IT GRC Program Administrator II

 

As an IT GRC Program Administrator II at United Wholesale Mortgage, your role involves leading information security initiatives to minimize risk and maximize compliance. Responsibilities will include assessments, management of audit fulfillment and risk remediation, as well as governance of business data and records. You will also play a pivotal role in key programs like Business Continuity/Disaster Recovery, IT Risk Management, Third Party Risk Management, Data Governance, and Security Awareness.

 

Your function extends to monitoring adherence to security controls and compliance standards, spearheading specific initiatives, and nurturing an environment of security awareness through coaching. All planning, coordination, and execution of work assignments will align with the priorities established by the Information Security Team Lead.

WHAT YOU WILL BE DOING

• Maintaining and enhancing corporate policies in line with industry standards and corporate needs.
• Ensuring effective communication and comprehension of policy obligations across various stakeholders through multiple channels.
• Regularly reviewing, updating, and modifying policies to align with organizational changes.
• Improving and managing the implementation of metrics for GRC activities to monitor compliance adherence, risk treatment, and improvement projects.
• Regularly reporting these metrics and progress to various audiences, including senior leadership.
• Managing and optimizing a risk register that encapsulates all risks affecting the business and facilitating the gathering and tracking of these risks.
• Continually refining our approach to risk evaluation and ensuring a common risk communication language across the organization.
• Regularly monitoring and reassessing organizational risks, adjusting the organization's stance based on in-place controls.
• Managing and enhancing our third-party risk management program, including refining evaluation criteria, expected evidence, reevaluation timeframe, and remediation processes.
• Regularly evaluating new and existing vendors based on their criticality to the business and integrating third-party evaluations into workflows.
• Identifying third-party issues and tracking them till remediation or business acceptance, and effectively managing third-party offboarding obligations.
• Enhancing data standards, processes, and procedures to ensure data integrity and compliance, conducting regular audits for data accuracy, completeness, and reliability.
• Collaborating with stakeholders to understand and document data privacy requirements and assisting with the development of data security models and design.
• Collaborating with IT and business teams to develop a robust IT risk management framework, regularly reviewing and updating this framework in line with emerging trends, threats, and industry best practices such as ISO 27001, NIST, or COSO.
• Implementing, managing, and enhancing comprehensive GRC frameworks and toolsets, ensuring they align with organizational needs.
• Supporting incident management activities in accordance with established frameworks, including incident identification, assessment, tracking, and resolution.
• Developing and delivering GRC-related training to enhance the organization's understanding of concepts related to compliance, risk, and cybersecurity
• Facilitating internal and external due diligence requests in accordance with various regulatory agencies and managing the implementation of audit recommendations.
• Collaborating with legal and regulatory bodies to ensure the organization's cybersecurity program is compliant with all relevant laws, regulations, and industry-standard frameworks.
• Managing the organization's business continuity planning and disaster recovery efforts in line with accepted frameworks, ensuring plans are regularly updated and tested.
• Driving the integration of GRC principles and frameworks into the organization's culture and daily activities.
• Regularly reporting on the status of GRC activities to Senior Leadership and other stakeholders, providing insight into the organization's risk posture, compliance status, and governance effectiveness per established frameworks.
• Developing and maintaining relationships with external vendors, partners, regulators, and industry bodies to keep abreast of developments in the GRC field, including emerging frameworks and best practices.

WHAT WE NEED FROM YOU

Must Have:

• Bachelor's Degree in Information Technology, Information Security or equivalent, with preferred certifications in CISA, CISSP, CISM, GSEC, BCP, CGRC, or other relevant information security.
• 2-4 years of experience in IT compliance, risk management, cybersecurity policy analysis, and audit-related work.
• Proficiency in managing system development processes, end-user computing controls, cloud systems, infrastructure management, and information security practices.
• Knowledge of security/compliance standards such as CIS, NIST, GDPR, GLBA, CCPA, 23 NYCRR 500, IRS 1075, HIPAA.
• Excellent communication skills, able to articulate complex concepts effectively.
• Strong analytical and critical thinking skills.
• Self-directed, capable of independent work and managing multiple concurrent projects.
• Keen technology learner with demonstrated ability for identifying potential process improvement opportunities.
• Onsite presence required.

THE PLACE & THE PERKS

Ready to join thousands of talented team members who are making the dream of home ownership possible for more Americans? It’s all happening on UWM’s campus, where our award-winning workplace packs plenty of perks and amenities that keep the atmosphere buzzing with energy and excitement.

 

It’s no wonder that out of our six pillars, People Are Our Greatest Asset is number one. It’s at the very heart of how we treat each other, our clients and our community. Whether it’s providing elite client service or continuously striving to improve, our pillars provide a pathway to a more successful personal and professional life.

 

From the team member that holds a door open to the one that helps guide your career, you’ll feel the encouragement and support on day one. No matter your race, creed, gender, age, sexual orientation and ethnicity, you’ll be welcomed here. Accepted here. And empowered to Be You Here.

 

More reasons you’ll love working here include:

• Paid Time Off (PTO) after just 30 days
• Additional parental and maternity leave benefits after 12 months
• Adoption reimbursement program
• Paid volunteer hours
• Paid training and career development
• Medical, dental, vision and life insurance
• 401k with employer match
• Mortgage discount and area business discounts
• Free membership to our large, state-of-the-art fitness center, including exercise classes such as yoga and Zumba, various sports leagues and a full-size basketball court
• Wellness area, including an in-house primary-care physician’s office, full-time massage therapist and hair salon 
• Gourmet cafeteria featuring homemade breakfast and lunch
• Convenience store featuring healthy grab-and-go snacks
• In-house Starbucks and Dunkin
• Indoor/outdoor café with Wi-Fi

DISCLAIMER

All the above duties and responsibilities are essential job functions subject to reasonable accommodation and change. All job requirements listed indicate the minimum level of knowledge, skills and/or ability deemed necessary to perform the job proficiently. Team members may be required to perform other or different job-related duties as requested by their team lead, subject to reasonable accommodation. This document does not create an employment contract, implied or otherwise. Employment with UWM is "at-will." UWM is an Equal Opportunity Employer. By selecting “Apply for this job online” you provide consent to UWM to record phone call conversations between you and UWM to be used for quality control purposes.