GRC Analyst
Apply NowCompany: Dovenmuehle Mortgage, Inc.
Location: Lake Zurich, IL 60047
Description:
GRC Analyst
Full time; Non-Exempt;
Location; Lake Zurich, IL, US
Department: PC/LAN
Dovenmuehle Mortgage, Inc. ("Dovenmuehle") is the leading mortgage subservicing firm in the United States with several hundred financial institution clients nationwide.
Systems
General Description:
As a GRC (Governance, Risk, and Compliance) Analyst in the IT Security team, you will play a key role in supporting the organization's security compliance initiatives, risk management processes, and governance frameworks. The GRC Analyst will work closely with cross-functional teams to ensure that the company's security policies, regulatory requirements, and industry best practices are implemented, monitored, and maintained. This position is critical to maintaining DMI's IT security posture and ensuring the company remains compliant with relevant standards and regulations.
Essential Functions and Duties:
Required Qualifications:
Physical Demands and Work Environment:
The employee must be comfortable in either an on-site office setting, or a quiet, designated work from home space that is free from distractions and noise. The employee is regularly required to communicate (give/receive) information through multiple methods of communication with clear understanding from others. Must be able to exchange accurate information in these situations.
The employee must be able to remain in a stationary position and or move about the organization or remote office. The employee is frequently required to stand or walk (or otherwise move through the organization); sit; use hands to type, write, handle, or feel and reach. May occasionally climb or balance; stoop, kneel, or crouch; or lift and/or move up to 25 lbs. Employees may be required to type and utilize a computer for long periods of time.
The employee may be required to frequently operate a standard variety of office equipment including computers, calculators, copy machine, computer printer and phones. The noise level, if working on-site, is usually moderate and typical of an office environment.
In accordance with applicable disability laws, Dovenmuehle works with applicants and employees to make reasonable accommodations to the job or work environment when doing so will enable an employee with a qualified disability to satisfactorily perform the essential functions of the job.
Full time; Non-Exempt;
Location; Lake Zurich, IL, US
Department: PC/LAN
Dovenmuehle Mortgage, Inc. ("Dovenmuehle") is the leading mortgage subservicing firm in the United States with several hundred financial institution clients nationwide.
Systems
General Description:
As a GRC (Governance, Risk, and Compliance) Analyst in the IT Security team, you will play a key role in supporting the organization's security compliance initiatives, risk management processes, and governance frameworks. The GRC Analyst will work closely with cross-functional teams to ensure that the company's security policies, regulatory requirements, and industry best practices are implemented, monitored, and maintained. This position is critical to maintaining DMI's IT security posture and ensuring the company remains compliant with relevant standards and regulations.
Essential Functions and Duties:
- Governance: Assist in the development, review, and enforcement of security policies, standards, and procedures to ensure alignment with business objectives and regulatory requirements.
- Risk Management: Identify, assess, and document IT security risks. Develop mitigation strategies and track the implementation of risk-reducing measures.
- Compliance: Support internal and external audits by preparing relevant documentation, maintaining compliance checklists, and addressing audit findings. Ensure compliance with industry standards such as ISO 27001, NIST, and other relevant regulations.
- Security Awareness: Collaborate with the IT Security team to create and deliver security awareness training and campaigns throughout the organization.
- Incident Response: Assist in the development of incident response protocols and support post-incident reviews to ensure security events are managed efficiently and root causes are addressed.
- Audit Support: Liaise with internal and external auditors, ensuring necessary evidence is available and assisting in responding to audit requests.
- Metrics and Reporting: Compile risk and compliance metrics for senior management and provide regular reports on GRC activities, risks, and trends.
- Successfully complete annual regulatory compliance training.
- Performs other related duties as assigned.
Required Qualifications:
- Bachelor's degree in Information Technology, Cybersecurity, or a related field, or equivalent work experience.
- 2-4 years of experience in IT governance, risk management, and compliance.
- Strong understanding of security frameworks such as ISO 27001, NIST, or similar.
- Experience with risk assessment methodologies and tools.
- Familiarity with regulatory compliance requirements (e.g., SOC 2).
- Excellent communication and documentation skills with the ability to present complex information clearly to both technical and non-technical audiences.
- Strong analytical and problem-solving skills.
- Relevant certifications such as CISA, CRISC, CISSP, or similar are a plus.
Physical Demands and Work Environment:
The employee must be comfortable in either an on-site office setting, or a quiet, designated work from home space that is free from distractions and noise. The employee is regularly required to communicate (give/receive) information through multiple methods of communication with clear understanding from others. Must be able to exchange accurate information in these situations.
The employee must be able to remain in a stationary position and or move about the organization or remote office. The employee is frequently required to stand or walk (or otherwise move through the organization); sit; use hands to type, write, handle, or feel and reach. May occasionally climb or balance; stoop, kneel, or crouch; or lift and/or move up to 25 lbs. Employees may be required to type and utilize a computer for long periods of time.
The employee may be required to frequently operate a standard variety of office equipment including computers, calculators, copy machine, computer printer and phones. The noise level, if working on-site, is usually moderate and typical of an office environment.
In accordance with applicable disability laws, Dovenmuehle works with applicants and employees to make reasonable accommodations to the job or work environment when doing so will enable an employee with a qualified disability to satisfactorily perform the essential functions of the job.