Technology GRC Analyst

Guild Mortgage Company, closing loans and opening doors since 1960. As a mortgage banking firm, we are dedicated to serving the homeowner/buyer. Our goal is to provide affordable home financing for our customers, utilizing the best terms available while providing a level of professionalism and service unsurpassed in the lending industry.

Position Summary

The Technology GRC Analyst plays an important role in the organization by performing several activities related to the company’s Information Technology Risk, Governance, Crisis Management, Business Continuity, and Incident Response functions. The position is responsible for performing IT GRC Team tasks for technology incident response, risk management and business continuity including but not limited to 1) risk identification, analysis, and remediation, 2) disaster recovery analysis and planning, 3) business continuity analysis and planning, 4) business impact analysis, 5) IT incident response management and reporting, 6) GRC documentation, measurement, and reporting.

Essential Functions

• Create, maintain, and disseminate Incident Management policies and procedures.
• Act as primary point of contact for stakeholders to report internal application incidents.
• Help to contact and organize essential resources during an active application incident.
• Collaborate with business and IT leaders to gather and organize key pieces of information (root cause analysis, impact analysis, severity analysis, incident solution) into an Incident Report after an application incident has occurred.
• Conduct Lessons Learned/post-incident meetings with the technology and business teams.
• Track and report on active incident mitigation efforts and post-incident remediation efforts.
• Manage process improvement projects for the Incident Management process.
• Serve as Subject Matter Expert (SME) for Incident management, Business Continuity Management and Risk Management processes and solutions.
• Assist in the development and exercising of business continuity and disaster recovery plans.
• Review existing disaster recovery, crisis management, and/or business continuity plans; test documented disaster recovery strategies and plans.
• Analyze impact on, and risk to, essential business functions or information systems to identify acceptable recovery time periods and resource requirements.
• Create various business disruption test scenarios and pro-actively develop plans to re-establish operations and enable business recovery from these situations.
• Provide support and expertise during live events.
• Support the development and maintenance of information security policies, standards, procedures, and guidelines.
• Manage, measure, analyze, and create treatment plans for risks on IT Risk Register.
• Assist with periodic review and maintenance of the IT Risk Register.
• Collaborate with IT Risk Manager, Risk Owners, and Internal Stakeholders to identify risk treatment options.
• Work closely with project managers and teams to provide input and clarification on risk remediation requirements.
• Coordinate regular assessment, testing, and documentation of existing controls.
• Proactively identify risks, vulnerabilities, deficient controls, and process gaps during day-to-day operations.
• Assist with audits and regulatory examination cycles for company; monitor the disposition/resolution of issues resulting from audits and examinations.
• Continuously improve the IT Risk Management Program.
• Produce deliverables, specifically process flows, procedure documentation, reports, gap analysis, metrics, measurements, and written communications.
• Participate in high-level discussions to identify and respond to business risks and ensure that the line of business staff understands key risk concepts and their relevance to core business practice.
• Work with IT teams to foster a risk focused mindset and understand the IT Risk Management Program.
• Interpret government regulations and applicable codes to ensure compliance.
• Identify opportunities for strategic improvement or mitigation of business interruption and other risks; make recommendations to leadership accordingly.
• Stay abreast of trends, tools, and changes related to field of expertise
• Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; benchmarking state-of-the-art practices; participating in professional societies
• Perform other duties as assigned to support IT GRC Team operations.

Qualifications

• Required: Bachelor’s Degree in Computer Science, Security, Information Technology, or related field; along with a minimum of 6 years’ experience as an IT Professional in IT Operations, Project Management, Business Continuity, Risk and/or Audit.
• Demonstrable skills within Risk Management, Governance, Compliance, Crisis and Incident Management.
• Experience with NIST, FFIEC, CIS, or comparable risk/security framework.
• Experience with, or conceptual understanding of information technology systems, cloud computing, development practices, business continuity, backups, disaster recovery and IT security.
• Self-starter with excellent analytical, communication and interpersonal skills.
• Willingness to create strong internal and external working relationships at all levels.
• Able to clearly communicate technical concepts to both technical and non-technical audiences.
• Advanced skills with MS Office suite.
• Experience with data analytic tools such as PowerBI, JIRA, Confluence, and Sharepoint is a plus.
• Experience with Governance, Risk, and Compliance tools such as Workiva, Archer, or similar is a plus.
• Desirable Certifications: Associate or Certified Business Continuity Planner (ABCP or CBCP), Certified Risk Information Systems Control (CRISC), Governance, Risk & Compliance Professional (GRCP)

Requirements

Physical: Work is primarily sedentary; occasionally walks and/or stands.

Manual Dexterity:  Frequent use of computer keyboard and mouse.

Audio/Visual:  Ability to accurately interpret sounds and associated meanings at a volume consistent with interpersonal conversation. Regularly required to accurately perceive, distinguish and interpret information received visually and through audio, e.g., words, numbers and other data broadcasted aloud/viewed on a screen, as well as print and other media.              

Environmental:  Office environment – no substantial exposure to adverse environmental conditions.

Guild offers a pleasant work environment, competitive compensation and excellent benefits package, including medical, dental, vision, life insurance, AD&D, LTD and 401(k) with employer match.

Guild Mortgage Company is an Equal Opportunity Employer.

Targeted Salary Range: $86,000 - $118,000 annually

Compensation at Guild is influenced by a wide array of factors including but not limited to local and federal minimum wage requirements, education, level of experience, and applicant’s geographical location.

REQ#: TECHN016510