GRC SECURITY ANALYST

As a GRC Security Analyst, you will serve as a fully qualified, experienced professional responsible for ensuring Clear Capital adheres to all relevant security standards, regulations, and policies within the highly regulated mortgage lending and appraisal industry. You will play a critical role in maintaining our Governance, Risk, and Compliance (GRC) posture. Working independently with review at critical points, you will assess unusual circumstances, identify root causes using sophisticated analytical techniques, and devise creative solutions to complex compliance issues. You will help to coordinate internal and external security audits, define audit scopes, act as an organizational representative for information security compliance, and effectively adapt your communication style to influence and advise internal and external partners.

Monitoring and enforcing compliance with critical security frameworks (such as NIST CSF, NIST RMF, ISO 27001/27002, SOC 2, ISO 42001) and industry-specific regulations (such as GLBA, CCPA, GDPR) pertinent to the financial services and real estate valuation sectors.

Conducting comprehensive risk assessments of diverse scope to identify security vulnerabilities, evaluating the effectiveness of existing controls, and resolving a wide range of issues using judgment and interpretation.

Developing, maintaining, and adapting security policies, procedures, and guidelines in alignment with industry best practices, client contractual requirements, and mortgage lending regulatory standards.

Leading preparation and participation for internal and external security audits, adapting existing approaches to resolve audit findings based on limited information and precedent.

Enhancing relationships with cross-functional teams to develop and implement remediation plans for identified security gaps and weaknesses.

Evaluating the security posture of third-party vendors and assessing their compliance with contractual security requirements to protect sensitive financial and property data.

Maintaining accurate records of compliance activities, findings, and remediation efforts, creating comprehensive reports for management, clients, and regulatory authorities as needed.

Defining qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.

Staying abreast of emerging security threats, technologies, and regulatory changes in the financial and real estate tech space.

Other relevant duties as assigned.

A minimum of 5 years of related experience in GRC, security compliance, or risk management roles with a Bachelor’s degree; or 3 years and a Master’s degree; or equivalent work experience.

Complete knowledge and full understanding of relevant security frameworks and standards (e.g., NIST CSF, SOC 2, ISO 27001, ISO 42001) and data privacy regulations (GLBA, GDPR, CCPA).

Relevant industry certifications: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Artificial Intelligence Governance Professional (AIGP), or equivalent.

Sophisticated analytical and problem-solving skills, with the ability to assess diverse, unusual, and complex security issues and develop effective solutions independently.

Strong communication and interpersonal skills, with a proven ability to persuade differing audiences and advise senior stakeholders on difficult compliance matters.

Familiarity with GRC technologies (i.e., Vanta, Drata, OneTrust, etc.), risk assessment tools, and practices specific to maintaining data integrity and confidentiality in the financial services or appraisal management industry.

Detail-oriented focus on accuracy and thoroughness in documentation, reporting, and policy formulation.

Commitment to maintaining the highest standards of confidentiality, integrity, and professionalism.

Capacity to understand legacy and progressive technology and security controls along with respective risks. Working knowledge of technologies such as cloud computing, DevOps, and application security is required.

Advanced proficiency in utilizing spreadsheets for comprehensive data analysis, audit metric tracking, and complex compliance reporting.

Compensation: The base salary for this position ranges from $114,000 to $139,000 annually, depending on your location, experience, and qualifications. Additional compensation offerings include company profit-sharing bonus program, communication stipends, and referral bonuses.

Inclusive benefits package offering:

Comprehensive medical, dental, and company paid vision insurance, 401(k) retirement plan with employer match, voluntary life and AD&D insurance options, voluntary supplemental insurances for accident, critical illness, and legal services, paid time off (PTO) and paid holidays, employee assistance and wellness programs, company paid short term disability coverage, company contributions to health saving funds (with participation in the high deductible health plan). We offer company paid access to Galileo for virtual primary care and Rula for virtual mental health resources.

Through our Anniversary Program, we celebrate the meaningful milestones and long tenure that reflect how much we value your contributions and commitment to our team.

Career and skill development resources to help advance your career and personal growth.

A mission-driven environment where your work makes a measurable impact on the real estate industry.

Clear Capital is a national real estate valuation technology company with a simple purpose: build confidence in real estate decisions to strengthen communities and improve lives. Our goal is to provide customers with a complete understanding of every U.S. property through our field valuation services and analytics tools, and improve their workflows with our platform technologies. Our commitment to excellence — wherever it leads, whatever it takes® — is embodied by team members.

 

Clear Capital is an equal opportunity employer.

 

To all recruitment agencies: Clear Capital does not accept agency resumes. Please do not forward resumes to our jobs alias, Clear Capital employees, or any other company location. Clear Capital is not responsible for any fees related to unsolicited resumes.