We are at the forefront of change in this rapidly evolving lending market. mello™, the Greek word for “future,” was the product of a recent $80+ million dollar investment in research & development to transform & streamline the home buying process into a digital experience like no other competitor offers. But mello™ is just the beginning… loanDepot will continue to invest in developing our own advanced technology ecosystem built around serving our customers & enabling our valued employees to provide exceptional service. We have funding, we have opportunities, you have ideas—it’s a perfect match.
loanDepot — We are America’s Lender.
loanDepot, LLC is in search of a Manager of Information Security Risk Management responsible for managing projects and establishing programs of moderate complexity and impacts team results thought a high quality of work ensuring program initiatives support business operations. This role focuses on maturing information security capabilities (privacy, information security and records management), including governance structures, processes and tools in collaboration with cross functional business teams. Responsible for business line advisory support ensuring compliance with external information security & privacy regulations and internal company policies. This role is also responsible for managing reporting dashboards, establishing consistent reports, managing the information security risk register, and metrics that support other program related initiatives. Accountable to integrate industry standards (e.g., ISO, NIST, FFIEC, NYDFS 500, SANS, other) into program functions. Excellence is an expectation, and strong communications, leadership, teamwork, and agility are critical success factors.
- Identifying and Assessing Risk: Conduct assessments against established framework(s), identifying gaps in controls that require remediation. Document evidence of existing controls in a central repository and maintain updates as required. Monitor and manage remediation efforts to ensure progress against action plans to close gaps identified during assessments that are documented in the risk register. Manage the departmental risk register to organize, record, track and manage program risks in a centralized repository. Work with the program executives and team to ensure all information security (privacy, information security, and records management) initiatives are integrated to report findings into the register. The comprehensive register must, at a minimum, analyze risks (e.g., probability, impact, control(s), and tolerance level(s)), prioritize risks, incorporate treatment plans and regularly report status. Mature this process as it evolves to improve effectiveness.
- Monitor Regulations and Trends: Monitor developments to maintain knowledge of current information security related issues to ensure ongoing compliance with requirements from laws, regulations and global standards.
- Vendor Risk Assessments: Assess proposed vendors to ensure appropriate level of security controls are in place prior to onboarding.
- Governance: Serve as a liaison to cross-departmental stakeholders in connection with business activities establishing solutions that integrate privacy, information security, and records management requirements with business priorities. Participates and represents team in enterprise risk committees to evaluate the privacy, information security, and records management governance risks with initiatives, providing risk assessment impacts and recommendations to business leaders. Understands how strategic business requirements align with privacy and security requirements. Mature capabilities and processes related to program initiatives. Manage the related inquiries and complaints process.
Skills and Competencies:
6-8+ years’ experience in:
- One or more of the following disciplines (e.g., privacy, records & information management, policy, compliance, information security, operational risk management, framework compliance)
- Thorough Understanding of U.S. privacy and data protection laws and regulations, fair information practices and core privacy and data protection principles, direct marketing techniques, workplace monitoring, financial privacy requirements, online privacy, and information security.
- Project management skills with the ability to manage multiple work streams
- Excellent written and verbal communication skills; advanced project management skills; advanced problem-solving and analytical/critical thinking skills; advanced technical ability.
- Proven ability to execute strategies and track and measure results; ability to work collaboratively and cooperatively across business functional areas in ambiguous situations.
- Intermediate knowledge of privacy and information security standards (e.g., ISO 27001/27002, 22307, 23001, 29100, 31000, NIST SP800-53, Cobit, FFIEC, etc.), and commonly used concepts, practices and procedures within the privacy and information security field highly desirable.
- Advanced Microsoft Office (Excel, Word, PowerPoint, Visio and Access) skills; proficient in Microsoft Excel, including macros.
- Demonstrated ability to work in a matrix type organization demonstrated process management and leadership skills and demonstrated time management skills.
- Relationship building skills and the ability to influence and communicate related concepts to technical and non-technical staff
- Tactical thinking skills, creative problem solving, analytical skills, verbal and written communication skills, including meeting facilitation and presentation skills.
- Ability to multi-task, thrive and deliver in a highly regulated, demanding, entrepreneurial, and constantly changing corporate environment. Demonstrated ability to regularly re-prioritize risks, objectives and action plans based on an evolving corporate and regulatory landscape.
- Ability to deal well with ambiguity and complex situations. Ability to lead a team through growth and change.
- Independent judgment, critical and analytical thinking, and problem-solving skills required.
Possible certification preferences are [One or more of the following are Required]:
- U.S. Certified Information Privacy Professional (CIPP/US)
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Technologist (CIPT)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
Possible education preferences are [Not Required]:
- BA or BS in information security, business administration, or related area.
- Master’s degree in an IT field is a plus, and
- Master’s in cybersecurity is an even bigger plus
- Competitive compensation reliant on ability & experience
- Excellent benefits package including multiple health, dental & vision options
- Company paid life and AD&D Insurance, as well as additional voluntary benefit possibilities
- 401K with robust company match
- 15+ PTO days, in addition to 8 paid company holidays
- The opportunity to work for America’s Lender under the vision of industry legend, Anthony Hsieh
loanDepot is a proud equal opportunity employer.