Senior Technology Risk Analyst

About the role

At Newrez, we bring big thinkers and caring doers together to make home happen. We're a team built on heart and hustle, united by a commitment to show up for our customers, our communities, and each other. We believe that when our people thrive, homeowners thrive - and that's why we invest in your growth, wellbeing, and ability to make an impact. Every day, we work to exceed the expectations of our residential mortgage borrowers and business partners through superior service, simple processes, and clear communication. We do this by empowering our employees, encouraging innovative solutions and recognizing great performance. POSITION SUMMARY: The Senior Technology Risk Analyst is responsible for supporting the organization's risk governance direction and elevating the company's overall risk posture. The Senior Technology Risk Analyst is expected to manage and mature the enterprise risk register and drive high‑quality risk assessments across new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems and emerging technologies to ensure risks are accurately identified, assessed, documented, and monitored. The role oversees the business' risk and compliance obligations mandated by regulatory standards such as the Gramm‑Leach‑Bliley Act (GLBA) and Sarbanes‑Oxley Act (SOX). In partnership with security leadership, the analyst continuously evaluates the assurance of the risk management program. The Senior Technology Risk Analyst tracks remediation progress validates the accuracy of risk entries and enforces resolution of outstanding issues that may lead to non‑compliance or security threats. The analyst must focus on risk governance and corporate resiliency and not be driven solely by compliance. Essential Functions, Duties, and Responsibilities Conduct enterprise‑wide, ongoing risk identification and risk assessments in tandem with compliance and security teams. Maintain full oversight and administration of the enterprise risk register within the GRC platform. Identify strengths and weaknesses in the risk and security program as they relate to security, business resiliency, and compliance frameworks. Document, formulate, and enforce areas of risk‑related improvement that balance business operations with appropriate risk reduction. Maintain strong oversight of third‑party, vendor, and business‑partner risks and update the risk register to reflect identified issues or required remediation. Analyze and assess risk findings and document, recommend, and report program gaps and risk trends to security leadership. Monitor current and proposed regulatory, privacy, and security changes and ensure associated risks are captured within the risk register. Apply GRC expertise across key lines of business to ensure consistent and accurate risk scoring, control mapping, and risk treatment planning. Define qualitative and quantitative metrics to assess the success of the risk program and provide regular reports to security and business leadership. Ensure teams maintain up‑to‑date documentation for systems, controls, and processes that support the risk assessment lifecycle. Participate in incident response by documenting incident‑related risks, tracking occurrences, and ensuring proper closure within the risk register. Work in tandem with security, audit, and risk management leadership to perform ongoing assessments of the risk program and contribute to annual strategic initiatives. Attend and actively participate in change and project management meetings to identify new or evolving risks. Ability to effectively and accurately convey risk‑related information to stakeholders at all levels. Performs related duties as assigned by management. Qualifications and Education Requirements: Bachelor's degree in computer science, a related field, or equivalent industry experience. Holds one or more relevant industry certification. At least 7+ years' experience in cybersecurity, compliance, or risk management with strong exposure to risk assessment methodologies. Experience and understanding of regulatory requirements and laws including, but not limited to SOX, SOC, and GLBA. Additional experience in CRI or NIST frameworks. Preferred experience with cloud environments such as AWS and Microsoft Azure. Skills, Abilities, and Knowledge: Strong business acumen and risk management skills with the ability to align risk governance with business operations. Exceptional written and verbal communication skills with proven ability to translate risk and security concepts to all levels of the business. Ability to understand both legacy and modern technologies and evaluate risk impacts accordingly. Working knowledge of incident response, system configuration, vulnerability management, and hardening guidelines as they relate to risk identification and evaluation. Demonstrated problem‑solving capability and ability to manage complex, cross‑functional risk requi