As the Information Security - GRC Team Leader at United Wholesale Mortgage (UWM), you will spearhead information security initiatives aimed at minimizing risks and maximizing compliance across the organization. You will lead a team responsible for assessments, audit fulfillment, risk remediation, and governance of business data and records. Your strategic oversight will be critical to key programs including Business Continuity/Disaster Recovery, IT Risk Management, Third Party Risk Management, Data Governance, Security Awareness and more.

This role will monitor performance of various GRC Programs, drive specific initiatives, and foster a culture of security awareness through effective coaching and leadership. You will ensure that all planning, coordination, and execution of work assignments align with the strategic priorities established by the Information Security Team Lead.

Key Responsibilities

• Cybersecurity Compliance: Oversee the development and implementation of comprehensive cybersecurity compliance programs within the IT department that align with industry standards and regulatory requirements. Regularly assess compliance status and facilitate audits to ensure adherence to relevant laws and regulations, including IT laws and regulations.
• Cybersecurity Awareness: Foster a culture of security awareness within the IT department by developing and delivering training programs that educate employees on cybersecurity best practices, data privacy, and compliance obligations. Establish ongoing professional development opportunities for team members to stay current with GRC trends and technologies.
• Business Continuity and Disaster Recovery: Manage the IT department’s business continuity planning and disaster recovery efforts. Ensure that plans are regularly updated, tested, and effectively communicated to minimize disruption during unforeseen events.
• Data Governance and Privacy: Enhance data governance frameworks within the IT department to ensure data integrity, security, and compliance with regulations. Collaborate with stakeholders to document data privacy requirements and implement processes for effective data management, ensuring that data privacy practices are integrated into governance strategies.
• Third-Party Risk Management: Lead the third-party risk management program within the IT department, establishing evaluation criteria and remediation processes. Conduct regular assessments of vendors and service providers to identify and mitigate risks associated with third-party relationships, ensuring ongoing compliance through regular reviews.
• Cyber Insurance: Oversee the IT department’s cyber insurance policies, ensuring coverage aligns with the risk profile and compliance requirements. Manage claims and liaise with insurance providers to address any incidents effectively.
• IT Risk Management: Develop and maintain a robust IT risk management framework that identifies, assesses, and mitigates risks associated with information technology and security in the IT department. Conduct regular risk assessments to identify potential vulnerabilities and prepare detailed risk reports for senior leadership.
• Artificial Intelligence Regulation: Stay informed about emerging regulations and best practices related to artificial intelligence that impact the IT department, ensuring strategies align with compliance requirements and ethical considerations.
• State and Federal Audits: Facilitate state and federal audits and regulatory reviews within the IT department, ensuring all necessary documentation and evidence are prepared and available. Collaborate with regulatory bodies to address findings and implement necessary changes.
• Incident Response Management: Develop and manage the incident response plan, ensuring the IT department is prepared to respond effectively to security incidents. Conduct post-incident reviews to identify lessons learned and areas for improvement.
• Policy Development and Management: Lead the creation, review, and maintenance of security and compliance policies across the IT department, ensuring they are up-to-date and reflect the current regulatory landscape.
• Monitoring and Metrics: Implement continuous monitoring mechanisms for compliance and risk management activities, utilizing key performance indicators (KPIs) to assess the effectiveness of GRC initiatives.
• Regulatory Change Management: Monitor changes in regulations and standards that may impact the IT department, leading initiatives to adapt policies and practices accordingly.
• Stakeholder Engagement: Engage with stakeholders to ensure their concerns are addressed in the GRC framework and promote a collaborative approach to compliance and risk management.
• Ongoing Improvement: Continuously evaluate and refine policies, processes, and frameworks within the IT department to align with organizational changes, emerging trends, and best practices in cybersecurity, data governance, and risk management.

Must Have Qualifications:

• Bachelor’s Degree in Information Technology, Computer Science, Information Security, or a related field.
• Preferred certifications include CISA, CISSP, CISM, GSEC, BCP, CGRC, or other relevant information security credentials.
• Proven experience in IT compliance, risk management, cybersecurity policy analysis, and audit-related activities.
• Proficient in managing system development processes, end-user computing controls, cloud systems, infrastructure management, and information security practices.
• In-depth knowledge of security and compliance standards such as CIS, NIST, GDPR, GLBA, CCPA, 23 NYCRR 500, IRS 1075, and more.
• Excellent communication skills with the ability to articulate complex concepts effectively.
• Strong analytical and critical thinking abilities.
• Self-directed and capable of independent work while managing multiple concurrent projects.
• Eagerness to learn new technologies and a demonstrated ability to identify potential process improvement opportunities.
• Onsite presence is required.

Ready to join thousands of talented team members who are making the dream of home ownership possible for more Americans? It’s all happening on UWM’s campus, where our award-winning workplace packs plenty of perks and amenities that keep the atmosphere buzzing with energy and excitement.

 

It’s no wonder that out of our six pillars, People Are Our Greatest Asset is number one. It’s at the very heart of how we treat each other, our clients and our community. Whether it’s providing elite client service or continuously striving to improve, our pillars provide a pathway to a more successful personal and professional life.

 

From the team member that holds a door open to the one that helps guide your career, you’ll feel the encouragement and support on day one. No matter your race, creed, gender, age, sexual orientation and ethnicity, you’ll be welcomed here. Accepted here. And empowered to Be You Here.

 

More reasons you’ll love working here include:

• Paid Time Off (PTO) after just 30 days
• Additional parental and maternity leave benefits after 12 months
• Adoption reimbursement program
• Paid volunteer hours
• Paid training and career development
• Medical, dental, vision and life insurance
• 401k with employer match
• Mortgage discount and area business discounts
• Free membership to our large, state-of-the-art fitness center, including exercise classes such as yoga and Zumba, various sports leagues and a full-size basketball court
• Wellness area, including an in-house primary-care physician’s office, full-time massage therapist and hair salon 
• Gourmet cafeteria featuring homemade breakfast and lunch
• Convenience store featuring healthy grab-and-go snacks
• In-house Starbucks and Dunkin
• Indoor/outdoor café with Wi-Fi

All the above duties and responsibilities are essential job functions subject to reasonable accommodation and change. All job requirements listed indicate the minimum level of knowledge, skills and/or ability deemed necessary to perform the job proficiently. Team members may be required to perform other or different job-related duties as requested by their team lead, subject to reasonable accommodation. This document does not create an employment contract, implied or otherwise. Employment with UWM is "at-will." UWM is an Equal Opportunity Employer. By selecting “Apply for this job online” you provide consent to UWM to record phone call conversations between you and UWM to be used for quality control purposes.