Senior Associate, GRC (Governance, Risk, & Compliance)

The Senior Associate - Governance, Risk, and Compliance will be responsible for the overall design, implementation, and management of the company's enterprise-wide Information Security GRC program.

Responsibilities

• Design, implement, mature, and manage the end-to-end Information Security GRC program, ensuring alignment with the overall business strategy and risk tolerance.
• Serve as the primary owner and internal champion for the annual SOC 2 Type II audit, coordinating all evidence collection, internal readiness reviews, auditor interactions, and managing the Statement on Controls (SOC) response process.
• Ensure and document continuous compliance with relevant financial services and mortgage industry regulations (e.g., GLBA, Sarbanes-Oxley (SOX) IT General Controls (ITGC), FFIEC, etc.).
• Develop, maintain, and enforce comprehensive information security policies, standards, and guidelines that address regulatory requirements and industry best practices (e.g., NIST, ISO 27001).
• Act as the primary liaison for all internal and external security audits and regulatory examinations, ensuring timely, accurate, and professional responses.
• Develop and manage a robust process for tracking, validating, and reporting on the remediation of audit findings and control deficiencies.
• Monitor the regulatory landscape (e.g., CFPB, HUD, state regulations, SEC, etc.) for changes impacting the organization, translating those changes into actionable GRC program requirements.
• Oversee the Information Security Risk Management lifecycle, including risk identification, analysis, assessment, treatment, monitoring, and communication.
• Define and manage the security components of the Third-Party Risk Management program, including due diligence, contract reviews, and continuous monitoring of critical vendors.
• Manage internal and external security risk assessments (e.g., Penetration Tests, Vulnerability Assessments) and track remediation efforts to closure.
• Prepare and present GRC program status, key risk indicators (KRIs), and compliance metrics to the CISO and other Executive Leadership.

Qualifications

Required :

Desired :

All full-time employees of Two Harbors and its subsidiary companies are eligible for our benefits which include :

Physical Demands & Working Conditions

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job :

About RoundPoint Mortgage Servicing LLC

RoundPoint Mortgage Servicing LLC is a fully integrated, non-bank mortgage company, with a subservicing portfolio of approximately 900,000 loans. In 2023, RoundPoint was acquired by Two Harbors Investment Corp. (NYSE : TWO), reaffirming its commitment to MSR as core and essential to our business strategy and our future. A combined Two Harbors and RoundPoint capitalizes on the strengths of both companies, adding significant value for stakeholders through operational and cost efficiencies, as well as the ability to participate more fully in the mortgage finance space as opportunities arise.

Founded in 2009, Two Harbors has grown into a leading publicly traded residential mortgage real estate investment trust (mortgage REIT). We leverage our core competencies of understanding and managing interest rate and prepayment risk to invest in our Agency residential mortgage-backed securities (RMBS) and mortgage servicing rights (MSR) portfolio, with the objective of delivering attractive risk-adjusted returns to our stockholders.

Location

Employee Status

Travel