The Company
Common Securitization Solutions (CSS) is seeking an experienced IT Enterprise Risk Management Director-2LOD to join our team of talented professionals. This is a full-time remote opportunity.
CSS built and operates the largest and most advanced mortgage securitization platform in the world, supporting the Uniform Mortgage-Backed Security (UMBS) of Fannie Mae and Freddie Mac.
Supporting 70% of the mortgage-backed securities in the market, CSS provides best-in-class single-family issuance, bond administration, disclosure, and tax services. We support a broad portfolio of products for our clients with full lifecycle management.
Our market-leading, cloud-based, end-to-end platform executes transactions on an extraordinary scale which has bolstered liquidity in the secondary mortgage market, one of the largest and most important financial markets in the world. Our unique approach to securitization combines the best minds in financial services with the know-how, flexibility, and innovation of leading technologists.
RESPONSIBILITIES
Job Information
CSS is seeking a candidate for a Director role in Information Technology, Information Security, Cybersecurity, and Information Management risk team within the Enterprise Risk Management division at CSS. This role will report to the Sr. Director Tech/Cybersecurity to provide leadership and Subject Matter Expertise (SME) relative to Technology/Cloud, Information Security, Information Management, and Business Resiliency risk assessments, Data Management, effective Risk Management practices, and related reporting.
This role requires senior level experience with demonstrated technical and Risk Management skills in managing and supporting cross-functional business areas and corporate stakeholders relative to effective and timely identification, analysis, remediation, management, and reporting of risk to various management levels and committees. A successful candidate will have a collaborative work ethic/style, strong communication/presentation (verbal and written) and negotiation skills, and demonstrated knowledge and experience in information technology, information security/information management, and business resiliency programs.
Key Job Functions
- Responsible for ensuring completion of comprehensive risk assessments, documentation, risk mitigation guidance, and related reporting for key enterprise initiatives, across various technologies, platforms/environments (i.e., Cloud, AI, etc.) including efforts relative to supporting external partners and/or clients.
- Risk Assessment/management of Artificial Intelligence, Machine Learning and Robotics Process Automation (Bots) solutions.
- Ensure adequate controls from Risk Control Matrix are applied and adhered to across the enterprise. As well as provide guidance on creation of new controls based on identified GAPs.
- Provide Second Line Risk SME guidance, assessment, and oversight of CSS' Data Management and Change Management Framework and Maturity Strategy/Roadmap.
- Partner with key business stakeholders to identify and assess risks and controls across Cloud Technology, AI/ML, Cyber Security, Change Management, and Data Management. Develop and improve Risk and Control Matrix (RCM) pursuant to CSS business objectives, regulatory requirements, NIST, SOC, COBIT, DCAM, ITIL and other industry risk and control frameworks.
- Identify Technology and Cybersecurity Gaps or deficiencies and provide guidance aligned to industry best practices and regulatory requirements relative to remediation of inadequate controls, as necessary, from a second line Risk Management perspective.
- Continually improve the team's visibility into the security posture of Technology and Cloud infrastructure; provide associated data and risk records as appropriate.
- Conduct Assurance reviews of issues/remediation efforts within technology/information security, as needed, prior to closure.
- Identify risks around changes to the environment that may require modified and new controls within information security/management providing risk and control considerations for new business initiatives and/or existing process enhancements.
- Work directly with front-line management to provide guidance relative to prioritization of on-going risk mitigation/remediation and other key activities related to data management, change management, information security, and technology Risk Management.
- Work directly with Internal Audit, Compliance, and Regulatory agencies to foster open communication and transparency.
QUALIFICATIONS
Education
- A bachelor's degree from an accredited 4-year college or university in Information Technology, Computer Science, Engineering, or related discipline.
- Preferred candidate has certification(s) relative to technology platforms, industry standards, and environments in Data Management Capability Assessment Modeling - DCAM (preferred, but not required), change management (ITIL), and other Risk Management disciplines.
- Preferred Certifications: Cloud (i.e., AWS, CCAK, etc.), Information Security/Cybersecurity (i.e., CISSP CISM, CCSP, CRISC, or CGEIT), Artificial Intelligence/Machine Learning.
- Active participation and/or presenter in data management, change management, technology, information security and Risk Management conferences, webinars, and related activities. Ensure current awareness and competency regarding technology risk, information security/cloud, information management risk threat landscapes, effective Risk Management practices/standards, and Risk Management tools/solutions.
Minimum Experience
Minimum 8 years of senior level experience in technology, information security, change management, data management and operational Risk Management.
- Applicants must be authorized to work in the US without requiring employer sponsorship currently or in the future. CSS does not offer H-1B sponsorship for this position.
Specialized Knowledge & Skills
- Demonstrated analytical skills and experience working in and/or with Technology, Information Security/Incident Management, Data Management Capability Assessment Model (DCAM), Change Management, and related teams.
- Thorough technical understanding of security products, including Collibra data intelligence cloud, web filtering, next generation antivirus/ endpoint protection, and vulnerability management tools.
- Demonstrated experience with security best practices and Risk Management operating in cloud environments such as AWS (required), GCP and Azure (nice to have), and in other 3rd party SAAS platforms.
- Demonstrated ability to work with multi-disciplined, cross-functional teams, taking ownership of deliverables and driving assigned tasks to timely completion.
- Strong written and verbal communication and negotiation skills, with the ability to manage multiple concurrent responsibilities and tasks.
- Demonstrated ability to effectively communicate with various levels of the organization.
- Demonstrated knowledge of and experience working with the NIST, SOC, COBIT 5, ITIL, DCAM (preferred), and other relevant industry standards and frameworks.
Pay Range $181,250 to $208,500
CSS's pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) a candidate's qualifications, skills, competencies, and experience, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law. CSS offers a competitive total compensation package, which includes a performance bonus, 401k match, healthcare coverage, PTO, and a broad range of other benefits.
Employment
As a condition of employment with Common Securitization Solutions, any successful job applicant will be required to successfully complete a background investigation, which may also include a credit check for positions in some areas of our business.
Common Securitization Solutions is an Equal Opportunity Employer.
Employment Type: FULL_TIME