Gravity IT Resources

Job Title: Cyber Risk Analyst

Location: Remote

Job-Type: Permanent

Referral Fee: +/- $2000

Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly (we are not open to contract or “corp to corp” agreements).

Position Overview:

Gravity is looking for a Senior Risk Analyst to provide risk management oversight of FOAC Information Security GRC Organization by performing independent monitoring of ITGC controls and technical reviews of process, risk and controls within the organization such as evaluation of material risks, key risk identification metrics, measurement and aggregation of Risk Control Self-Assessments, and the understanding and management of risk through appropriate practices and processes leveraging industry frameworks (i.e.: COSO, GRC , ITGC, GRC ITIL, NIST etc.)

The successful candidate assesses and gates enterprise and business exposures through the identification of key and emerging risks and evaluates alignment with GRC risk strategy and appetite.  

Our client is a nationwide mortgage banker that offers a wide variety of home loan products. They are licensed in over 45 states and is one of the largest non-bank originators..

Duties & Responsibilities:

  • Provides risk management support for a line of business or staff agency in key risk identification, measurement, monitoring, control and reporting, and the understanding and management of risk through appropriate practices and processes.
  • Must possess ITGC experience in following: NIST 800-53, SOX, FINRA,GBLA, CCPA, NYDFS, FFIEC
  • Assess and oversee enterprise and business exposures including key and emerging risks.
  • Monitors the risk and control environment and provides effective challenge to internal and external stakeholders to ensure that exposures are kept at acceptable levels.
  • Escalates and reports risks to the appropriate governance bodies.
  • Partners with key stakeholders in the IT business to identify, assess, aggregate and document risks and controls, including risks associated with IT GRC new or modified products, services, distribution channels, regulations and third-party operations using advanced knowledge.

Required Experience & Skills:

  • Six years of  data risk management, regulatory or operations experience in a relevant functional area to include banking, mortgage, financial services
  • Demonstrated experience in conflict resolution management and ability to effectively challenge at all levels of management and influence business outcomes
  • Ability to effectively work with both internal and external partners in a highly collaborative environment
  • Demonstrated critical thinking and knowledge of data analysis tools and techniques and decision-making abilities, to include demonstrated ability to effectively make data-driven decisions.