VP Information Security

PENNYMAC

Pennymac (

NYSE:

PFSI) is a specialty financial services firm with a comprehensive mortgage platform and integrated business focused on the production and servicing of U.S. mortgage loans and the management of investments related to the U.S. mortgage market. At Pennymac, our people are the foundation of our success and at the heart of our dynamic work culture. Together, we work towards a unified goal of helping millions of Americans achieve aspirations of homeownership through the complete mortgage journey. A Typical Day The Vice President Enterprise Risk Management will act as the process owner for all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. As the VP, Enterprise Risk Management (Supporting IT Infrastructure and SOC-2) , you will be responsible for two key areas: 1) overseeing technology risk within our IT Infrastructure domain area and 2) leading the SOC-2 effort for a key product within Pennymac. As a key member of the 2nd Line of Defense, you will play a pivotal role in ensuring the effectiveness of our control environment through testing, supporting compliance initiatives for internal and regulatory audits, and defining or modifying policies and procedures as needed. This position requires a strong understanding of IT infrastructure, SOC-2 criteria and reporting, risk management principles, a keen eye for detail, and the ability to collaborate effectively across various teams. The VP Enterprise Risk Management will : Serve as a member of the 2nd Line of Defense, identifying, assessing, and monitoring technology risks associated with IT infrastructure processes. Collaborate with IT Infrastructure leadership to provide comprehensive governance and support for technology risks, issues, and the lifecycle of policies and procedures. Perform controls testing activities with a focus on Information Security and the software development and release process against established policies, procedures, and controls to ensure adherence, effectiveness, and identify areas for improvement. Use in-depth knowledge of SOX compliance, SOC-2 reporting, privacy laws and IT security, as well as strong customer skills, to serve as the SOC-2 subject matter expert. Provide expert guidance and support to development and operations teams on integrating risk management principles into daily operations and new projects including risk reporting, remediation plans, and follow-up on action items. Develop and oversee risk assessments based on Pennymac's ERM framework. Stay current with emerging technology risks, regulatory changes, and industry trends related to cloud infrastructure, data management, and cybersecurity. Demonstrates behaviors which are aligned with the organization's desired culture and values. Perform other related duties as required and assigned. What You'll Bring Bachelor's Degree from an accredited college or equivalent work experience 6+ years of relevant work experience in IT, Compliance, Risk and/or Audit Extensive, hands-on experience in SOC-2 assessments and the generation of SOC-2 reports. Proven experience in technology risk management, internal controls, or IT audit roles. Strong understanding of risk assessment methodologies and control frameworks. Strong knowledge of relevant regulations and reporting standards (e.g., NYDFS, GLBA, NIST

CSF, CRI

Profile, CCPA, SOC 2, various financial/sector-specific regulations). Practical experience with and strong understanding of AWS cloud technologies and security services. Demonstrated ability to develop, implement, and maintain IT policies and procedures. Excellent analytical, problem-solving, and decision-making skills. Must be a team player with strong attention to detail and able to work independently. Ability to manage multiple priorities and meet deadlines in a fast-paced environment. Strong analytical thinking, process management and quality control. Excellent critical thinking, problem solving, and sound judgment. Exceptional written and verbal communication skills, with the ability to articulate complex risk concepts to both technical and non-technical audiences. Strong business acumen and ability to interface with executive management. Must be highly proficient in GSuite or Microsoft Excel, Word, and PowerPoint. Why You Should Join As one of the top mortgage lenders in the country, Pennymac has helped over 4 million lifetime homeowners achieve and sustain their aspirations of home. Our vision is to be the most trusted partner for home. Together, 4,000 Pennymac team members across the country are guided by our core values: to be Accountable, Reliable and Ethical in all that we do. Pennymac is committed to conducting a business that makes positive contributions and promotes long-term sustainable growth and to fostering an equitable and inclusive environment, where all employees and customers feel valued, respected and supported.

Benefits That Bring It Home:

Whether you're looking for flexible benefits for today, setting up short-term goals for tomorrow, or planning for long-term success and retirement, Pennymac's benefits have you covered.

Some key benefits include:

Comprehensive Medical, Dental, and Vision Paid Time Off Programs including vacation, holidays, illness, and parental leave Wellness Programs, Employee Recognition Programs, and onsite gyms and cafe style dining (select locations) Retirement benefits, life insurance, 401k match, and tuition reimbursement Philanthropy Programs including matching gifts, volunteer grants, charitable grants and corporate sponsorships To learn more about our benefits visit: https://pennymacnews.page.link/benefits For residents with state required benefit information, additional information can be found at: https://www.pennymac.com/ additional-benefits

• information

Compensation:

Individual salary may vary based on multiple factors including specific role, geographic location / market data, and skills and experience as defined below: Lower in range

• Building skills and experience in the role Mid-range
• Experience and skills align with proficiency in the role Higher in range
• Experience and skills add value above typical requirements of the role Some roles may be eligible for performance-based compensation and/or stock-based incentives awarded to employees based on company and individual performance. Salary $95,000
• $155,000 Work Model OFFICE