×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Business Analyst

IT Controls Engineer

Job in Plano, Collin County, Texas, 75086, USA
Listing for: loanDepot
Full Time position
Listed on 2026-01-05
Job specializations:
  • IT/Tech
    Cybersecurity, IT Business Analyst
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

Position Summary

Responsible for supporting initiatives that provide reasonable assurance that IT risks are effectively identified, assessed, managed, and reported across the enterprise. Ensures execution of Risk and Control Self-Assessments (RCSA), control testing, issue management, and risk reporting activities in alignment with the organization’s governance framework. Supports the implementation and ongoing enhancement of Service Now IRM and demonstrates a strong understanding of end-to-end Governance, Risk, and Compliance (GRC) frameworks and processes.

Assists in monitoring compliance with internal policies, regulatory obligations, and industry standards to strengthen the organization’s overall control environment. This position ensures the performance of all duties in accordance with the company’s policies and procedures, and all U.S. state and federal laws and regulations wherein the company operates.

Responsibilities
  • Execute IT RCSA by coordinating with control owners to identify, assess, and document key risks, controls, and residual risk ratings.
  • Support ongoing IT risk management by maintaining the Risk Register, performing risk assessments across processes, applications, and infrastructure, and monitoring changes in risk exposure.
  • Track and validate remediation of issues and findings from RCSA, audits, and assessments; collaborate with issue owners to define corrective action plans and ensure timely resolution.
  • Generate and maintain risk reports, dashboards, and metrics for management and governance committees, ensuring data integrity and traceability within the system of record (e.g., Service Now IRM).
  • Apply knowledge of GRC and IT control frameworks (NIST CSF, ISO 27001, COBIT, FFIEC CAT, GLBA/NYDFS) to ensure consistent alignment of assessments, controls, and reporting.
  • Support internal and external audit activities by providing control documentation, evidence, and status updates.
  • Identify and recommend process and tool enhancements to improve efficiency, automation, and overall GRC program maturity in collaboration with IT, Security, Data, and Risk partners.
Requirements
  • Bachelor’s degree in information systems, Computer Science, Cybersecurity, or a related field required; equivalent experience may be considered.
  • 3–5 years of experience in IT Risk Management, IT Controls, IT Audit, or GRC functions within financial services or a technology-driven organization.
  • Hands-on experience with Service Now IRM or other GRC platforms, including risk, control, and issue management; UCF integration experience preferred.
  • Experience performing RCSA, control testing, and issue management, with familiarity in frameworks such as NIST CSF, ISO 27001, COBIT, FFIEC CAT, and GLBA/NYDFS.
  • Working knowledge of data analytics and SQL scripting to support control testing and risk reporting.
  • Professional certifications such as CRISC, CISA, CISSP, or ITIL Foundation preferred.
  • Demonstrates knowledge of, adherence to, monitoring, and responsibility for compliance with applicable regulatory and framework requirements including NIST CSF, ISO 27001, COBIT, FFIEC CAT, and GLBA/NYDFS Part 500.
  • Demonstrates knowledge of IT Risk Management and Governance principles, including execution of RCSA, identification of key risks and controls, and assessment of residual risk exposure.
  • Demonstrates hands‑on experience performing control testing, including evidence collection, validation of control design and operating effectiveness, and documentation of results.
  • Demonstrates understanding of core IT control domains, including but not limited to, access management, change management, configuration management, asset management, backup and recovery, vulnerability management, network security and operations, SDLC, product management, and data management.
  • Demonstrates proficiency in data analytics and SQL scripting to extract, analyze, and validate data supporting risk assessments, control testing, and issue verification activities.
  • Demonstrates experience maintaining and reporting on IT Risk Registers, metrics, and dashboards that communicate risk posture, control performance, and issue remediation progress.
  • Demonstrates practical experience…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search