This position is part of a newly created team that will focus on enterprise information technology, information security, cybersecurity, and technology risks. The role will be tasked with assisting with sharing and implementing risk frameworks, best practices and solutions. In addition, the team will work with IT and Business partners across the company to provide an enterprise-wide view of technology risk, to assist management in identifying and monitoring risks and KRIs, and to recommend appropriate action when situations exceed the risk tolerance of the company.
Essential Job Functions:
- Assist and advise in the development, communication, and execution of an information technology risk management roadmap, risk framework, and risk methodologies as well as policies, procedures, tolerances, and KRIs.
- Partner with Information Technology to establish, maintain, and advise on the Risk and Control Self-Assessment for the identification, assessment, measurement, and monitoring of enterprise information technology, information security, cybersecurity, and technology risks.
- Manage and assist in the selection, development, use, and on-going maintenance of GRC tool.
- Perform targeted and advisory risk assessment that establishes the risk level of associated risks and/or areas.
- Provide oversight and advise on risk management activities and first line monitoring.
- Manage and conduct control assessments and periodic monitoring of the information technology’s and lines of business’ critical systems, business applications and technology.
- Manage, test, and evaluate policies, procedures, controls, standards, and procedures to identify gaps and to recommend opportunities for control enhancements.
- Develop documentation, as necessary, of defined control procedures and environment and responsible for ensuring required documentation of risk control reviews is properly maintained.
- Evaluate risk level and adequacy of controls to ensure risks are appropriately mitigated.
- Identify key risk indicators and establish monitoring reports and develop analysis and reporting to identify and communicate risk insights.
- Advise on and maintain oversight of department’s remediation efforts for risk exposures, gaps, and deficiencies and complete remediation testing to assess effectiveness of improved controls.
- Manage annual SOC audits and the completion of SOC reports for the enterprise.
- Develop and cultivate close working relationships with Executive and Senior partners in Information Technology, Information Security, and Internal Audit and Risk Management personnel.
- Act as a Risk representative within initiatives or project and participate in new business system initiatives, ensuring understanding of controls and adequacy of documentation.
- Provide effective and concise communication to all levels of management as it relates to risk levels associated with the business areas.
- Stay abreast of changing requirements that impact information technology areas to ensure appropriate and timely change management.
Other Related Duties:
Performs other related duties as assigned.
- Aware and knowledgeable of changing requirements and industry risk trends.
- Ability to interpret and communicate all internal or external regulations, policies, and/or procedures.
This position has no supervisory responsibilities.
To perform this job successfully, an individual must be able to perform each essential function satisfactorily. An individual must have proficient experience and knowledge in the areas within the role. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.
Education and/or Experience:
- Bachelor’s degree from a Four (4) year College or University and 7-10 years related experience and/or training; or equivalent combination of education and experience.
- Knowledge and direct experience using IT and Cyber Security Risk Frameworks such COBIT, NIST, COSO, FFIEC, ISO, etc. is required.
- Knowledge and direct experience with Risk Management including risk framework/methodology development, risk identification, assessment, mitigation, monitoring, and reporting including understanding regulatory requirements and expectations related to risk management.
- Certified Risk Manager (CRM)
- Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
- Certified Internal Auditor (CIA) or Certified Regulatory Compliance Manager (CRCM) is a plus
- Experience with GRC software is required.
- Experience in mortgage and/or financial services is preferred.
- Must be operations oriented with strong project management skills.
Certificates, Licenses, Registrations:
Certified Risk Manager (CRM)
Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)
Career development and advancement
Working at Freedom, you have the chance to invest in yourself. From on-the-job training to advancement opportunities, and from tuition assistance to our annual internal leadership conference, we’re focused on upskilling, achieving, and celebrating.Learn More
We run huge company-sponsored donation events and contests, as well as offer paid volunteer time so you can commit your support to the causes which you care about most.Learn More
Holidays and paid time off
We offer ample paid time off including multiple paid holidays — because your downtime and well-being are just as important to us as your time in work mode.Learn More
Our salaries are competitive — rewarding your experiences, contributions, and hard work. We also have a 401K plan which provides a matching contribution.Learn More
We offer several medical benefits plans and options to choose from including dental, vision, disability and life insurance, dependent care and flexible spending.Learn More
Pets are part of the family too! We offer comprehensive vet insurance to make sure your cats are cared for, your pups are prioritized, and your lizards looked-after.Learn More
**This is a remote position. ** Summary The Director of Property Risk Management is responsible for oversight of the company’s property valuation controls, third party appraiser, and appraisal managemen…
This position is remote. Summary: The regulatory analyst supports the HMDA and Fair Lending division within Freedom mortgage through the research, development, and reporting of regulatory data. The analy…
Sr. Underwriter This position is remote. Soar With Us Flying ahead of the flock for over 30 years, we at Freedom Mortgage…
Summary Oversee the process of imaging loan documents into the Freedom Mortgage Electronic Document Management System. Essential Job Functions: Sort incoming ma…
Government Underwriter This position is remote. Soar With Us Flying ahead of the flock for over 30 years, we at Freedom Mortgage have taken millions of Americans un…
Summary The Change Management Analyst is responsible for reviewing, researching, and deciphering regulatory and compliance material to translate for Servicing Management. The Change Management Analyst identifies new regulations and using d…
Freedom Mortgage Corporation is seeking a technical lead with experience designing and developing distributed, cloud-based software applications and services in a technically diverse environment. The candidate will join an application architectu…
The Special Loans Supervisor is responsible for the day to day activities of the special loans teams as it relates to the servicing of special products, including but not limited to Adjustable Rate Mortgages, Step Rate Loans, Buydown Loans, Part…
Summary The Loss Mitigation Supervisor will be responsible, directly or through staff, for protecting the assets of the company in bankruptcies, repossessions and other legal proceedings. This position plans, directs, supervises …