Lead the development and maintenance of security policies and guidelines in alignment with regulatory requirements. Socializes policy changes to subject matter experts and line of business.Assist in the development of control documents with Security Architects for applications being governed.Ensure scheduled control checks for Information Technology, Information Security, and line of business defined controls are tracked and reported against.Perform IT risk assessments to evaluate risks and compensating controls and participates in enterprise-level risk assessments. Prepare formal written reports on governance, risk, and compliance.Oversee IT regulatory reviews, internal audits, and SOX testing.Effectively communicate IT issues and risks to management both verbally and in writing. Coordinates and evaluates acceptable management responses and follows-up to ensure corrective actions have been implemented.Create detailed project plans and tracking documents to track a project from start to finish and automates where possible.Play a key role in drafting and communicating issues related to projects/request to the business unit, management, and technical staff. Supports policy exception process, reviews, and approvals.Create documentation related to projects to ensure they are properly communicated to the field and Help Services.Generate reports on assessment findings and summarize them to facilitate remediation tasks.Study existing information processing systems to evaluate effectiveness of controls.Direct, coordinate, and review work of others to develop, test, implement, and modify projects.Provide mentoring, guidance, and training to staff by providing feedback, reviewing documentation, supervising work, and addressing/resolving problems.

Managing vendor security assessment reviews in support of Vendor Risk Mgmt. Program.Ensure compliance with applicable corporate and divisional policies, procedures, along with State and Federal laws related to IT security & data privacy and recommend changes where needed.Identify new compliance requirements from vendors, clients, and government agencies, and work with the security team to implement appropriate practices.Complete assessments and questionnaires from third party vendors and clients about Alliant’s IT security and data privacy policies.Partner with Alliant’s information security organization in conducting security and vulnerability assessments to ensure compliance with corporate security policies and adherence to best practices. Assist in prioritizing vulnerability assessments.Participate in annual audits (SOC2, HITRUST, HIPAA, NIST, ISO) and ad hoc compliance audit requests.Identify and raise awareness of potential risks, while proposing mitigation strategies.Handle client situations in a professional business manner with an emphasis on customer satisfaction, while keeping the customer updated on expectations, problem status, and completion.Assist with system implementation related control requirements associated with mergers and acquisitions and system upgrades.Develop, document, and implement new processes and procedures which improve the department's ability to provide "World Class" client service.

Establish effective working relationships with internal and external customers, maintain employer confidentiality, communicate and present technical subjects effectively both orally and in writing. As an IT Compliance Analyst, I assist in its efforts to ensure that the company is operating within required guidelines that safeguard the enterprise from control deficiencies, regulatory gaps, and reputational risk. Coordinate with its corporate parent company’s IT department, the Compliance Department, internal corporate audit, and external auditors for all requests for information and documentation.• Financial Service contact for internal and external IT audit requests• Mortgage/Title contact for state and federal audit requests• Maintain FS IT Vendor Risk assessments• Implement FS Information Security’s IT training for DHI Financial and parent Company• Prepare the NPPI IT testing and checklist presented to ISP (Information Security Program) committee on a quarterly basis• Verify Monthly/quarterly and Annual user reviews• IT Third Party Risk reviews• Update IT Security Policies as needed annually• Participate in Investor Security Reviews

• Facilitate ISO 27001 meetings with Domestic and International stakeholders• Utilize the RSA Archer to manage Internal Audit Site Security Compliance Assessment questionnaire• Engage Audit firms for contract procurement renewals • Regulatory Requirement Mapping: Translate complex regulations into clear, easily understood regulatory requirements and desired outcomes, - Map customer and regulatory requirements across information security framework to identify overlapping requirements and compliance efficiencies• Monitoring Compliance: Track customer and regulatory compliance and maintain up-to-date records of requirements and corresponding mitigating controls, - Work with the Policy and Standards Team when policies need to be updated or created• Cross-Functional Collaboration: Working across business unit and geographical boundaries to engage team members required• Work with Domestic and International Sites on Business Continuity and Recovery Plans

• Prepare domestic sites for a successful unqualified opinion for a SOC I, II, III or MUSL audit• Govern Audit Best Practices to ensure jurisdictional compliance • Perform post review and lessons learned for continual improvement • Maintain ISO 9001/14001 certifications through bi-annual internal audits• Trained employees for ISO compliance standards• Updated and create Domestic Best Practices • Review all major incident tickets in Crystal reports• Facilitate major incident review meetings to determine root cause and lessons learned to be delivered to Top Management