functions through clear written and verbal communication.
Ability to show ownership of your work, take on challenges and acknowledge growth opportunities, and demonstrate patience when learning new processes.
Courtesy, respect, and thoughtfulness in teaming with colleagues and other stakeholders.

Nice To Haves

CRISC, CISA, or similar certification preferred.
Cloud certifications such as AWS Cloud Practitioner or Azure Fundamentals (AZ-900) preferred.

Responsibilities

Align organizational controls to NIST CSF 2.0 and other relevant frameworks, translating policies into measurable technical standards and control requirements.
Maintain continuous SOC 2 Type II readiness by managing the year-round evidence lifecycle and validating control effectiveness across all Trust Services Criteria using GRC tools.
Conduct and support technology and cybersecurity risk assessments across key domains, including IAM, change management, incident response, vulnerability management, logging and monitoring, cloud/SaaS, data protection, endpoint security, and backup/disaster recovery.
Monitor control performance and risk telemetry against established thresholds, proactively identifying, escalating, and addressing at-risk controls before critical failure points are reached.
Lead corrective action plans (CAPs) for identified gaps, partnering with control owners to drive timely remediation and root cause resolution.
Perform risk-based assessments of critical third parties, including SaaS, AI, and cloud providers, evaluating SOC reports and security posture against internal risk standards.
Document control design and operating effectiveness, including process narratives, control mappings, and evidence standards.
Serve as a liaison for internal and external audits, providing clear, defensible documentation and rationale for control decisions.
Develop executive dashboards and reporting that provide visibility into framework alignment, control health, and audit readiness, enabling proactive risk insights for leadership.
Collaborate cross-functionally with business and technology teams to embed security and risk standards into products and services and support timely, comprehensive risk reporting to senior leadership.
Perform other duties as assigned.

Benefits

The opportunity to join one of Fortune Magazine’s Great Places to Work winners from 2015-2023
Comprehensive benefit options that have earned Walker & Dunlop the silver level of the 2022 Cigna Healthy Workforce Designation™, some of which include:
- Up to 83% subsidized medical payroll deductions
- Competitive dental and vision benefits
- 401(k) + match
- Pre-tax transit and commuting benefits
- A robust health and wellness program – earn cash rewards and gain access to resources that promote health, engagement, and balance
- Paid maternity and parental leave, as well as other family paid leave programs
- Company-paid life, short and long-term disability insurance
- Health Savings Account and Healthcare and Dependent Care Flexible Spending
Career development opportunities
Empowerment and encouragement to give back – volunteer hours and donation matching
Eligibility may vary based on average number of hours worked