POSITION SUMMARY:

The Senior Technology Risk Analyst is responsible for supporting the organization's risk governance direction and elevating the company's overall risk posture. The Senior Technology Risk Analyst is expected to manage and mature the enterprise risk register and drive high-quality risk assessments across new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems and emerging technologies to ensure risks are accurately identified, assessed, documented, and monitored.

The role oversees the business' risk and compliance obligations mandated by regulatory standards such as the Gramm-Leach-Bliley Act (GLBA) and Sarbanes-Oxley Act (SOX). In partnership with security leadership, the analyst continuously evaluates the assurance of the risk management program. The Senior Technology Risk Analyst tracks remediation progress validates the accuracy of risk entries and enforces resolution of outstanding issues that may lead to non-compliance or security threats. The analyst must focus on risk governance and corporate resiliency and not be driven solely by compliance.

DESCRIPTION:

Essential Functions, Duties, and Responsibilities

• Conduct enterprise-wide, ongoing risk identification and risk assessments in tandem with compliance and security teams.
• Maintain full oversight and administration of the enterprise risk register within the GRC platform.
• Identify strengths and weaknesses in the risk and security program as they relate to security, business resiliency, and compliance frameworks.
• Document, formulate, and enforce areas of risk-related improvement that balance business operations with appropriate risk reduction.
• Maintain strong oversight of third-party, vendor, and business-partner risks and update the risk register to reflect identified issues or required remediation.
• Analyze and assess risk findings and document, recommend, and report program gaps and risk trends to security leadership.
• Monitor current and proposed regulatory, privacy, and security changes and ensure associated risks are captured within the risk register.
• Apply GRC expertise across key lines of business to ensure consistent and accurate risk scoring, control mapping, and risk treatment planning.
• Define qualitative and quantitative metrics to assess the success of the risk program and provide regular reports to security and business leadership.
• Ensure teams maintain up-to-date documentation for systems, controls, and processes that support the risk assessment lifecycle.
• Participate in incident response by documenting incident-related risks, tracking occurrences, and ensuring proper closure within the risk register.
• Work in tandem with security, audit, and risk management leadership to perform ongoing assessments of the risk program and contribute to annual strategic initiatives.
• Attend and actively participate in change and project management meetings to identify new or evolving risks.
• Ability to effectively and accurately convey risk-related information to stakeholders at all levels.
• Performs related duties as assigned by management.

Qualifications and Education Requirements:

• Bachelor's degree in computer science, a related field, or equivalent industry experience.
• Holds one or more relevant industry certification.
• At least 7+ years' experience in cybersecurity, compliance, or risk management with strong exposure to risk assessment methodologies.
• Experience and understanding of regulatory requirements and laws including, but not limited to SOX, SOC, and GLBA. Additional experience in CRI or NIST frameworks.
• Preferred experience with cloud environments such as AWS and Microsoft Azure.

Skills, Abilities, and Knowledge:

• Strong business acumen and risk management skills with the ability to align risk governance with business operations.
• Exceptional written and verbal communication skills with proven ability to translate risk and security concepts to all levels of the business.
• Ability to understand both legacy and modern technologies and evaluate risk impacts accordingly.
• Working knowledge of incident response, system configuration, vulnerability management, and hardening guidelines as they relate to risk identification and evaluation.
• Demonstrated problem-solving capability and ability to manage complex, cross-functional risk requirements.
• Self-motivated, organized, and capable of proactive identification of emerging risks.
• Successful track record of managing third-party risk, contracts, and external relationships.
• Familiarity with state, federal, and international privacy laws.
• Highly trustworthy; leads by example.
• Strong interpersonal skills with the ability to develop and maintain effective and professional relationships across the organization and with customers.
• Strong influencing and negotiation skills; consultative and collaborative work style.
• High learning agility with the ability to learn and integrate business variables and learn new systems and platforms.
• Effective at managing multiple priorities under tight deadlines in a fast-paced, dynamic environment.
• Self-directed and comfortable working with ambiguity and uncertainty.
• High degree of professional maturity, integrity, ability to maintain confidential data and information.

Work Environment and Physical Requirements:

• Working on-site at assigned office location.
• Regular and punctual attendance adhering to schedule established by leadership.
• Flexibility to work occasional adjusted work schedules, overtime, and evening and/or weekend hours to meet deadlines or as business needs demand.
• Working in a cubicle hub, maintaining focus on phone calls in a noisy environment within earshot of multiple other conversations.
• Sedentary work in a stationary position at a cubicle for prolonged periods of time.
• Constant repetitive motions required for operating a computer, such as typing and managing phone calls.
• Constantly communicating effectively verbally in English, including accurately exchanging information with others following identification of correct procedures.

Additional Information:

While this description is intended to be an accurate reflection of the position's requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Microsoft Authenticator. Employment will be contingent on this requirement.

Company Benefits:

We offer benefits, programs, and perks that support you in every aspect of your life.

• Medical, dental, and vision insurance
• Health Savings Account with employer contribution
• 401(k) Retirement plan with employer match
• Paid Maternity Leave/Parental Bonding Leave/Caregiver Leave
• Adoption Assistance
• Tuition & Certification reimbursement
• Employee Mortgage Loan Program
• The Newrez Employee Emergency and Disaster Fund is a program to support our team members experiencing hardships

Newrez NOW:

Through Newrez NOW, our Corporate Social Responsibility program, you'll have opportunities to give back, lead, and make a difference.

• 1 company-paid Volunteer Time Off day (with over 40,000 volunteer hours contributed since our inception)
• Matching Gifts Program - dollar-for-dollar up to $1,000
• Access to grants, nonprofit resources, and volunteer opportunities
• More than $6,000,000 donated since 2020
• 1 in 5 employees participates in at least one Employee Resource Group (ERG)