loanDepot
Position Summary:
Responsible for supporting initiatives that provide reasonable assurance that IT risks are effectively identified, assessed, managed, and reported across the enterprise. Ensures execution of Risk and Control Self-Assessments (RCSA), control testing, issue management, and risk reporting activities in alignment with the organization’s governance framework. Supports the implementation and ongoing enhancement of ServiceNow IRM and demonstrates a strong understanding of end-to-end Governance, Risk, and Compliance (GRC) frameworks and processes. Assists in monitoring compliance with internal policies, regulatory obligations, and industry standards to strengthen the organization’s overall control environment. This position ensures the performance of all duties in accordance with the company’s policies and procedures, and all U.S. state and federal laws and regulations wherein the company operates.
Responsibilities:
Execute IT RCSA by coordinating with control owners to identify, assess, and document key risks, controls, and residual risk ratings.
Support ongoing IT risk management by maintaining the Risk Register, performing risk assessments across processes, applications, and infrastructure, and monitoring changes in risk exposure.
Track and validate remediation of issues and findings from RCSA, audits, and assessments; collaborate with issue owners to define corrective action plans and ensure timely resolution.
Generate and maintain risk reports, dashboards, and metrics for management and governance committees, ensuring data integrity and traceability within the system of record (e.g., ServiceNow IRM).
Apply knowledge of GRC and IT control frameworks (NIST CSF, ISO 27001, COBIT, FFIEC CAT, GLBA/NYDFS) to ensure consistent alignment of assessments, controls, and reporting.
Support internal and external audit activities by providing control documentation, evidence, and status updates.
Identify and recommend process and tool enhancements to improve efficiency, automation, and overall GRC program maturity in collaboration with IT, Security, Data, and Risk partners.
Requirements:
Bachelor’s degree in information systems, Computer Science, Cybersecurity, or a related field required; equivalent experience may be considered.
3–5 years of experience in IT Risk Management, IT Controls, IT Audit, or GRC functions within financial services or a technology-driven organization.
Hands‑on experience with ServiceNow IRM or other GRC platforms, including risk, control, and issue management; UCF integration experience preferred.
Experience performing RCSA, control testing, and issue management, with familiarity in frameworks such as NIST CSF, ISO 27001, COBIT, FFIEC CAT, and GLBA/NYDFS.
Working knowledge of data analytics and SQL scripting to support control testing and risk reporting.
Professional certifications such as CRISC, CISA, CISSP, or ITIL Foundation preferred.
Demonstrates knowledge of, adherence to, monitoring, and responsibility for compliance with applicable regulatory and framework requirements including NIST CSF, ISO 27001, COBIT, FFIEC CAT, and GLBA/NYDFS Part 500.
Demonstrates knowledge of IT Risk Management and Governance principles, including execution of RCSA, identification of key risks and controls, and assessment of residual risk exposure.
Demonstrates hands‑on experience performing control testing, including evidence collection, validation of control design and operating effectiveness, and documentation of results.
Demonstrates understanding of core IT control domains, including but not limited to access management, change management, configuration management, asset management, backup and recovery, vulnerability management, network security and operations, SDLC, product management, and data management.
Demonstrates proficiency in data analytics and SQL scripting to extract, analyze, and validate data supporting risk assessments, control testing, and issue verification activities.
Demonstrates experience maintaining and reporting on IT Risk Registers, metrics, and dashboards that communicate risk posture, control performance, and issue remediation progress.
Demonstrates practical experience using GRC tools, preferably ServiceNow IRM, for documenting risks, controls, and issues; maintaining workflow integrity; and generating governance reports.
Analytical and problem‑solving skills with the ability to evaluate complex data, identify control gaps or process weaknesses, and recommend actionable improvements.
Project management skills with the ability to manage multiple assessments, control testing activities, and reporting deliverables simultaneously.
Relationship‑building and influencing skills with the ability to communicate risk and control concepts clearly to technical and non‑technical audiences.
Effective organizational and time‑management skills with the ability to balance competing priorities and meet deadlines in a dynamic environment.
Exceptional verbal, written, and interpersonal communication skills with attention to accuracy, clarity, and documentation quality.
Ability to prepare and deliver formal and informal presentations to management, audit, or governance committees regarding risk assessment and control testing results.
Intermediate to advanced proficiency with Microsoft Office applications (Excel, Word, PowerPoint, Outlook) and familiarity with data visualization tools such as Power BI or Tableau.
Ability to work independently with minimal supervision while maintaining accountability for assigned deliverables and quality standards.
Demonstrates knowledge of Unified Compliance Framework (UCF) principles and the ability to support integration of UCF content into ServiceNow IRM to align control mappings, automate evidence collection, and standardize compliance reporting.
Why work for #teamloanDepot:
Competitive compensation package based on experience, skillset and overall fit for #TeamloanDepot.
Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive.
Work with other passionate, purposeful, and customer‑centric people.
Extensive internal growth and professional development opportunities including tuition reimbursement.
Comprehensive benefits package including Medical/Dental/Vision.
Wellness program to support both mental and physical health.
Generous paid time off for both exempt and non‑exempt positions.
About loanDepot: loanDepot (NYSE: LDI) is a digital commerce company committed to serving its customers throughout the home ownership journey. Since its launch in 2010, loanDepot has revolutionized the mortgage industry with a digital‑first approach that makes it easier, faster, and less stressful to purchase or refinance a home. Today, as the nation’s second largest non‑bank retail mortgage lender, loanDepot enables customers to achieve the American dream of homeownership through a broad suite of lending and real estate services that simplify one of life's most complex transactions. With headquarters in Southern California and offices nationwide, loanDepot is committed to serving the communities in which its team lives and works through a variety of local, regional, and national philanthropic efforts.
Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay for this role is between $106,000 and $145,000. Your base pay will depend on multiple individualized factors, including your job‑related knowledge/skills, qualifications, experience, and market location.
We are an equal opportunity employer and value diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
#J-18808-Ljbffr
Responsibilities:
Execute IT RCSA by coordinating with control owners to identify, assess, and document key risks, controls, and residual risk ratings.
Support ongoing IT risk management by maintaining the Risk Register, performing risk assessments across processes, applications, and infrastructure, and monitoring changes in risk exposure.
Track and validate remediation of issues and findings from RCSA, audits, and assessments; collaborate with issue owners to define corrective action plans and ensure timely resolution.
Generate and maintain risk reports, dashboards, and metrics for management and governance committees, ensuring data integrity and traceability within the system of record (e.g., ServiceNow IRM).
Apply knowledge of GRC and IT control frameworks (NIST CSF, ISO 27001, COBIT, FFIEC CAT, GLBA/NYDFS) to ensure consistent alignment of assessments, controls, and reporting.
Support internal and external audit activities by providing control documentation, evidence, and status updates.
Identify and recommend process and tool enhancements to improve efficiency, automation, and overall GRC program maturity in collaboration with IT, Security, Data, and Risk partners.
Requirements:
Bachelor’s degree in information systems, Computer Science, Cybersecurity, or a related field required; equivalent experience may be considered.
3–5 years of experience in IT Risk Management, IT Controls, IT Audit, or GRC functions within financial services or a technology-driven organization.
Hands‑on experience with ServiceNow IRM or other GRC platforms, including risk, control, and issue management; UCF integration experience preferred.
Experience performing RCSA, control testing, and issue management, with familiarity in frameworks such as NIST CSF, ISO 27001, COBIT, FFIEC CAT, and GLBA/NYDFS.
Working knowledge of data analytics and SQL scripting to support control testing and risk reporting.
Professional certifications such as CRISC, CISA, CISSP, or ITIL Foundation preferred.
Demonstrates knowledge of, adherence to, monitoring, and responsibility for compliance with applicable regulatory and framework requirements including NIST CSF, ISO 27001, COBIT, FFIEC CAT, and GLBA/NYDFS Part 500.
Demonstrates knowledge of IT Risk Management and Governance principles, including execution of RCSA, identification of key risks and controls, and assessment of residual risk exposure.
Demonstrates hands‑on experience performing control testing, including evidence collection, validation of control design and operating effectiveness, and documentation of results.
Demonstrates understanding of core IT control domains, including but not limited to access management, change management, configuration management, asset management, backup and recovery, vulnerability management, network security and operations, SDLC, product management, and data management.
Demonstrates proficiency in data analytics and SQL scripting to extract, analyze, and validate data supporting risk assessments, control testing, and issue verification activities.
Demonstrates experience maintaining and reporting on IT Risk Registers, metrics, and dashboards that communicate risk posture, control performance, and issue remediation progress.
Demonstrates practical experience using GRC tools, preferably ServiceNow IRM, for documenting risks, controls, and issues; maintaining workflow integrity; and generating governance reports.
Analytical and problem‑solving skills with the ability to evaluate complex data, identify control gaps or process weaknesses, and recommend actionable improvements.
Project management skills with the ability to manage multiple assessments, control testing activities, and reporting deliverables simultaneously.
Relationship‑building and influencing skills with the ability to communicate risk and control concepts clearly to technical and non‑technical audiences.
Effective organizational and time‑management skills with the ability to balance competing priorities and meet deadlines in a dynamic environment.
Exceptional verbal, written, and interpersonal communication skills with attention to accuracy, clarity, and documentation quality.
Ability to prepare and deliver formal and informal presentations to management, audit, or governance committees regarding risk assessment and control testing results.
Intermediate to advanced proficiency with Microsoft Office applications (Excel, Word, PowerPoint, Outlook) and familiarity with data visualization tools such as Power BI or Tableau.
Ability to work independently with minimal supervision while maintaining accountability for assigned deliverables and quality standards.
Demonstrates knowledge of Unified Compliance Framework (UCF) principles and the ability to support integration of UCF content into ServiceNow IRM to align control mappings, automate evidence collection, and standardize compliance reporting.
Why work for #teamloanDepot:
Competitive compensation package based on experience, skillset and overall fit for #TeamloanDepot.
Inclusive, diverse, and collaborative culture where people from all backgrounds can thrive.
Work with other passionate, purposeful, and customer‑centric people.
Extensive internal growth and professional development opportunities including tuition reimbursement.
Comprehensive benefits package including Medical/Dental/Vision.
Wellness program to support both mental and physical health.
Generous paid time off for both exempt and non‑exempt positions.
About loanDepot: loanDepot (NYSE: LDI) is a digital commerce company committed to serving its customers throughout the home ownership journey. Since its launch in 2010, loanDepot has revolutionized the mortgage industry with a digital‑first approach that makes it easier, faster, and less stressful to purchase or refinance a home. Today, as the nation’s second largest non‑bank retail mortgage lender, loanDepot enables customers to achieve the American dream of homeownership through a broad suite of lending and real estate services that simplify one of life's most complex transactions. With headquarters in Southern California and offices nationwide, loanDepot is committed to serving the communities in which its team lives and works through a variety of local, regional, and national philanthropic efforts.
Base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay for this role is between $106,000 and $145,000. Your base pay will depend on multiple individualized factors, including your job‑related knowledge/skills, qualifications, experience, and market location.
We are an equal opportunity employer and value diversity in our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
#J-18808-Ljbffr