Cyber Risk Intern Intern 200132
Technology & Operations – Information Security and IRM
Ellie Mae is the leading cloud-based platform provider for the mortgage finance industry. Ellie Mae’s technology solutions enable lenders to originate more loans, reduce origination costs, and reduce the time to close, all while ensuring the highest levels of compliance, quality and efficiency. Visit EllieMae.com to learn more.
Ellie Mae is looking for a bright, passionate and dedicated individual to join our Information Security Governance, Risk and Compliance (GRC) team. This individual would be responsible to contribute to the overall cyber risk efforts and would play a key role in maintaining and continuing to enhance the cyber risk framework for Ellie Mae. This will include working closely with our Sr. Director, GRC and Staff, GRC Manager to develop and perform cyber risk assessments. This is a junior position and will have opportunity working across multiple security disciplines, organization functions and departments.
Primary Responsibilities & Objectives
- Assess cyber risks of technology assets in production environments and under development
- Map cyber threats, controls, frameworks
- Evaluate effectiveness of cyber controls
- Develop cyber risk dashboard reporting
- Query development and analysis with AD Audit and AD Manage tools, as needed
- Maintaining GRC foundations, as required and as related to cyber risk, which may include performing logical access reviews; documenting process flows; validating remediation activities; performing risk assessments of security exceptions; maintaining risk register, control library, and technology asset list; generating periodic management reports.
- Ability to script in python, Ruby, perl, or develop SQL, MS Access queries if required for cyber risk automation.
- Serve as a resource cross-functionally to share risk and controls insight and best practices with other teams.
- Learn and implement next generation cloud security practices to protect Company's public and private cloud infrastructure.
- Evangelize security and controls throughout the enterprise and drive changes needed to respond to emerging threats.
- Able to automate the security toolkits with automation tools like Jenkins, terraform, Jfrog, other repositories.
Qualifications, Skills and Education
- Good understanding of information security, risk, and compliance
- Technical aptitude, a desire to learn, and a strong interest in security governance, risk and compliance is required
- Knowledge of NIST Cybersecurity Framework, NIST Privacy Framework, NIST Risk Management Framework, ISO 27001/2 Standards, CObIT, Cloud Security Alliance, Center for Internet Security Critical Security Controls
- Good MS Office Skills
- Excellent written and communication skills
- Strong work ethic, self-starter, ability to work in a fast paced, team-oriented environment
- Strong organizational skills
- 1+ years working in a UNIX/Linux environment, preferable but not required
- 1+ years working in a Microsoft environment
Ellie Mae is an equal opportunity and affirmative action employer. Women, minorities, people with disabilities, and veterans are encouraged to apply.
We do not accept resumes from headhunters, placement agencies, or other suppliers that have not signed a formal agreement with us.