IT Controls Engineer

Description

Position Summary:

Responsibilities:

• Execute IT RCSA by coordinating with control owners to identify assess and document key risks controls and residual risk ratings.
• Support ongoing IT risk management by maintaining the Risk Register performing risk assessments across processes applications and infrastructure and monitoring changes in risk exposure.
• Track and validate remediation of issues and findings from RCSA audits and assessments; collaborate with issue owners to define corrective action plans and ensure timely resolution.
• Generate and maintain risk reports dashboards and metrics for management and governance committees ensuring data integrity and traceability within the system of record (e.g. ServiceNow IRM).
• Apply knowledge of GRC and IT control frameworks (NIST CSF ISO 27001 COBIT FFIEC CAT GLBA/NYDFS) to ensure consistent alignment of assessments controls and reporting.
• Support internal and external audit activities by providing control documentation evidence and status updates.
• Identify and recommend process and tool enhancements to improve efficiency automation and overall GRC program maturity in collaboration with IT Security Data and Risk partners.

Requirements:

• Bachelors degree in information systems Computer Science Cybersecurity or a related field required; equivalent experience may be considered.
• 35 years of experience in IT Risk Management IT Controls IT Audit or GRC functions within financial services or a technology-driven organization.
• Hands-on experience with ServiceNow IRM or other GRC platforms including risk control and issue management; UCF integration experience preferred.
• Experience performing RCSA control testing and issue management with familiarity in frameworks such as NIST CSF ISO 27001 COBIT FFIEC CAT and GLBA/NYDFS.
• Working knowledge of data analytics and SQL scripting to support control testing and risk reporting.
• Professional certifications such as CRISC CISA CISSP or ITIL Foundation preferred.
• Demonstrates knowledge of adherence to monitoring and responsibility for compliance with applicable regulatory and framework requirements including NIST CSF ISO 27001 COBIT FFIEC CAT and GLBA/NYDFS Part 500.
• Demonstrates knowledge of IT Risk Management and Governance principles including execution of RCSA identification of key risks and controls and assessment of residual risk exposure.
• Demonstrates hands-on experience performing control testing including evidence collection validation of control design and operating effectiveness and documentation of results.
• Demonstrates understanding of core IT control domains including but not limited to access management change management configuration management asset management backup and recovery vulnerability management network security and operations SDLC product management and data management.
• Demonstrates proficiency in data analytics and SQL scripting to extract analyze and validate data supporting risk assessments control testing and issue verification activities.
• Demonstrates experience maintaining and reporting on IT Risk Registers metrics and dashboards that communicate risk posture control performance and issue remediation progress.
• Demonstrates practical experience using GRC tools preferably ServiceNow IRM for documenting risks controls and issues; maintaining workflow integrity; and generating governance reports.
• Analytical and problem-solving skills with the ability to evaluate complex data identify control gaps or process weaknesses and recommend actionable improvements.
• Project management skills with the ability to manage multiple assessments control testing activities and reporting deliverables simultaneously.
• Relationship-building and influencing skills with the ability to communicate risk and control concepts clearly to technical and non-technical audiences.
• Effective organizational and time-management skills with the ability to balance competing priorities and meet deadlines in a dynamic environment.
• Exceptional verbal written and interpersonal communication skills with attention to accuracy clarity and documentation quality.
• Ability to prepare and deliver formal and informal presentations to management audit or governance committees regarding risk assessment and control testing results.
• Intermediate to advanced proficiency with Microsoft Office applications (Excel Word PowerPoint Outlook) and familiarity with data visualization tools such as Power BI or Tableau.
• Ability to work independently with minimal supervision while maintaining accountability for assigned deliverables and quality standards.
• Demonstrates knowledge of Unified Compliance Framework (UCF) principles and the ability to support integration of UCF content into ServiceNow IRM to align control mappings automate evidence collection and standardize compliance reporting.

Why work for #teamloanDepot:

• Competitive compensation package based on experience skillset and overall fit for #TeamloanDepot.
• Inclusive diverse and collaborative culture where people from all backgrounds can thrive
• Work with other passionate purposeful and customer-centric people
• Extensive internal growth and professional development opportunities including tuition reimbursement
• Comprehensive benefits package including Medical/Dental/Vision
• Wellness program to support both mental and physical health
• Generous paid time off for both exempt and non-exempt positions

About loanDepot: