Information Security & Audit Coordinator
Who we are:
Shellpoint Mortgage Servicing (SMS) is America’s 8th-largest third-party mortgage servicing company. What is mortgage servicing? Businesses that own mortgage loans (such as banks and real estate investment firms) contract with us to manage (or "service") their loan portfolios, including collecting homeowners’ mortgage payments, paying homeowners’ tax and insurance bills, and helping homeowners in default to get current once again.
The Information Security Coordinator position is an advanced level position that serves to oversee all aspects of the servicing division’s Information Security, audit response and functions, and P&P’s regarding security, access control, etc. Acts as an owner of the relationship between SMS and our Security vendors. Coordinates and provides audit responses for Client, SOX, & SOC I reports. Controls and executes all information security including internal and third-party systems access. Contributes to the oversight Business Continuity & Disaster Recovery.
- Manage and own all aspects of information Security in the Mortgage Servicing business unit which includes perimeter, operating system, and applications; ensuring all are secure from internal and external threats
- Coordinate all technical reviews for client, regulatory, and control and audit reporting to appropriate parties on strict timelines, including SOX, SOC I, etc.
- Oversee evidencing and provide verbal and written responses for all IT audits and reviews
- Work directly with Information Security vendor to ensure all controls and security measures are in place and are effective
- Update and maintain all IT P&P’s for Information Security & other IT governance, working with the IT departmental owner to ensure proper governance
- Conduct all periodic access control reviews in an evidencable manner
- Ensure all key IT controls are tracked in an evidencable manner, including internal and third party access control re
- Respond to Information Security requests and inquiries from internal associates and external third parties
- Prepare annual BIA with business leaders and perform quarterly reviews and reporting to management
- Contribute to Business Continuity and Disaster Recovery plans, test company’s BC and DR plans on at least an annual basis
- Create and monitor and present to management all information security related reports, KPI’s and other relevant information relating to the company’s information security from the SIEM and other sources
- Perform and oversee periodic application, perimeter and internal audits on physical and information security
- Work with IT leadership to Manage and prioritize all security projects, tracking them to ensure timeliness and that the budgets remain as forecasted.
- Build, monitor and forecast annual budget for the Information Security program.
- Plan, manage, and perform upgrades, deployments, user and system administration for Information Security systems
- Work with the Training group as necessary to administer, modify and improve our company-wide information security training program
- Provide off-hours support and installations as required
- Other tasks and responsibilities as assigned by management
- 7-15 years of experience creating, operating and maintaining a comprehensive information security program at an enterprise level
- 7-15 years of experience creating, maintaining, and owning audit support and audit response programs for an enterprise
- Significant experience with overseeing and managing mission critical technology vendors
- Proficient knowledge with enterprise information security systems & SIEM systems, securing core business applications, securing web technologies, securing core technology infrastructure
- Ability to manage many projects and tasks simultaneously
- Excellent written, oral and interpersonal communication skills
- Passion for and expertise in identifying and solving Information Security challenges
- Strong sense of urgency in responding to and correcting security threats and issues
- Dedicated focus on client and homeowner satisfaction balancing that with strong financial performance
- Demonstrated ability to learn quickly
- Demonstrated ability to prioritize and remain focused in a dynamic, fast paced and sometimes stressful environment
- Demonstrated ability to multi-task and resolve issues in a timely manner
- College or University degree in Information Security, MIS, Computer Science, Information Technology, Software Engineering, Computer Engineering, related field. Substantial industry experience may be considered in place of the educational requirements