Start something good. Empower your career. Become an employee owner at Cenlar.
Employee owners have made Cenlar the nation’s leading mortgage loan subservicer. Our unique culture is defined by our core values of respect, trust, integrity and care. Company ownership, a promote-from-within philosophy, and opportunities for continuous professional growth make Cenlar a great place to launch or boost your career. Consider this opportunity to join our team as an Information Security Analyst Sr.
The Information Security Analysts support the Corporate Security Program in achievement, maintenance, and oversight of best practice and industry standard physical, cyber, and logical controls on all Cenlar computing resources. The Analysts may support Cenlar's technical information security program including routine operational tasks, as well as security projects and technical security analysis needs. The Analysts assist in security assurance around company’s use of third-party service providers and the appropriate transparency of company’s technology and security control functions externally. This position ensures the on-going security control activities occur as defined, are operating effectively, and maintains evidence of compliance with the controls (RCSA, SOC, IA, OCC guidance, best practices).
- Acts as a Subject Matter Expert in access controls, access management, and access governance
- Works effectively in a matrix managed environment
- Leverages tools / models such as Capability Maturity Model (CMM), pivot tables and representative dashboard metrics, Visio diagrams, Powerpoint, Excel macros
- Supports the Director, Identity and Access Management in performing annual risk assessments (FFIEC AIBE, Cyber/FFIEC CAT, SOC testing, GLBA, Physical Security) as assigned
- Conducts existing and identifies new security oversight reviews
- Supports Cenlar’s internal audits, external audits, and examsfor user access controls and supporting evidence
- Participates in investigations of improper access, revoking access, and/or reporting violations
- Communicates unresolved security exposures, misuse, or noncompliance situations to Corporate Security leadership
- Recognizes, identifies potential areas where existing security policies, standards, and procedures require change, or where new ones need to be developed, and creates required documentation
- Validates risks and issues and develops mitigation and remediation recommendations
- Builds cross-functional relationships with business partners
- Assists the Manager, Information Security in compliance review engagements focused on or conducted by external entities, including vendors, clients, regulators, rating agencies and internal/external auditors
- Assists in coordinating vendor assurance activities with Vendor Management as it relates to Information Security, Physical Security, Cybersecurity, and Business Continuity related controls and compliance efforts, to include visit coordination to all Tier 1 vendors and periodic site visits to Tier 2 vendors on a rotational basis
- Serves as a secondary contact point or CSO interface with Client Relations for client due diligence and site visits
- Assists in gathering information required by clients in support of Cenlar’s client due diligence efforts by providing necessary information and documentation prior to, during and following each client review engagement
- Assists in providing oversight to security assurance activities handled by groups other than the Corporate Security Office, to ensure that strong controls are maintained while continuing to meet appropriate service levels.
- Establishes clear performance objective and strives to meet objectives within agreed time frames, budgets or service level
- Ensures compliance with company policies, procedures, and regulatory requirements, and the accuracy and reliability of company data; and to confirm the adequacy of implemented security controls and help identify necessary improvements.
- Assists in developing vendor Security Assurance program tools and a scorecard to be updated and presented either monthly or, at minimum, quarterly.
- Assists in developing cost/benefit analysis or justification for any new Corporate Security expenditures as related to security assurance
- Assists in Vendor Security Assurance to include the following:
- Maintains the vendor due diligence process and framework in alignment with corporate Vendor Management program
- Assists in reviewing and improving the vendor security assessment questionnaire and related processes
- Conducts assessments, including on-site visits, whether initially for new potential vendors or on an ongoing basis, minimally annually, for existing vendors
- Evaluates information, questionnaire responses and third-party reports
- Assists in developing the vendor security assurance program tools and a scorecard to be updated and presented either monthly or, at minimum, quarterly
- Assists in tracking findings by maintaining a comprehensive list of risks/findings documented by the CSO, ensuring the CSO schedules meetings with the business owners to review the risks and findings and put action plans in place while business relationship owners in turn coordinate reviews, request responses and obtain remediation plans from vendors, as appropriate
- Assists in documenting efforts by vendors to reduce or eliminate risks identified in the security assessments where the business relationship owner works with the vendor and CSO to agree on acceptable remediation plans and timelines
- Assists in the training and support of other members of the company in all areas related to the Corporate Security Office programs
- Acts as an advocate of security policies and procedures with all associates and external clients and business partners
- Completes assigned tasks designed to ensure the security of the organization's systems and information assets and protects against unauthorized access, modification, or destruction
- Works within the Corporate Security Office and with end users to determine needs of individual departments in order to implement policies and procedures, and assist in tracking compliance through the organization
- Performs proactive analysis of the security environment to reduce the risk of systems compromise through unauthorized entry and/or activities performed by either external individuals or Cenlar associates
- Monitors firewalls and intrusion prevention systems, system logs, and other systems for security related events on a regular basis, looking for signs of abuse or misuse
- Assists in the investigation of anomalies and response to confirmed security incidents in line with incident response policies and procedures
- Monitors security newsgroups, mailing lists, and postings for information on potential intrusions or security weaknesses where adjustments to the information security controls are warranted
- Stays current on security technologies, techniques, and possible threats to Cenlar
- Conducts assigned risk assessments or audits of existing or new systems to document areas of deficiency, opportunities for improvement and potential financial impacts.Works to implement improvements
- Completes all assigned project tasks in accordance with project requirements and deadlines
- Works with external audit or assessment teams to identify security related exposures for purposes of general controls improvement or obtaining or maintaining ratings or certifications
- Utilizes security and vulnerability assessment tools internally and externally to identify network security weaknesses in order to recommend network or operating system enhancements
- Supports penetration testing and/or vulnerability assessments of Cenlar systems to ensure that suspected or real vulnerabilities are identified, prioritized and remediated
- Bachelor’s degree in Computer Science, MIS, or Information Security required
- Master’s degree or professional certifications such as CISSP, CISM preferred
- A minimum of 5 to 7 years of direct job experience in Security and Technology controls for Financial Services, preferably mortgage servicing or originations, in any of the following areas: Information Technology, Information Security, Risk & Compliance, and Audit
- Direct experience supporting internal auditors, external auditors, regulatory assessors i.e. OCC, FRB, CFPB, etc.
- Stays abreast of current cybersecurity, privacy, risk best practices and maintains strong awareness of access management security concepts, practices, and procedures
- Possesses mature leadership skills, including the ability to present technical concepts in layman’s terms
- Experience with Black Knight MSP and with cloud concepts and technologies a strong plus
- Experience and familiarity with Internet protocols, services and languages (TCP/IP, Telnet, FTP, HTML), MS-Windows, MS-Office, Linux, MS-SQL or other DBMS’s, Visual Basic, C++/ C#, Powershell and/or other development or scripting languages.
- Must possess strong documentation skills for drafting and creating: policy, procedure, guidelines, and standards
- Proficient in database structures, specifically creating tables and exports
- Strong command of Security controls and processes, ensures compliance with associated standards (RCSA, IA, OCC)
- Ability to drive results without formal authority
As an employee-owner at Cenlar, you’ll receive an outstanding benefits package that includes paid medical, dental, and life insurance, 401(k), and tuition assistance as well as opportunities for training and professional advancement.
Cenlar is a drug-free workplace and an equal employment opportunity/affirmative action employer M/F/D/V/SO.