• VP, Enterprise Risk Management - Technology - Agoura Hills

  • Job Description


    Overall responsibility for designing, staffing and managing governance and compliance responsibilities for Information Technology including Risk Assessment, Policies, Monitoring and any associate remediation.  Manage first line responsibilities including Audit Support, Information Security, Access Management support, QA, and ITGC Monitoring.  Establish policies framework for IT, identify all gaps and bring the IT documentation into compliance in accordance with PennyMac corporate standards. Provide IT related support to the Operations Committee.

    Job Description

    • Overall responsibility for managing Governance and Compliance for Information Technology (IT Infrastructure as well as Application Development)
    • Work with IT Infrastructure leadership team as well as the Application Development leadership to enhance IT risk management activities with a focus on Information Security and the Application Development software development process:
    • Establish list of processes that define the IT domain,
    • Develop Risk Assessments based on PennyMac’s ERM framework,
    • Develop corporate and division policies necessary to mitigate Risk Assessment and Risk Report exposures,
    • Serve as Division Policy Owner to maintain compliance with the established Corporate Policies and Procedures
    • Assist in the development of IT Infrastructure and Application Development QA,
    • Develop QC routines for IT Infrastructure and Application Development with a focus on Information Security and the Application Development software development and release process.
    • Coordinate monitoring requirements with Internal Audit, and ensure linkage of Risk KPIs to Performance Evaluation
    • Serve as first line of defense to ensure that IT policies, processes and procedures are followed.
    • Use in-depth knowledge of SOX compliance, privacy laws and IT security, as well as strong customer skills, to serve as the SOX/SOC-1/2 subject matter expert
    • Develop and lead an IT Governance and Compliance Subcommittee which shall be a part of the Operations Committee
    • Provide IT related support to the Operations Committee including Risk Reporting, remediation plans, and follow-up on action items
    • Manage a team of staff responsible for Information Technology governance and compliance
    • Performs other related duties as required and assigned
    • Demonstrates behaviors which are aligned with the organization’s desired culture and values

    Ideal Candidate will have the following:

    • Bachelor’s Degree from an accredited college
    • 7+ years of relevant work experience
    • Must have CISSP certification
    • Strong Knowledge of IT Infrastructure and Applications Development in the Financial Services Industry
    • Strong Knowledge of Information Security
    • Strong Knowledge of SOX, SOC-1/2 as well as other regulatory requirements
    • 4+ years of specific experience in Risk Management activities in the IT domain
    • Familiarity with SOX, CFPB, FNMA, FHMLC, and state examination requirements
    • Strong leadership skills as evidenced by an ability to function independently and prioritize work
    • Must be a team player with strong attention to detail and able to work independently
    • Proven track record at delivering timely and accurate information in a fast-paced environment
    • Excellent critical thinking, problem solving skills and sound judgment

    Strong business acumen and ability to interface with executive management

    Years of Experience:



    Bachelor's Degree
    Contact Information