Senior Associate, GRC; Governance, Risk Compliance

Senior Associate, GRC (Governance, Risk, & Compliance)

446 Wrenplace Rd, Fort Mill, SC 29715, USA •

1601 Utica Ave S, St Louis Park, MN 55416, USA •

Posted Monday, November 3, 2025 at 6:00 AM

The Senior Associate - Governance, Risk, and Compliance will be responsible for the overall design, implementation, and management of the company's enterprise-wide Information Security GRC program.

• Design, implement, mature, and manage the end-to-end Information Security GRC program, ensuring alignment with the overall business strategy and risk tolerance.
• Serve as the primary owner and internal champion for the annual SOC 2 Type II audit, coordinating all evidence collection, internal readiness reviews, auditor interactions, and managing the Statement on Controls (SOC) response process.
• Ensure and document continuous compliance with relevant financial services and mortgage industry regulations (e.g., GLBA, Sarbanes‑Oxley (SOX) IT General Controls (ITGC), FFIEC, etc.).
• Develop, maintain, and enforce comprehensive information security policies, standards, and guidelines that address regulatory requirements and industry best practices (e.g., NIST, ISO 27001).
• Act as the primary liaison for all internal and external security audits and regulatory examinations, ensuring timely, accurate, and professional responses.
• Develop and manage a robust process for tracking, validating, and reporting on the remediation of audit findings and control deficiencies.
• Monitor the regulatory landscape (e.g., CFPB, HUD, state regulations, SEC, etc.) for changes impacting the organization, translating those changes into actionable GRC program requirements.
• Oversee the Information Security Risk Management lifecycle, including risk identification, analysis, assessment, treatment, monitoring, and communication.
• Define and manage the security components of the Third‑Party Risk Management program, including due diligence, contract reviews, and continuous monitoring of critical vendors.
• Manage internal and external security risk assessments (e.g., Penetration Tests, Vulnerability Assessments) and track remediation efforts to closure.
• Prepare and present GRC program status, key risk indicators (KRIs), and compliance metrics to the CISO and other Executive Leadership.

• Bachelor’s degree or equivalent in Computer Science, Information Systems Management, Information Technology or other related discipline preferred.
• 5+ years of progressive experience in Information Security, IT Audit, or GRC within a heavily regulated industry.
• Deep, demonstrable expertise in financial services and/or mortgage servicing regulations (e.g., FFIEC, GLBA, CFPB, HUD, SOX ITGC).
• Experience managing a successful SOC 2 Type II audit from preparation through final report issuance.
• Proven experience in designing and implementing an enterprise‑level risk management framework (e.g., NIST RMF, ISO 27005).
• CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), or CISSP (Certified Information Systems Security Professional)

• Medical / Dental / Vision Insurance
• Life / Disability Insurance
• 401(k) with company matching
• Generous Vacation / Paid Time Off (accrual based)
• Targeted Compensation: $130,000‑$170,000

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job:

• The employee is regularly required to talk or hear.
• The employee is required to sit for extended periods of time and is occasionally required to stand and walk.
• The employee must regularly use hands to finger, handle, or feel objects and is regularly required to reach with hands and arms; the employee may occasionally climb or balance, and stoop, kneel, crouch, or crawl.
• The employee must…