VP Information Security

About The Position

Requirements

• Bachelor’s Degree from an accredited college or equivalent work experience
• 6+ years of relevant work experience in IT, Compliance, Risk and/or Audit
• Extensive, hands-on experience in SOC-2 assessments and the generation of SOC-2 reports.
• Proven experience in technology risk management, internal controls, or IT audit roles.
• Strong understanding of risk assessment methodologies and control frameworks.
• Strong knowledge of relevant regulations and reporting standards (e.g., NYDFS, GLBA, NIST CSF, CRI Profile, CCPA, SOC 2, various financial/sector-specific regulations).
• Practical experience with and strong understanding of AWS cloud technologies and security services.
• Demonstrated ability to develop, implement, and maintain IT policies and procedures.
• Excellent analytical, problem-solving, and decision-making skills.
• Must be a team player with strong attention to detail and able to work independently.
• Ability to manage multiple priorities and meet deadlines in a fast-paced environment.
• Strong analytical thinking, process management and quality control.
• Excellent critical thinking, problem solving, and sound judgment.
• Exceptional written and verbal communication skills, with the ability to articulate complex risk concepts to both technical and non-technical audiences.
• Strong business acumen and ability to interface with executive management.
• Must be highly proficient in GSuite or Microsoft Excel, Word, and PowerPoint.

Responsibilities

• Serve as a member of the 2nd Line of Defense, identifying, assessing, and monitoring technology risks associated with IT infrastructure processes.
• Collaborate with IT Infrastructure leadership to provide comprehensive governance and support for technology risks, issues, and the lifecycle of policies and procedures.
• Perform controls testing activities with a focus on Information Security and the software development and release process against established policies, procedures, and controls to ensure adherence, effectiveness, and identify areas for improvement.
• Use in-depth knowledge of SOX compliance, SOC-2 reporting, privacy laws and IT security, as well as strong customer skills, to serve as the SOC-2 subject matter expert.
• Provide expert guidance and support to development and operations teams on integrating risk management principles into daily operations and new projects including risk reporting, remediation plans, and follow-up on action items.
• Develop and oversee risk assessments based on Pennymac’s ERM framework.
• Stay current with emerging technology risks, regulatory changes, and industry trends related to cloud infrastructure, data management, and cybersecurity.
• Demonstrates behaviors which are aligned with the organization’s desired culture and values.
• Perform other related duties as required and assigned.

Benefits

• Comprehensive Medical, Dental, and Vision
• Paid Time Off Programs including vacation, holidays, illness, and parental leave
• Wellness Programs, Employee Recognition Programs, and onsite gyms and cafe style dining (select locations)
• Retirement benefits, life insurance, 401k match, and tuition reimbursement
• Philanthropy Programs including matching gifts, volunteer grants, charitable grants and corporate sponsorships