Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

IT GRC Program Administrator II

United Wholesale Mortgage

As an IT GRC Program Administrator II at United Wholesale Mortgage, your role involves leading information security initiatives to minimize risk and maximize compliance. Responsibilities will include assessments, management of audit fulfillment and risk remediation, as well as governance of business data and records. You will also play a pivotal role in key programs like Business Continuity/Disaster Recovery, IT Risk Management, Third Party Risk Management, Data Governance, and Security Awareness. Your function extends to monitoring adherence to security controls and compliance standards, spearheading specific initiatives, and nurturing an environment of security awareness through coaching. All planning, coordination, and execution of work assignments will align with the priorities established by the Information Security Team Lead. What You Will Be Doing Maintaining and enhancing corporate policies in line with industry standards and corporate needs. Ensuring effective communication and comprehension of policy obligations across various stakeholders through multiple channels. Regularly reviewing, updating, and modifying policies to align with organizational changes. Improving and managing the implementation of metrics for GRC activities to monitor compliance adherence, risk treatment, and improvement projects. Regularly reporting these metrics and progress to various audiences, including senior leadership. Managing and optimizing a risk register that encapsulates all risks affecting the business and facilitating the gathering and tracking of these risks. Continually refining our approach to risk evaluation and ensuring a common risk communication language across the organization. Regularly monitoring and reassessing organizational risks, adjusting the organization's stance based on in-place controls. Managing and enhancing our third-party risk management program, including refining evaluation criteria, expected evidence, reevaluation timeframe, and remediation processes. Regularly evaluating new and existing vendors based on their criticality to the business and integrating third-party evaluations into workflows. Identifying third-party issues and tracking them till remediation or business acceptance, and effectively managing third-party offboarding obligations. Enhancing data standards, processes, and procedures to ensure data integrity and compliance, conducting regular audits for data accuracy, completeness, and reliability. Collaborating with stakeholders to understand and document data privacy requirements and assisting with the development of data security models and design. Collaborating with IT and business teams to develop a robust IT risk management framework, regularly reviewing and updating this framework in line with emerging trends, threats, and industry best practices such as ISO 27001, NIST, or COSO. Implementing, managing, and enhancing comprehensive GRC frameworks and toolsets, ensuring they align with organizational needs. Supporting incident management activities in accordance with established frameworks, including incident identification, assessment, tracking, and resolution. Developing and delivering GRC-related training to enhance the organization's understanding of concepts related to compliance, risk, and cybersecurity. Facilitating internal and external due diligence requests in accordance with various regulatory agencies and managing the implementation of audit recommendations. Collaborating with legal and regulatory bodies to ensure the organization's cybersecurity program is compliant with all relevant laws, regulations, and industry-standard frameworks. Managing the organization's business continuity planning and disaster recovery efforts in line with accepted frameworks, ensuring plans are regularly updated and tested. Driving the integration of GRC principles and frameworks into the organization's culture and daily activities. Regularly reporting on the status of GRC activities to Senior Leadership and other stakeholders, providing insight into the organization's risk posture, compliance status, and governance effectiveness per established frameworks. Developing and maintaining relationships with external vendors, partners, regulators, and industry bodies to keep abreast of developments in the GRC field, including emerging frameworks and best practices. Qualifications and Requirements Bachelor's Degree in Information Technology, Information Security or equivalent, with preferred certifications in CISA, CISSP, CISM, GSEC, BCP, CGRC, or other relevant information security. 2-4 years of experience in IT compliance, risk management, cybersecurity policy analysis, and audit-related work. Proficiency in managing system development processes, end‑user computing controls, cloud systems, infrastructure management, and information security practices. Knowledge of security/compliance standards such as CIS, NIST, GDPR, GLBA, CCPA, 23 NYCRR 500, IRS 1075, HIPAA. Excellent communication skills, able to articulate complex concepts effectively. Strong analytical and critical thinking skills. Self‑directed, capable of independent work and managing multiple concurrent projects. Keen technology learner with demonstrated ability for identifying potential process improvement opportunities. On‑site presence required. Benefits Paid Time Off (PTO) after just 30 days Additional parental and maternity leave benefits after 12 months Adoption reimbursement program Paid volunteer hours Paid training and career development Medical, dental, vision and life insurance 401(k) with employer match Mortgage discount and area business discounts Free membership to the state‑of‑the‑art fitness center, including exercise classes such as yoga and Zumba, various sports leagues, and a full‑size basketball court Wellness area, including an in‑house primary‑care physician’s office, full‑time massage therapist and hair salon Gourmet cafeteria featuring homemade breakfast and lunch Convenience store featuring healthy grab‑and‑go snacks In‑house Starbucks and Dunkin' Indoor/outdoor café with Wi‑Fi Disclaimer All the above duties and responsibilities are essential job functions subject to reasonable accommodation and change. All job requirements listed indicate the minimum level of knowledge, skills and/or ability deemed necessary to perform the job proficiently. Team members may be required to perform other or different job‑related duties as requested by their team lead, subject to reasonable accommodation. This document does not create an employment contract, implied or otherwise. Employment with UWM is "at‑will." UWM is an Equal Opportunity Employer. #J-18808-Ljbffr United Wholesale Mortgage

Vacancy posted more than 2 months ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to IT GRC Program Administrator II. Be the first to apply!