Jobs · Customer Service · Michigan

IT GRC Program Administrator II

United Wholesale Mortgage · Pontiac, MI · 2 wk ago
Customer ServiceFull-time

Responsibilities

  • Maintaining and enhancing corporate policies in line with industry standards and corporate needs.
  • Ensuring effective communication and comprehension of policy obligations across various stakeholders through multiple channels.
  • Regularly reviewing, updating, and modifying policies to align with organizational changes.
  • Improving and managing the implementation of metrics for GRC activities to monitor compliance adherence, risk treatment, and improvement projects.
  • Regularly reporting these metrics and progress to various audiences, including senior leadership.
  • Managing and optimizing a risk register that encapsulates all risks affecting the business and facilitating the gathering and tracking of these risks.
  • Continually refining our approach to risk evaluation and ensuring a common risk communication language across the organization.
  • Regularly monitoring and reassessing organizational risks, adjusting the organization's stance based on in-place controls.
  • Managing and enhancing our third-party risk management program, including refining evaluation criteria, expected evidence, reevaluation timeframe, and remediation processes.
  • Regularly evaluating new and existing vendors based on their criticality to the business and integrating third-party evaluations into workflows.
  • Identifying third-party issues and tracking them till remediation or business acceptance, and effectively managing third-party offboarding obligations.
  • Enhancing data standards, processes, and procedures to ensure data integrity and compliance, conducting regular audits for data accuracy, completeness, and reliability.
  • Collaborating with stakeholders to understand and document data privacy requirements and assisting with the development of data security models and design.
  • Collaborating with IT and business teams to develop a robust IT risk management framework, regularly reviewing and updating this framework in line with emerging trends, threats, and industry best practices such as ISO 27001, NIST, or COSO.
  • Implementing, managing, and enhancing comprehensive GRC frameworks and toolsets, ensuring they align with organizational needs.
  • Supporting incident management activities in accordance with established frameworks, including incident identification, assessment, tracking, and resolution.
  • Developing and delivering GRC-related training to enhance the organization's understanding of concepts related to compliance, risk, and cybersecurity.
  • Facilitating internal and external due diligence requests in accordance with various regulatory agencies and managing the implementation of audit recommendations.
  • Collaborating with legal and regulatory bodies to ensure the organization's cybersecurity program is compliant with all relevant laws, regulations, and industry-standard frameworks.
  • Driving the integration of GRC principles and frameworks into the organization's culture and daily activities.
  • Regularly reporting on the status of GRC activities to Senior Leadership and other stakeholders, providing insight into the organization's risk posture, compliance status, and governance effectiveness per established frameworks.
  • Developing and maintaining relationships with external vendors, partners, regulators, and industry bodies to keep abreast of developments in the GRC field, including emerging frameworks and best practices.

Qualifications

  • Bachelor's Degree in Information Technology, Information Security or equivalent, with preferred certifications in CISA, CISSP, CISM, GSEC, BCP, CGRC, or other relevant information security.
  • 2-4 years of experience in IT compliance, risk management, cybersecurity policy analysis, and audit-related work.
  • Proficiency in managing system development processes, end-user computing controls, cloud systems, infrastructure management, and information security practices.
  • Knowledge of security/compliance standards such as CIS, NIST, GDPR, GLBA, CCPA, 23 NYCRR 500, IRS 1075, HIPAA.
  • Excellent communication skills, able to articulate complex concepts effectively.
  • Strong analytical and critical thinking skills.
  • Self-directed, capable of independent work and managing multiple concurrent projects.
  • Keen technology learner with demonstrated ability for identifying potential process improvement opportunities.

Benefits

  • Paid Time Off (PTO) after just 30 days
  • Additional parental and maternity leave benefits after 12 months
  • Afforded adoption reimbursement program
  • Paid volunteer hours
  • Paid training and career development
  • Medical, dental, vision and life insurance
  • 401k with employer match
  • Mortgage discount and area business discounts
  • Free membership to our large, state-of-the-art fitness center, including exercise classes such as yoga and Zumba, various sports leagues and a full-size basketball court
  • Wellness area, including an in-house primary-care physician’s office, full-time massage therapist and hair salon
  • Gourmet cafeteria featuring homemade breakfast and lunch
  • Convenience store featuring healthy grab-and-go snacks
  • Indoor/outdoor café with Wi-Fi

Similar jobs

IT System Administrator II

Penn Community BankPerkasie, PA· 1 mo ago
Information Technologyapply on penncommunitybank.wd501.myworkdayjobs.com

IT Systems Administrator II

BAE Systems, Inc.Manchester, NH· 2 days ago
Information Technology$79k–$135k/yrapply on jobs.baesystems.com

IT Systems Administrator II

BAE Systems, Inc.Merrimack, NH· 2 days ago
Information Technology$79k–$135k/yrapply on jobs.baesystems.com