Who We Are

At Newrez, we bring big thinkers and caring doers together to make home happen. We’re a team built on heart and hustle, united by a commitment to show up for our customers, our communities, and each other. We believe that when our people thrive, homeowners thrive - and that’s why we invest in your growth, wellbeing, and ability to make an impact.

Every day, we work to exceed the expectations of our residential mortgage borrowers and business partners through superior service, simple processes, and clear communication. We do this by empowering our employees, encouraging innovative solutions and recognizing great performance.

The Technology Compliance Analyst is a contributor within the Information Security organization, serving as a facilitator for IT and security related audits and compliance activities. This role is a hybrid of auditor, security operations awareness, and security engineering/architecture input, with primary emphasis on audit facilitation, stakeholder communication, and audit readiness rather than hands on tool administration. The position acts as a central liaison between auditors, technical teams, control owners, and leadership, ensuring audit requirements are clearly understood, evidence is well organized, and audit outcomes are communicated effectively. This role will be focused on SOC 2 compliance.

Essential Functions, Duties, and Responsibilities

• Serve as a point of contact for internal and external auditors supporting SOX, SOC, SOC 2, and other regulatory or assurance engagements. 
• Facilitate communication between auditors, Information Security, IT, and business stakeholders to ensure consistent understanding of audit scope and expectations. 
• Coordinate the end-to-end audit lifecycle, including planning, walkthrough scheduling, evidence collection, follow up, and issue closure. 
• Assist in developing, implementing, and executing the organization’s IT and security compliance program. 
• Identify audit issues, documentation gaps, and control weaknesses, including approvals, segregation of duties, and evidence sufficiency concerns. 
• Support root cause analysis discussions and guide stakeholders toward practical, risk appropriate remediation actions. 
• Track audit findings, management responses, and remediation commitments through completion. 
• Prepare clear, concise audit status updates, summaries, and executive level communications. 
• Support leadership with audit narratives, management responses, and clarification of control intent. 
• Assist control owners and performers in understanding compliance expectations and evidence standards. 
• Provide input to align Information Security and IT policies, standards, and procedures with audit and regulatory requirements. 
• Promote consistency, quality, and repeatability in audit documentation and evidence collection processes. 
• Evaluate IT and security controls across on premises and cloud environments to assess audit impact and readiness. 
• Apply working knowledge of security architecture, cloud platforms, and security tooling to contextualize audit requirements and discussions. 
• Participate in architecture or design discussions as needed to assess control alignment and audit implications, without owning technical implementation. 
• Develop and maintain high quality audit documentation, control narratives, and support artifacts. 
• Support the development of audit related metrics and reporting to monitor program effectiveness and risk trends. 
• Escalate unresolved audit or compliance concerns using established governance processes. 
• Ability to effectively and accurately convey information to others.
• Perform related duties as assigned by management. 

Qualifications and Education Requirements:

• Bachelor’s degree in computer science, Information Systems, Information Assurance, or equivalent professional experience. 
• 2-4 years of experience in IT audit, IT compliance, information security, or regulatory assurance roles. 
• Demonstrated experience supporting SOX, SOC, and security related audits in complex environments. 
• Strong understanding of IT and security control environments and audit methodologies. 
• Professional certifications such as CISA, CISSP, CRISC, CGEIT, GRCP, or similar preferred or in progress. 

Skills, Abilities, and Knowledge:

• Strong knowledge of IT and security controls, governance concepts, and audit practices. 
• Ability to operate effectively as an audit facilitator and liaison, rather than a handson security operator. 
• Working knowledge of security architectures, cloud environments, and common security technologies sufficient to support audit discussions. 
• Excellent written and verbal communication skills, including the ability to present complex topics to executive audiences. 
• Strong organizational skills with the ability to manage multiple audit activities and deadlines simultaneously. 
• High attention to detail while maintaining the ability to synthesize information into clear audit narratives. 
• Ability to influence and coordinate across technical and business teams without direct authority. 
• Sound judgment in identifying risk, prioritizing issues, and supporting remediation discussions. 

Work Environment and Physical Requirements:

• Working on-site at assigned office location.
• Regular and punctual attendance adhering to schedule established by leadership.
• Flexibility to work occasional adjusted work schedules, overtime, and evening and/or weekend hours to meet deadlines or as business needs demand.
• Working in a cubicle hub, maintaining focus on phone calls in a noisy environment within earshot of multiple other conversations.
• Sedentary work in a stationary position at a cubicle for prolonged periods of time.
• Constant repetitive motions required for operating a computer, such as typing and managing phone calls.
• Constantly communicating effectively verbally in English, including accurately exchanging information with others following identification of correct procedures.

Additional Information:

While this description is intended to be an accurate reflection of the position’s requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

All employees are required to have smart phones that meet Company security standards with the ability to install apps such as Microsoft Authenticator. Employment will be contingent on this requirement.

Why Newrez

We’re a great place to work because we invest in what matters: your career, your community, your wellbeing, and your future. Our total rewards package is designed to support your whole self.

Company Benefits:

We offer benefits, programs, and perks that support you in every aspect of your life.

• Medical, dental, and vision insurance

• Health Savings Account with employer contribution

• 401(k) Retirement plan with employer match

• Paid Maternity Leave/Parental Bonding Leave/Caregiver Leave

• Adoption Assistance

• Tuition & Certification reimbursement

• Employee Mortgage Loan Program

• The Newrez Employee Emergency and Disaster Fund is a program to support our team members experiencing hardships

Newrez NOW:

Through Newrez NOW, our Corporate Social Responsibility program, you’ll have opportunities to give back, lead, and make a difference.

• 1 company-paid Volunteer Time Off day (with over 40,000 volunteer hours contributed since our inception)

• Matching Gifts Program - dollar-for-dollar up to $1,000

• Access to grants, nonprofit resources, and volunteer opportunities

• More than $6,000,000 donated since 2020

• 1 in 5 employees participates in at least one Employee Resource Group (ERG)
  

Equal Employment Opportunity 

We're proud to be an equal opportunity employer- and celebrate our employees' differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. Different makes us better.

CA Privacy Policy

CA Notice at Collection