IT GRC Program Administrator II
United Wholesale Mortgage · Pontiac, MI · 2 wk ago
Customer ServiceFull-time
Responsibilities
- Maintaining and enhancing corporate policies in line with industry standards and corporate needs.
- Ensuring effective communication and comprehension of policy obligations across various stakeholders through multiple channels.
- Regularly reviewing, updating, and modifying policies to align with organizational changes.
- Improving and managing the implementation of metrics for GRC activities to monitor compliance adherence, risk treatment, and improvement projects.
- Regularly reporting these metrics and progress to various audiences, including senior leadership.
- Managing and optimizing a risk register that encapsulates all risks affecting the business and facilitating the gathering and tracking of these risks.
- Continually refining our approach to risk evaluation and ensuring a common risk communication language across the organization.
- Regularly monitoring and reassessing organizational risks, adjusting the organization's stance based on in-place controls.
- Managing and enhancing our third-party risk management program, including refining evaluation criteria, expected evidence, reevaluation timeframe, and remediation processes.
- Regularly evaluating new and existing vendors based on their criticality to the business and integrating third-party evaluations into workflows.
- Identifying third-party issues and tracking them till remediation or business acceptance, and effectively managing third-party offboarding obligations.
- Enhancing data standards, processes, and procedures to ensure data integrity and compliance, conducting regular audits for data accuracy, completeness, and reliability.
- Collaborating with stakeholders to understand and document data privacy requirements and assisting with the development of data security models and design.
- Collaborating with IT and business teams to develop a robust IT risk management framework, regularly reviewing and updating this framework in line with emerging trends, threats, and industry best practices such as ISO 27001, NIST, or COSO.
- Implementing, managing, and enhancing comprehensive GRC frameworks and toolsets, ensuring they align with organizational needs.
- Supporting incident management activities in accordance with established frameworks, including incident identification, assessment, tracking, and resolution.
- Developing and delivering GRC-related training to enhance the organization's understanding of concepts related to compliance, risk, and cybersecurity.
- Facilitating internal and external due diligence requests in accordance with various regulatory agencies and managing the implementation of audit recommendations.
- Collaborating with legal and regulatory bodies to ensure the organization's cybersecurity program is compliant with all relevant laws, regulations, and industry-standard frameworks.
- Driving the integration of GRC principles and frameworks into the organization's culture and daily activities.
- Regularly reporting on the status of GRC activities to Senior Leadership and other stakeholders, providing insight into the organization's risk posture, compliance status, and governance effectiveness per established frameworks.
- Developing and maintaining relationships with external vendors, partners, regulators, and industry bodies to keep abreast of developments in the GRC field, including emerging frameworks and best practices.
Qualifications
- Bachelor's Degree in Information Technology, Information Security or equivalent, with preferred certifications in CISA, CISSP, CISM, GSEC, BCP, CGRC, or other relevant information security.
- 2-4 years of experience in IT compliance, risk management, cybersecurity policy analysis, and audit-related work.
- Proficiency in managing system development processes, end-user computing controls, cloud systems, infrastructure management, and information security practices.
- Knowledge of security/compliance standards such as CIS, NIST, GDPR, GLBA, CCPA, 23 NYCRR 500, IRS 1075, HIPAA.
- Excellent communication skills, able to articulate complex concepts effectively.
- Strong analytical and critical thinking skills.
- Self-directed, capable of independent work and managing multiple concurrent projects.
- Keen technology learner with demonstrated ability for identifying potential process improvement opportunities.
Benefits
- Paid Time Off (PTO) after just 30 days
- Additional parental and maternity leave benefits after 12 months
- Afforded adoption reimbursement program
- Paid volunteer hours
- Paid training and career development
- Medical, dental, vision and life insurance
- 401k with employer match
- Mortgage discount and area business discounts
- Free membership to our large, state-of-the-art fitness center, including exercise classes such as yoga and Zumba, various sports leagues and a full-size basketball court
- Wellness area, including an in-house primary-care physician’s office, full-time massage therapist and hair salon
- Gourmet cafeteria featuring homemade breakfast and lunch
- Convenience store featuring healthy grab-and-go snacks
- Indoor/outdoor café with Wi-Fi