Information Security - Risk Analyst (SOC-2)

PENNYMAC

Pennymac (NYSE : PFSI) is a specialty financial services firm with a comprehensive mortgage platform and integrated business focused on the production and servicing of U.S. mortgage loans and the management of investments related to the U.S. mortgage market.

At Pennymac, our people are the foundation of our success and at the heart of our dynamic work culture. Together, we work towards a unified goal of helping millions of Americans achieve aspirations of homeownership through the complete mortgage journey.

A Typical Day

We are seeking a highly motivated and experienced Technology Risk Analyst to join our IT Risk and Compliance team. In this critical role, you will be responsible for overseeing technology risk within our Cybersecurity domain area. As a key member of the 1st Line of Defense, you will play a pivotal role in developing and maintaining robust policies and procedures, ensuring the effectiveness of our control environment through quality assurance, and supporting our compliance initiatives spanning internal and regulatory audits and SOC2 examinations. This position requires a strong understanding of risk management principles, a keen eye for detail, and the ability to collaborate effectively across various teams.

The Technology Risk Analyst will :

• Design and execute comprehensive QA controls testing against established policies and procedures, across the technology environment to validate the effectiveness of security controls and identify control deficiencies.
• Act as a proactive member of the 1st Line of Defense, identifying, assessing, and monitoring technology risks associated with cybersecurity processes.
• Lead and coordinate all regulatory examinations, investor questionnaires, and internal / external audits (including SOX / SOC compliance) for the Cybersecurity domain, acting as the primary liaison and ensuring comprehensive evidence submission
• Perform technology vendor risk assessments and due diligence reviews to evaluate third-party security posture and adherence to organizational policies and regulatory standards.
• Support and maintain the Cybersecurity Policy and Procedure framework, ensuring alignment with industry best practices, regulatory requirements (e.g., SOC 2, ISO 27001, NIST CSF), and organizational risk tolerance.
• Manage the policy exception process, reviewing, analyzing, and documenting all requests for exceptions to security policies, ensuring appropriate compensating controls and risk acceptance are in place.
• Develop and oversee Cyber Risk Assessments based on Pennymac's ERM framework.
• Stay current with emerging technology risks, regulatory changes, and industry trends related to cybersecurity.

What You'll Bring

Required :

Highly Desired :

Education & Experience :

Why You Should Join

As one of the top mortgage lenders in the country, Pennymac has helped over 4 million lifetime homeowners achieve and sustain their aspirations of home. Our vision is to be the most trusted partner for home. Together, 4,000 Pennymac team members across the country are guided by our core values : to be Accountable, Reliable and Ethical in all that we do. Pennymac is committed to conducting a business that makes positive contributions and promotes long-term sustainable growth and to fostering an equitable and inclusive environment, where all employees and customers feel valued, respected and supported.

Benefits That Bring It Home : Whether you're looking for flexible benefits for today, setting up short-term goals for tomorrow, or planning for long-term success and retirement, Pennymac's benefits have you covered. Some key benefits include :

To learn more about our benefits visit :

For residents with state required benefit information, additional information can be found at :

Compensation : Individual salary may vary based on multiple factors including specific role, geographic location / market data, and skills and experience as defined below :

Some roles may be eligible for performance-based compensation and / or stock-based incentives awarded to employees based on company and individual performance.

#TPO

Salary

$95,000 - $155,000

Work Model

REMOTE