VP Information Security

PENNYMACPennymac (NYSE: PFSI) is a specialty financial services firm with a comprehensive mortgage platform and integrated business focused on the production and servicing of U.S. mortgage loans and the management of investments related to the U.S. mortgage market.At Pennymac, our people are the foundation of our success and at the heart of our dynamic work culture. Together, we work towards a unified goal of helping millions of Americans achieve aspirations of homeownership through the complete mortgage journey.A Typical DayThe Vice President Enterprise Risk Management will act as the process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. As the VP, Enterprise Risk Management (Supporting IT Infrastructure and SOC-2), you will be responsible for two key areas: 1) overseeing technology risk within our IT Infrastructure domain area and 2) leading the SOC-2 effort for a key product within Pennymac. As a key member of the 2nd Line of Defense, you will play a pivotal role in ensuring the effectiveness of our control environment through testing, supporting compliance initiatives for internal and regulatory audits, and defining or modifying policies and procedures as needed. This position requires a strong understanding of IT infrastructure, SOC-2 criteria and reporting, risk management principles, a keen eye for detail, and the ability to collaborate effectively across various teams.The VP Enterprise Risk Management will:Serve as a member of the 2nd Line of Defense, identifying, assessing, and monitoring technology risks associated with IT infrastructure processes.Collaborate with IT Infrastructure leadership to provide comprehensive governance and support for technology risks, issues, and the lifecycle of policies and procedures.Perform controls testing activities with a focus on Information Security and the software development and release process against established policies, procedures, and controls to ensure adherence, effectiveness, and identify areas for improvement.Use in-depth knowledge of SOX compliance, SOC-2 reporting, privacy laws and IT security, as well as strong customer skills, to serve as the SOC-2 subject matter expert.Provide expert guidance and support to development and operations teams on integrating risk management principles into daily operations and new projects including risk reporting, remediation plans, and follow-up on action items.Develop and oversee risk assessments based on Pennymac's ERM framework.Stay current with emerging technology risks, regulatory changes, and industry trends related to cloud infrastructure, data management, and cybersecurity.Demonstrates behaviors which are aligned with the organization's desired culture and values.Perform other related duties as required and assigned.What You'll BringBachelor's Degree from an accredited college or equivalent work experience6+ years of relevant work experience in IT, Compliance, Risk and/or AuditExtensive, hands-on experience in SOC-2 assessments and the generation of SOC-2 reports.Proven experience in technology risk management, internal controls, or IT audit roles.Strong understanding of risk assessment methodologies and control frameworks.Strong knowledge of relevant regulations and reporting standards (e.g., NYDFS, GLBA, NIST CSF, CRI Profile, CCPA, SOC 2, various financial/sector-specific regulations).Practical experience with and strong understanding of AWS cloud technologies and security services.Demonstrated ability to develop, implement, and maintain IT policies and procedures.Excellent analytical, problem-solving, and decision-making skills.Must be a team player with strong attention to detail and able to work independently.Ability to manage multiple priorities and meet deadlines in a fast-paced environment.Strong analytical thinking, process management and quality control.Excellent critical thinking, problem solving, and sound judgment.Exceptional written and verbal communication skills, with the ability to articulate complex risk concepts to both technical and non-technical audiences.Strong business acumen and ability to interface with executive management.Must be highly proficient in GSuite or Microsoft Excel, Word, and PowerPoint.Why You Should JoinAs one of the top mortgage lenders in the country, Pennymac has helped over 4 million lifetime homeowners achieve and sustain their aspirations of home. Our vision is to be the most trusted partner for home. Together, 4,000 Pennymac team members across the country are guided by our core values: to be Accountable, Reliable and Ethical in all that we do.Pennymac is committed to conducting business that makes positive contributions and promotes long-term sustainable growth and to fostering an equitable and inclusive environment, where all employees and customers feel valued, respected and supported.Benefits That Bring It Home:Comprehensive Medical, Dental, and VisionPaid Time Off Programs including vacation, holidays, illness, and parental leaveWellness Programs, Employee Recognition Programs, and onsite gyms and cafe style dining (select locations)Retirement benefits, life insurance, 401k match, and tuition reimbursementPhilanthropy Programs including matching gifts, volunteer grants, charitable grants and corporate sponsorshipsTo learn more about our benefits visit: https://pennymacnews.page.link/benefitsFor residents with state required benefit information, additional information can be found at: https://www.pennymac.com/additional-benefits-informationCompensation:Lower in range – Building skills and experience in the roleMid-range – Experience and skills align with proficiency in the roleHigher in range – Experience and skills add value above typical requirements of the roleSome roles may be eligible for performance-based compensation and/or stock-based incentives awarded to employees based on company and individual performance.Salary$95,000 - $155,000Work ModelOFFICEJ-18808-Ljbffr