Sr. GRC Manager 201791

Pleasanton, CA /
Technology & Operations – Information Security and IRM /
Full time
Ellie Mae is the leading cloud-based platform provider for the mortgage finance industry. Ellie Mae’s technology solutions enable lenders to originate more loans, reduce origination costs, and reduce the time to close, all while ensuring the highest levels of compliance, quality and efficiency. Visit ‪ to learn more.

Ellie Mae’s Cybersecurity Risk team is seeking a Sr. Cybersecurity Risk Manager that possesses sound leadership, collaboration and communications skills, and the ability to effectively influence senior management team & key stakeholders:

    • Viewed as a technical SME in the area of IT and cybersecurity risk, compliance and controls.  Further viewed as a consultative business partner by client groups
    • Participates in the establishing the cybersecurity risk strategic plans and organizational objectives including the annual risk assessment process and implementation of the annual plan
    • Oversight responsibility for multiple projects. Provides flexible alternatives to manage multiple ongoing projects
    • Exercises judgment regarding planning, risk assessments, resourcing and completion of objectives on projects
    • Delivery focused, willingness to perform and manage all tasks required to complete the job and meet deadlines, including administrative and documentation oriented tasks
    • Provides guidance to the cybersecurity risk team on criteria for decision making for both risk and compliance processes
    • Discusses and follows-up on audit findings to client groups effectively; responsible for completion and follow-up of audit and examiners issues
    • Responsible for assisting on projects and potentially in the organization; Reviews the work of others for compliance with generally accepted standards
    • Takes the lead in developing working relationships with members of other functional teams within Ellie Mae. Also takes initiative to proactively communicate across functions and the enterprise to understand challenges facing Ellie Mae
    • Applies knowledge of business strategies and operations to proactively anticipate business needs and for execution of Cybersecurity Risk tasks
    • Understand the business; thinks like a business leader and knows how the identified risks results fit into the business.

Skills Recommended:

    • Ability to build and cultivate strong relationships and be seen as a valued business partner
    • Capable of working with teams and commit to deadlines, fostering a positive work environment; Strong team player, capable of dealing with complex issues IT infrastructure and applications
    • Ability to effectively handle controversial situations and negotiations with client groups
    • Exhibits solid influence, communication, collaboration and presentation skills
    • Demonstrates strong knowledge of security risk identification, analysis, assessment, and mitigation within business
    • Expert knowledge and experience in IT, security, and cloud or technical operations processes such as Cobit, SOX IT, PCI, FFIEC, SOC 2, CIS CSC, NIST, FedRAMP, and ISO principles
    • Demonstrates detailed knowledge in specific areas of cybersecurity, information security, risk assessments, IT general controls and cloud controls
    • Ability to identify appropriate data analytics activities to support the team
    • Ability to plan ahead for upcoming audit tasks and works with the Director(s) to ensure key tasks are scheduled timely
    • Ability to actively manage competing deliverables to meet business commitments and partners' expectations
    • Workday and SFDC knowledge


    • BA/BS degree with 8 - 10 years of security risk management, compliance and/or audit experience
    • Obtained and maintained a professional certification (CISA, CISSP, CISM etc.)

Ellie Mae is an equal opportunity and affirmative action employer. Women, minorities, people with disabilities, and veterans are encouraged to apply.

We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.