Information Security Analyst Sr. – Security Measurement & Metrics

Job Expired

About the job

Start something good. Empower your career. Become an employee owner at Cenlar.

Employee owners have made Cenlar the nation’s leading mortgage loan subservicer. Our unique culture is defined by our core values of respect, trust, integrity and care. Company ownership, a promote-from-within philosophy, and opportunities for continuous professional growth make Cenlar a great place to launch or boost your career. Consider this opportunity to join our team as an Information Security Analyst Sr.

The Information Security Analysts support the Corporate Security Program in achievement, maintenance, and oversight of best practice and industry standard physical, cyber, and logical controls on all Cenlar computing resources. The Analysts may support Cenlar’s technical information security program including routine operational tasks, as well as security projects and technical security analysis needs. The Analysts assist in security assurance around company’s use of third-party service providers and the appropriate transparency of company’s technology and security control functions externally. This position ensures the on-going security control activities occur as defined, are operating effectively, and maintains evidence of compliance with the controls (RCSA, SOC, IA, OCC guidance, best practices).

Responsibilities

  • Assists the Director, Information Security in compliance review engagements focused on or conducted by external entities, including vendors, clients, regulators, rating agencies and internal/external auditors.
  • Assists with Security Performance Metrics and Measurement with reporting and analytics.
  • Assists with Cybersecurity maturity assessment, gap analysis, risk management, and remediation tracking.
  • Assists in coordinating vendor assurance activities with Vendor Management as it relates to Information Security, Physical SecurityCybersecurity, and Business Continuity related controls and compliance efforts, to include visit coordination to specified vendors on a rotational basis.
  • Serves as a secondary contact point or Corporate Security Office (CSO) interface with Client Relations for client due diligence and site visits.
  • Assists in gathering information required by clients in support of Cenlar’s client due diligence efforts by providing necessary information and documentation prior to, during and following each client review engagement.
  • Assists in providing oversight to security assurance activities handled by groups other than the CSO, to ensure that strong controls are maintained while continuing to meet appropriate service levels.
  • Establishes clear performance objective and strives to meet objectives within agreed time frames, budgets or service level.
  • Ensures compliance with company policies, procedures, and regulatory requirements, and the accuracy and reliability of company data; and to confirm the adequacy of implemented security controls and help identify necessary improvements.
  • Assists in developing vendor Security Assurance program tools and a scorecard to be updated and presented either monthly or, at minimum, quarterly.
  • Assists in developing cost/benefit analysis or justification for any new Corporate Security expenditures as related to security assurance.
  • Assists in Vendor Security Assurance to include the following:
    • Maintains the vendor due diligence process and framework in alignment with corporate Vendor Management program
    • Assists in reviewing and improving the vendor security assessment questionnaire and related processes
    • Conducts assessments, including onsite visits , whether initially for new potential vendors or on an ongoing basis, minimally annually, for existing vendors (annual travel not to exceed 20%).
    • Evaluates information, questionnaire responses and third-party reports
    • Assists in developing the vendor security assurance program tools and a scorecard to be updated and presented either monthly or, at minimum, quarterly.
  • Assists in tracking findings by maintaining a comprehensive list of risks/findings documented by the Corporate Security Office, ensuring the CSO schedules meetings with the business owners to review the risks and findings and put action plans in place while business relationship owners in turn coordinate reviews, request responses and obtain remediation plans from vendors, as appropriate.
  • Assists in documenting efforts by vendors to reduce or eliminate risks identified in the security assessments where the business relationship owner works with the vendor and CSO to agree on acceptable remediation plans and timelines.
  • Assists in the training and support of other members of the company in all areas related to the CSO programs.
  • Acts as an advocate of security policies and procedures with all associates and external clients and business partners.
  • Completes assigned tasks designed to ensure the security of the organization’s systems and information assets and protects against unauthorized access, modification, or destruction.
  • Works within the Corporate Security Office and with end users to determine needs of individual departments in order to implement policies and procedures, and assist in tracking compliance through the organization.
  • Performs proactive analysis of the security environment to reduce the risk of systems compromise through unauthorized entry and/or activities performed by either external individuals or Cenlar associates.
  • Stays current on security regulations and associated policies, doctrine, and techniques to enhance Cenlar’s Information Security Program.
  • Conducts assigned risk assessments or audits of existing or new systems to document areas of deficiency, opportunities for improvement and potential financial impacts; works to implement improvements.
  • Works with external audit or assessment teams to identify security related exposures for purposes of general controls improvement or obtaining or maintaining ratings or certifications.
  • Supports Cenlar’s internal audits, external audits for user access controls and supporting evidence.
  • Communicates unresolved security exposures, misuse, or noncompliance situations to Corporate Security leadership.
  • Recognizes, identifies potential areas where existing security policies, standards, and procedures require change, or where new ones need to be developed, and creates required documentation.
  • Assist in risk and issue validation and develop mitigation and remediation recommendations.
  • Completes all assigned project tasks in accordance with project requirements and deadlines.
  • Builds cross-functional relationships with business partners.
  • Works effectively in a matrix managed environment.
  • Appropriately assess risk when business decisions are made, include but not limited to compliance and operational risk.
  • Demonstrate consideration for Cenlar’s reputation as well as our clients, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards.

Qualifications

  • Bachelor’s degree or equivalent experience.
  • Willingness to travel up to 20% for vendor site visits.
  • A minimum of 5 to 7 years of direct job experience in Security and Technology controls for preferably Financial Services, mortgage servicing or originations, in any of the following areas: Information Technology, Information SecurityRisk & Compliance, or Audit.
  • Direct experience supporting internal auditors, external auditors, regulatory assessors i.e. OCC, FRB, CFPB, etc.
  • Stays abreast of current cybersecurity, privacy, risk best practices and maintains strong awareness of access management security concepts, practices, and procedures.
  • Possesses mature leadership skills, including the ability to present technical concepts in layman’s terms.
  • Experience and familiarity with Internet protocols, services and languages (TCP/IP, Telnet, FTP, HTML), Windows, Office, Linux, Visual Basic, C++/ C#, PowerShell and/or other development or scripting languages.
  • Must possess strong documentation skills for drafting and creating: policy, procedure, guidelines, and standards.
  • Strong understanding of Security controls and processes, ensures compliance with associated standards (RCSA, IA, OCC).
  • Ability to solve problems and drive results without formal authority and with minimal oversight. Certifications in Azure, Cloud technology, Information Security, Certified Third-Party Risk Assessor (CTPRA), Certified Third-Party Risk Professional (CTPRP) preferred.

Total Rewards

As an employee-owner at Cenlar, you’ll receive an outstanding benefits package that includes paid medical, dental, and life insurance, 401(k), and tuition assistance as well as opportunities for training and professional advancement.

Cenlar is a drug-free workplace and an equal employment opportunity/affirmative action employer M/F/D/V/SO.

More Information

  • This job has expired!
Share this job

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X