Job Description

Information Security - Risk Analyst (SOC-2) Join to apply for the Information Security - Risk Analyst (SOC-2) role at PENNYMAC TPO . PENNYMAC is a specialty financial services firm with a comprehensive mortgage platform and integrated business focused on the production and servicing of U.S. mortgage loans and the management of investments related to the U.S. mortgage market. A Typical Day We are seeking a highly motivated and experienced Technology Risk Analyst to join our IT Risk and Compliance team. In this critical role, you will oversee technology risk within our Cybersecurity domain area, act as a key member of the 1st Line of Defense, and play a pivotal role in developing and maintaining robust policies and procedures. You will ensure the effectiveness of our control environment through quality assurance and support compliance initiatives spanning internal and regulatory audits and SOC2 examinations. The Technology Risk Analyst Will Design and execute comprehensive QA controls testing against established policies and procedures, across the technology environment to validate the effectiveness of security controls and identify control deficiencies. Act as a proactive member of the 1st Line of Defense, identifying, assessing, and monitoring technology risks associated with cybersecurity processes. Lead and coordinate all regulatory examinations, investor questionnaires, and internal/external audits (including SOX/SOC compliance) for the Cybersecurity domain, acting as the primary liaison and ensuring comprehensive evidence submission. Perform technology vendor risk assessments and due diligence reviews to evaluate third‑party security posture and adherence to organizational policies and regulatory standards. Support and maintain the Cybersecurity Policy and Procedure framework, ensuring alignment with industry best practices, regulatory requirements (e.g., SOC 2, ISO 27001, NIST CSF), and organizational risk tolerance. Manage the policy exception process, reviewing, analysing, and documenting all requests for exceptions to security policies, ensuring appropriate compensating controls and risk acceptance are in place. Develop and oversee Cyber Risk Assessments based on Pennymac’s ERM framework. Stay current with emerging technology risks, regulatory changes, and industry trends related to cybersecurity. Required Deep understanding of cybersecurity risk management frameworks and standards (e.g., NIST CSF, ISO 27001, COBIT, CIS Controls). Expertise in designing and performing IT/Cybersecurity controls testing and assurance activities, including control gap analysis and remediation planning. Strong knowledge of relevant regulations and reporting standards (e.g., NYDFS, GLBA, NIST CSF, CRI Profile, GDPR, CCPA, SOC 2, and sector‑specific regulations). Proven ability to manage regulatory/client audit processes, including evidence gathering, response coordination, and interaction with external parties. Excellent analytical and critical thinking skills for evaluating complex technical controls, assessing vendor security, and determining appropriate risk mitigation strategies. Exceptional written and verbal communication skills for drafting clear policies and procedures, communicating risk to non‑technical stakeholders, and articulating complex risk concepts to both technical and non‑technical audiences. Experience supporting internal audits and SOX/SOC compliance initiatives. Must be highly proficient in GSuite or Microsoft Excel, Word, and PowerPoint. Excellent analytical, problem‑solving, and decision‑making skills. Must be a team player with strong attention to detail and able to work independently. Ability to manage multiple priorities and meet deadlines in a fast‑paced environment. Highly Desired Experience with Governance, Risk, and Compliance (GRC) programs and methodologies. Experience using risk, issue and compliance management tools such as Jira, Confluence, AuditBoard, and ServiceNow. Financial Services and, if possible, mortgage industry experience preferred. Relevant professional certifications such as CRISC, CISM, CISSP, or CISA are highly desirable. Education & Experience Bachelor’s Degree from an accredited college or equivalent work experience. 3+ years of relevant work experience in IT Risk and Compliance and/or Audit. Why You Should Join As one of the top mortgage lenders in the country, Pennymac has helped over 4 million lifetime homeowners achieve and sustain their aspirations of home. Our vision is to be the most trusted partner for home. With 4,000 Pennymac team members across the country guided by our core values of Accountability, Reliability, and Ethics, we are committed to conducting a business that makes positive contributions and promotes long‑term sustainable growth. Benefits That Bring It Home Comprehensive Medical, Dental, and Vision coverage Paid Time Off Programs including vacation, holidays, illness, and parental leave Wellness Programs, Employee Recognition Programs, onsite gyms and café‑style dining (select locations) Retirement benefits, life insurance, 401(k) match, and tuition reimbursement Philanthropy Programs including matching gifts, volunteer grants, charitable grants and corporate sponsorships Compensation Individual salary may vary based on multiple factors including specific role, geographic location/market data, and skills and experience as defined below: Lower in range – Building skills and experience in the role Mid‑range – Experience and skills align with proficiency in the role Higher in range – Experience and skills add value above typical requirements of the role Some roles may be eligible for performance‑based compensation and/or stock‑based incentives awarded to employees based on company and individual performance. Salary $95,000 – $155,000 Work Model

REMOTE

Seniority Level Not Applicable Employment Type Full‑time Job Function Information Technology Referrals increase your chances of interviewing at PENNYMAC TPO by 2x. #J-18808-Ljbffr PENNYMAC

Job Tags

Full time, Work experience placement,

Similar Jobs