United States, California, Loan Officer jobs
EY Chief Information Security Officer CISO - US Government & Pu... United States, Virginia, Arlington
Share
Responsibilities
- The successful candidate will work with GPS engagement teams, supporting functions, and EY’s Client Technology and Global Information Security organizations to develop and maintain a security and compliance program across all environments, platforms and applications used or desired for use by GPS. Responsibilities include:
- Strategy, Governance and Risk Management
- Development and execution of a multi‑year cybersecurity strategy and investment roadmap aligned to business objectives and federal contract requirements.
- Development, management and maintenance of the GPS IT security risk management policy and/or procedural documentation mapped to NIST SP 800-37 (RMF), NIST SP 800‑53, NIST SP 800‑171, NIST SP 800‑161 (C‑SCRM), and NIST SP 800‑218 (SSDF)
- Ownership of the enterprise risk assessment (ERA), business impact analysis (BIA), and security metrics; present posture and material risk to the COO on a recurring cadence.
Defense Industrial Base Compliance (Classified & Unclassified)
- Manage GPS compliance with DFARS 252.204-7012, 252.204-7020, and 252.204-7021. This includes:
- Leading DFARS/CMMC readiness and ongoing compliance.
- Serving as the Affirming Official (AO) and maintaining an accurate SPRS self‑assessment score with defensible Plans of Action and Milestones (POAMs).
- Achieving and maintaining CMMC certification at level 2.
- Overseeing management and maintenance of POAMs.
- Ensure systems operated for the government are designed properly and assessed against the appropriate requirements such as FedRAMP, Cloud Computing Security Requirements Guide, IRS 1075, and MARS-E.
- Ensure safeguarding and incident reporting obligations for CUI (e.g., DFARS 252.204‑7012 72‑hour reporting) are met; coordinate with DC3/DIBNet and affected customers when necessary.
- Oversee NISPOM compliance for classified systems; partner with FSO to achieve and maintain Authorizations to Operate (ATOs).
- Ensure proper handling of export‑controlled data (ITAR/EAR).
- Prepare for and lead Program through contractually required assessments and customer audits; keep evidence, policies, configurations, and logs audit‑ready.
- Respond to government inspections or audits in coordination with EY Information Security and Risk Management.
Secure Cloud, Identity & Enterprise Platforms
- Own security architecture and controls for Azure Government (Azure Gov) and Microsoft 365 GCC High tenants, including Conditional Access, PIM/PAM, encryption, logging/retention, and data governance for CUI.
- Implement Zero Trust principles across identity, endpoints, networks, and workloads; drive continuous verification and least‑privilege.
- Deploy and operate EDR/XDR, SIEM/SOAR, DLP, CASB/SSE/SASE, MDM, key management/HSM, and vulnerability/configuration management at scale.
- Oversee user authorization process and ongoing attestation of user authorization and access.
- Assist to resolve GPS practitioners’ access or other issues with Enclave environments.
- Ongoing development, coordination and sustainment of Information Security Continuous Monitoring (ISCM) Program across all applications within the environment.
DevSecOps & Secure SDLC
- Establish a software security program aligned to NIST SSDF (SP 800‑218) and EO 14028 expectations; integrate security into SDLC across GitHub and Azure DevOps.
- Govern AppSec tooling and policy: SAST (e.g., Checkmarx), DAST (e.g., Qualys/AppScan), SCA/OSS (e.g., Mend), IaC/container/K8s scanning, and Wiz/Wiz Code; enforce build‑time gates and remediation SLAs.
- Require SBOM generation, artifact signing/provenance (e.g., SLSA targets), and secrets management across all repositories and pipelines.
Detection, Response & Resilience
- Develop, manage and maintain GPS incident response program.
- Lead SOC and CSIRT functions: 24×7 monitoring, threat intelligence, purple/red‑team exercises, and executive tabletop drills.
- Maintain and test the Incident Response Plan and Cyber Crisis Playbook, including regulatory/customer communications and forensics preservation.
Effective Business Integration
- Ensure development of fit-for-purpose solutions that support the business activities.
- Manage integration of Firm applications into the GPS Enclave environment.
- Understand and facilitate communication of EY’s IT disaster recovery and business continuity plans to GPS clients, potential clients and engagement teams (including engagement team responsibilities).
- Augment existing Client Security Assurance reviews of data protection requirements contained in RFPs/RFQs to adequately respond, and assist in development of GPS client security and data protection (confidentiality) plans.
- Monitor regulatory or other developments in INFOSEC principles, regulatory requirements and leading practices.
Leadership, Team and Budget
- Role model a leadership style that brings infrastructure, application and cybersecurity professionals together to collaborate constructively on the design, implementation and operation of controls.
- Build and mentor a high‑performing organization spanning Policy/GRC, AppSec/DevSecOps, Security Engineering/Architecture, SOC/IR, and Third‑Party & Supply‑Chain Risk.
- Own the cybersecurity budget and vendor portfolio; rationalize tools and services for value, performance, and compliance.
- Participate in purchasing and enhancement of third-party tools for GPS.
- Augment and potentially streamline existing Vendor Supplier Risk Assurance Program during evaluation of subcontractor compliance with applicable cybersecurity and data protection clauses.
- Drive a security‑first culture: ongoing training, phishing simulations, secure coding education, and leadership engagement including data protection and awareness and role-based training programs.
- Coordinate and respond to annual (or more frequent) independent risk assessments and cyber security reviews.
Qualifications:
- 12+ years of progressive cybersecurity leadership, including 5+ years at the enterprise or business‑unit executive level.
- 5+ years FISMA related experience
- Bachelor’s degree in IT-related field or bachelor’s degree in non-IT related field with a total of 10 years of information security experience
- Master’s degree preferred
- Ability to obtain and maintain Top Secret clearance
- US citizenship required
- Must have government sector experience
- Thorough knowledge and understanding of:
- FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems
- DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting
- NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
- GSAM 552.239-70, Information Technology Security Plan and Security Authorization, 552.239-71, Security Requirements for Unclassified Information Technology Resources and similar clauses in agency FAR supplements
- FISMA
- Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework
- Proven experience in the Defense Industrial Base with DFARS/CMMC and NIST SP 800‑171 implementation and audits (including POA&M and SPRS management).
- Experience with FEDRAMP compliance authorization and monitoring
- Deep expertise securing Azure Government and Microsoft 365 GCC High environments
- Experience working with other Government cloud communities, including AWS
- Experience working with classified environments, achieving/maintaining ATOs, overseeing classified systems under NISPOM and DoD RMF, and working understanding of SCIF operations
- Knowledge and experience with vulnerability scanning execution, assessment, and analysis
- Knowledge and experience of networks, including LAN and WAN
- Knowledge and experience with application security, database security, and network security
- Experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines
- Hands‑on leadership of DevSecOps and software security programs covering GitHub/Azure DevOps/Jenkins with SAST/DAST/SCA, IaC/container security, SBOMs, and supply‑chain controls.
- Demonstrated analytical, problem-solving, organizational, interpersonal and communication skills required.
- The ability to collaborate effectively with diverse stakeholders, including client-facing, legal, finance and contracting teams, executives, engineers, customers and assessors on a wide variety of tasks, as needed.
- Ability to foster professionalism and demonstrate integrity and confidentiality in all actions.
- Ability to demonstrate flexibility when required, sense urgency, organize and prioritize work, and achieve against tight deadlines.
- The ability to interpret and communicate regulatory requirements related to cybersecurity and data protection.
- Possession of excellent written/verbal communications skills.
- Possession of excellent analytical skills, including strict attention to detail.
- Ability to assess and weigh current and evolving security threats in an operational environment
- Possession of Information Systems Security Professional certification (CISSP)
- Certifications such as CISSP, CISM, CCISO, CCSP, CRISC, CISA, PMP, and relevant GIAC credentials preferred
What we offer you
- We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $235,700 to $466,700. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $282,900 to $530,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
- Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year.
- Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
These jobs might be a good fit
EY Data Governance Risk Compliance Officer United States, New York, New York
Share
: Associate-National-SaT-SaT - TCF - Capital and Debt Advisory - Mumbai
SaT - TCF - Capital and Debt Advisory :
Whether clients are preserving, optimizing, raising or investing, our Connected Capital Solutions (CCS) are our five go-to-market offerings that help drive competitive advantage and increased returns through improved decision-making. The CCS include Strategy, Corporate Finance, Buy and Integrate, Sell and Separate and Reshaping Results, and are underpinned by our Connected Capital Technologies.
Technical Excellence
- Conducting in-depth financial analysis and identifying key areas of concern
- Developing tailored strategies to address financial and operational challenges
- Collaborating with stakeholders, including lenders, investors, and management, to facilitate negotiations
- Monitoring key performance indicators and reporting progress to clients and senior management
- Assisting in the preparation of improvement plans and business recovery models
- Drive PMO for fast-track strategy implementation
Qualification
- Educational qualifications: Chartered Accountant (CA) or Master of Business Administration (MBA) from a reputed institution
- Strong technical skills – Corporate Finance
- Strong analytical and problem-solving skills
- Proficient in excel business modelling, BI tools
- Excellent communication and stakeholder management abilities
- Ability to think and drive next steps
- Willingness to travel
Experience
- Experience: 3-6 years of relevant experience in corporate
People with the ability to work in a collaborative manner to provide services across multiple client departments while following the commercial and legal requirements. You will need a practical approach to solving issues and complex problems with the ability to deliver insightful and practical solutions. We look for people who are agile, curious, mindful, and able to sustain positive energy, while being adaptable and creative in their approach.If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.
These jobs might be a good fit
Bank Of America Wealth Management Lending Officer United States, Maryland, Towson
Share
Job Description:
Merrill is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.
This job is responsible for developing and maintaining a network of business relationships that serve as a recurring source of referrals for new mortgage lending opportunities from Bank of America Merrill Financial Advisors. Key responsibilities include responding to customer inquiries and referrals, conducting interviews with prospective borrowers, determining customer financing objectives, and advising customers of product/pricing policies and guidelines, while maintaining regulatory and compliance requirements of the Line of Business. This position is subject to SAFE Act registration requirements. Pursuant to the SAFE Act requirements, all employees engaged in residential loan mortgage originations must register with the federal registry system and remain in good standing. Since this position requires SAFE Act registration, employees are required to register and to submit to the required SAFE Act background check and registration process. Failure to obtain and/or maintain SAFE Act registration may result in disciplinary action up to and including termination.
Responsibilities:
- Manages prospecting clients and the initial structuring processes, while determining customer financial objectives and lending needs
- Negotiates with the client on lending terms, preparing deal justification and related documentation, and advising on related policies and guidelines
- Maintains a network of relationships to drive business referrals for lending opportunities
- Works directly with clients through final loan approval and closing as necessary and ensures data quality of client and deal information
- Provides guidance to effectively challenge and influence the strategic direction and tactical approaches of priority decisions
- Maintains thorough knowledge of lending programs, policies, procedures, and regulatory requirements and understands the suite of Wealth Management products and services to support business requirements
- Manages multiple tasks and sets priorities in line with the bank's overall strategy and prioritization
Required Experience/Skills:
- Minimum 5 years first mortgage origination experience, or a minimum 3 years mortgage origination experience with an additional two years of experience in the financial services industry.
- Has significant experience building relationships with clients.
- Has a working knowledge of federal regulations governing real estate lending.
- Can build and maintain solid referral base (that is, strong community involvement/ties, established relationship with assigned Merrill financial advisors).
- Strong computer skills including Microsoft applications and previous experience using laptop technology for communication purposes including accessing rate, credit and loan status information.
- Takes ownership, accountability and can demonstrate integrity.
- Understands processing, underwriting and/or closing procedures.
- Self-motivated and highly organized.
- Effective communication skills.
- Prioritizes multiple competing tasks.
Preferred Experience/Skills
- Demonstrated success in prospecting, generating leads, closing business and consistently meeting/exceeding production goals.
- Strong background in credit solutions, ranging from standard to custom mortgage products and other securities-based lending.
- A bachelor’s degree in business or related field experience.
High School Diploma / GED / Secondary School or equivalent
1st shift (United States of America)These jobs might be a good fit
Dell Information Systems Security Officer ISSO Nellis Airforce Ba... United States, Nevada, Las Vegas
Share
in(onsite at Nellis Air Force Base).
What you’ll achieve
As an, you’ll play a key role in maintaining the cybersecurity posture of systems used in Test and Evaluation (T&E) activities.
You will:
Focus on daily cybersecurity operations, ensuring that systems are operated, maintained and secured in accordance with established policies and procedures
Generate reports for System Administrator (SysAdmin) and Information Systems Security Engineering (ISSE) implementations
Essential Requirements:
Active Department of Defense (DoD) Top Secret (TS) Security Clearance; Security+ Certification
Expertise in:
DoD’s National Institute of Standards and Technology (NIST) Risk Management Framework (Categorization, Control Selection, Implementation, Assessment, Authorization and Continuous Monitoring)
IT Service Management and common DoD governance to include Axelos Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technologies (COBIT), The Open Group Architecture Framework (TOGAF) and ISO/IEC 20000
Tenable Security Center for vulnerability assessment, compliance scanning, reporting and analysis with familiarity of Nessus and Nessus Network Monitor
Experience with:
hardening client, server, appliance, network and storage systems; Security Content Automation Protocol (SCAP) tools i.e., OpenSCAP, Security Technical Implementation Guide (STIG) Viewer, Security Content Automation Protocol (SCC), Evaluate-STIG; applying technical controls; participating in audit/remediation and Risk Management Framework (RMF) processes
developing, modifying and interpreting core compliance artifacts to include System Security Plan (SSP), Plan of Action and Milestones (POA&M) and Security Assessment Report (SAR)
administering security standards and directives e.g. NIST RMF/CSF/SP 800‑53, DoDI 8500.01/8510.01, DoDD 8570/8140, JSIG and NISPOM
utilizing Security Information and Event Management (SIEM) tools i.e., Splunk, McAfee/Trellix ESM, VMware vRealize Log Insight for log collection, analysis, reporting and integration with HBSS/VA systems
container i.e., Docker, Kubernetes, Red Hat OpenShift, Podman and orchestration i.e., Ansible, Puppet, Chef tools and technologies
creating, managing and deploying patches using Microsoft Endpoint Configuration Manager (ECM) andSystem Center Configuration Manager (SCCM)
configuration management and applying best practices, local policies and program governance to streamline review and approval processes
managing incident responses in classified environments, including security violations, malware outbreaks, unauthorized access and escalations
identifying, filtering, assessing and planning remediation for common vulnerabilities and exposures
Familiarity with:
McAfee/Trellix Endpoint Security Solutions including offline air-gapped definition updates, policy management, agent deployment and troubleshooting
VMware ESXi, vSphere, vRealize LogInsight, Omnissa’s Horizon for Virtual Desktop Infrastructure; understanding of cybersecurity challenges in virtualized environments
Excellent interpersonal, written and verbal skills to be able to influence and interact with confidence and credibility at all levels within the Dell Technologies companies, customers, partners and vendor
Desirable Requirements:
Bachelor’s or master’s degree
These jobs might be a good fit
Bank Of America Community Lending Officer - Riverside United States, California
Share
This job is responsible for managing the end-to-end consumer mortgage referral requests primarily for Low to Moderate Income (LMI) clients in underserved markets. Key responsibilities include connecting with internal and external centers of influence (i.e. financial center partners, realtors, etc.) to originate mortgage transactions, identifying relationship deepening opportunities with clients, and facilitating the loan process from application to close. Job expectations include providing home buyer education via workshops and contacting with clients and partners virtually or in-person. This position may be responsible for the provision of residential mortgage loans, and as such, is subject to SAFE Act registration requirements. Pursuant to the SAFE Act requirements, all employees engaged in residential mortgage loan originations must register with the federal registry system and remain in good standing. Since this position requires SAFE Act registration, employees are required to register and to submit to the required SAFE Act background check. Failure to obtain and/or maintain SAFE Act registration may result in disciplinary action up to and including termination.
Responsibilities:
- Originates loans from multiple internal and external referral sources
- Understands the local Affordable Housing Market, Housing Assistance Programs, and experience, providing thoughtful lending solutions and guidance to Low to Moderate Income and First Time Homebuyers
- Achieves production goals as defined by the business
- Maintains a quality network of business relationships that serve as a recurring source of referrals for new mortgage lending opportunities
- Provides exceptional customer service including maintaining thorough knowledge of lending programs, policies, procedures, and regulatory requirements
- Conducts monthly Home Buyer Workshops and Business Development meetings
Required Qualifications:
- 2+ years of experience in loan originations and/or home buyer education
- Knowledge of conventional and/or government guidelines as well as affordable mortgage products and programs
- Knowledge of processing underwriting and/or closing procedures/federal lending regulations governing real estate lending
- Ability to organize and deliver Home Buyer Workshop presentations
- Strong written and verbal communications skills
- Self-motivated and highly organized
- Ability to prioritize multiple competing tasks
Desired Qualifications:
- 2+ years of experience in loan originations
- Familiar with FHA and HUD guidelines
- Knowledge of community housing counseling agencies
- Knowledge of local competition product offerings and real estate market dynamics
- Strong computer skills, including Microsoft applications and previous experience using laptop technology for client communication purposes including accessing rate, credit and loan status information
- Solid time management skills and the ability to organize, prioritize and perform multiple tasks simultaneously
- Ability to communicate clearly and effectively, both verbally and in writing, across a variety of audiences
- Ability to analyze and comprehend complex financial data and provide appropriate financial solutions
- Professional and effective interpersonal skills
Skills:
- Client Management
- Customer and Client Focus
- Loan Structuring
- Oral Communications
- Referral Management
- Credit Documentation Requirements
- Learning Delivery
- Presentation Skills
- Prospecting
- Written Communications
- Active Listening
- Business Development
- Credit and Risk Assessment
- Data Collection and Entry
- Pipeline Management
High School Diploma / GED / Secondary School or equivalent
1st shift (United States of America)These jobs might be a good fit
Bank Of America Centralized Lending Specialist Mortgage Loan Officer - Chand... United States, Arizona, Chandler
Share
This job is responsible for answering inbound calls and initiating outbound calls within a call center to assist new and existing clients with determining the best solution for financing the purchase of a home, refinancing an existing mortgage, or obtaining a new home equity line of credit. Key responsibilities include analyzing the clients financial goals, determining the most optimal lending product solution, submitting the mortgage application, assisting clients with gathering supporting loan documentation, and keeping clients informed throughout the mortgage loan process.
This position is subject to SAFE Act registration requirements. Pursuant to the SAFE Act requirements, all employees engaged in residential loan mortgage originations must register with the federal registry system and remain in good standing. Since this position requires SAFE Act registration, employees are required to register and to submit to the required SAFE Act background check and registration process. Failure to obtain and/or maintain SAFE Act registration may result in disciplinary action up to and including termination.
Responsibilities:
- Provides exceptional client care
- Answers inbound calls and make outbound calls to provide new and existing clients with guidance and advice to uncover lending needs and assist them with determining the best solution
- Utilizes multiple technology systems to assist customers and referral partners
- Leverages defined lending processes and policies to meet guidelines and manage risks
- Communicates consistently with clients and business partners through outbound calls, email, and online messaging systems throughout the lending process
- Identifies opportunities through conversations with clients to recommend the bank's products through partner referrals as part of one team that delivers exceptional client care
Required Qualifications:
- Has 1+ year sales and mortgage experience
- Has a strongrelationship-deepeningand client care mentality
- Actively listens to the client to determine their needs and goals and has a desire to interact with clients proactively.
- Has an ability to assess client needs and suggest/promote alternative products or services
- Has ability to learn all platform systems utilized within the environment and/or aptitude in system technologies
- Has effective customer service skills with ability to manage the full client end-to-end origination experience and problem resolution at key points in lending process
- Has an ability to work under pressure during high volumes
- Has an ability to build and maintain positive rapport with service partners
- Can prioritize multiple competing tasks
- Has adaptability and is flexible to change
- Is a strong communicator, written, oral and non-verbal
- Demonstrates solid sales production over a sustained time frame
- Can be flexible to work weekends and/or extended hours as needed.
- Communicates professionally, effectively and confidently and is comfortable engaging all clients over the phone.
- Has an ability to handle multiple lines of business and models to support changing business needs
- Independently works with other business partners to expedite post-sale issues or problem resolution
- Has the ability to effectively balance performance, operational risk, and client relationship care.
- Demonstrates a commitment to professional ethic and is thorough and thoughtful in incorporating relevant regulatory due diligence as well as complying with all Federal and State Compliance policies.
Desired Qualifications:
- Has contact center experience
- Has knowledge of loan products (Conventional, Jumbo and Government)
- Can analyze financial and credit data to advise clients of product/pricing policies and guidelines and gather any additional required information.
- Familiarity with FHA and HUD guidelines
- Knowledge of processing underwriting and/or closing procedures/federal lending regulations governing real estate lending
- The ability to analyze and comprehend complex financial data and provide financial alternatives
- Strong consultative skills including the ability to ask critical questions to identify opportunities
Skills:
- Attention to Detail
- Client Solutions Advisory
- Customer and Client Focus
- Oral Communications
- Written Communications
- Client Management
- Loan Structuring
- Pipeline Management
- Problem Solving
- Collaboration
- Credit Documentation Requirements
- Critical Thinking
- Referral Identification
- Referral Management
High School Diploma / GED / Secondary School or equivalent
1st shift (United States of America)These jobs might be a good fit
Bank Of America Enterprise Lending Officer - Newport Beach United States, California, Newport Beach
Share
This job is responsible for providing Consumer Lending advice to new-to-bank clients and external business development. Key responsibilities include applying mortgage lending principles and familiarity of Realtor, Builder, and Community contacts local to the market. Job expectations include having successful track-records of delivering lending services to clients by demonstrating an understanding of credit, lending guidelines, and the mortgage process.
This position is subject to SAFE Act registration requirements. Pursuant to the SAFE Act requirements, all employees engaged in residential loan mortgage originations must register with the federal registry system and remain in good standing. Since this position requires SAFE Act registration, employees are required to register and to submit to the required SAFE Act background check and registration process. Failure to obtain and/or maintain SAFE Act registration may result in disciplinary action up to and including termination.
Responsibilities:
- Provides exceptional client care by providing advice oriented solutions with Consumer Lending and Core Banking products
- Engages in community development, outside sales activities, and external networking to responsibly grow client and market share
- Understands lending processes and credit guidelines to best develop solutions for each client's needs
- Manages daily client and loan pipelines with astute organization, follow up, and high degree of collaboration with loan fulfillment partners
- Leverages digital solutions, providing clients with a choice in preferred service pathways
- Maintains and adheres to all federal and state regulations and bank operational requirements, delivering compliant client advice conversations and fulfilling financial goals
Skills:
- Business Development
- Client Management
- Customer and Client Focus
- Prospecting
- Risk Management
- Account Management
- Client Solutions Advisory
- Credit and Risk Assessment
- Pipeline Management
- Referral Identification
- Attention to Detail
- Credit Documentation Requirements
- Issue Management
- Networking
- Relationship Building
• Has 3+ years of experience in a loan origination role with a focus on generating self-sourced purchase business through a verifiable, established network of referral sources
• Demonstrated understanding of effectively managing a pipeline in order to deliver an exceptional client experience
• Has a strong knowledge of loan products Conventional, Jumbo and Government.
• Demonstrated ability to understand, analyze, and document income, assets and liabilities properly in order to qualify clients for specific loan products
• Demonstrated understanding of processing, underwriting and/or closing procedures
• Has a working knowledge of federal regulations governing real estate lending
• Ability to source clients independently and not rely on enterprise referrals with demonstrated success in generating business from external Centers of Influence real estate professionals, builders, and other external referral partners in a compliant manner as well as within bank policy.
• An ability to work independently
• Is a strong communicator, both written and verbal
• Is self-motivated and highly organized
• Can prioritize multiple competing tasks
• Uses appropriate interpersonal styles, communication methods and approaches to gain clients and keep them informed during the loan process
• Demonstrated understanding of the connection of the level of service provided being directly correlated to driving sales volume
• Can be flexible to work weekends and or extended hours as needed to serve clients
Desired Skills and Experience
• Familiarity with FHA and HUD guidelines
• Strong computer skills including MS applications and previous experience utilizing laptop technology for communication purposes including accessing rate, credit and loan status information
• Solid time management skills and the ability to organize, prioritize and perform multiple tasks simultaneously
• The ability to analyze and comprehend complex financial data and provide financial alternatives
• Professional and effective interpersonal skills
• An ability to take ownership, accountability and can demonstrate integrity
• Adaptability and can demonstrate flexibility
• A positive attitude
• Effective communication styles
The following laws or regulations restrict or prohibit the hiring of individuals with certain specified criminal history for the position Credit Solutions Advisor II: FDIC, Safe Act/Loan Originators
High School Diploma / GED / Secondary School or equivalent
1st shift (United States of America)These jobs might be a good fit
Share
Responsibilities
- The successful candidate will work with GPS engagement teams, supporting functions, and EY’s Client Technology and Global Information Security organizations to develop and maintain a security and compliance program across all environments, platforms and applications used or desired for use by GPS. Responsibilities include:
- Strategy, Governance and Risk Management
- Development and execution of a multi‑year cybersecurity strategy and investment roadmap aligned to business objectives and federal contract requirements.
- Development, management and maintenance of the GPS IT security risk management policy and/or procedural documentation mapped to NIST SP 800-37 (RMF), NIST SP 800‑53, NIST SP 800‑171, NIST SP 800‑161 (C‑SCRM), and NIST SP 800‑218 (SSDF)
- Ownership of the enterprise risk assessment (ERA), business impact analysis (BIA), and security metrics; present posture and material risk to the COO on a recurring cadence.
Defense Industrial Base Compliance (Classified & Unclassified)
- Manage GPS compliance with DFARS 252.204-7012, 252.204-7020, and 252.204-7021. This includes:
- Leading DFARS/CMMC readiness and ongoing compliance.
- Serving as the Affirming Official (AO) and maintaining an accurate SPRS self‑assessment score with defensible Plans of Action and Milestones (POAMs).
- Achieving and maintaining CMMC certification at level 2.
- Overseeing management and maintenance of POAMs.
- Ensure systems operated for the government are designed properly and assessed against the appropriate requirements such as FedRAMP, Cloud Computing Security Requirements Guide, IRS 1075, and MARS-E.
- Ensure safeguarding and incident reporting obligations for CUI (e.g., DFARS 252.204‑7012 72‑hour reporting) are met; coordinate with DC3/DIBNet and affected customers when necessary.
- Oversee NISPOM compliance for classified systems; partner with FSO to achieve and maintain Authorizations to Operate (ATOs).
- Ensure proper handling of export‑controlled data (ITAR/EAR).
- Prepare for and lead Program through contractually required assessments and customer audits; keep evidence, policies, configurations, and logs audit‑ready.
- Respond to government inspections or audits in coordination with EY Information Security and Risk Management.
Secure Cloud, Identity & Enterprise Platforms
- Own security architecture and controls for Azure Government (Azure Gov) and Microsoft 365 GCC High tenants, including Conditional Access, PIM/PAM, encryption, logging/retention, and data governance for CUI.
- Implement Zero Trust principles across identity, endpoints, networks, and workloads; drive continuous verification and least‑privilege.
- Deploy and operate EDR/XDR, SIEM/SOAR, DLP, CASB/SSE/SASE, MDM, key management/HSM, and vulnerability/configuration management at scale.
- Oversee user authorization process and ongoing attestation of user authorization and access.
- Assist to resolve GPS practitioners’ access or other issues with Enclave environments.
- Ongoing development, coordination and sustainment of Information Security Continuous Monitoring (ISCM) Program across all applications within the environment.
DevSecOps & Secure SDLC
- Establish a software security program aligned to NIST SSDF (SP 800‑218) and EO 14028 expectations; integrate security into SDLC across GitHub and Azure DevOps.
- Govern AppSec tooling and policy: SAST (e.g., Checkmarx), DAST (e.g., Qualys/AppScan), SCA/OSS (e.g., Mend), IaC/container/K8s scanning, and Wiz/Wiz Code; enforce build‑time gates and remediation SLAs.
- Require SBOM generation, artifact signing/provenance (e.g., SLSA targets), and secrets management across all repositories and pipelines.
Detection, Response & Resilience
- Develop, manage and maintain GPS incident response program.
- Lead SOC and CSIRT functions: 24×7 monitoring, threat intelligence, purple/red‑team exercises, and executive tabletop drills.
- Maintain and test the Incident Response Plan and Cyber Crisis Playbook, including regulatory/customer communications and forensics preservation.
Effective Business Integration
- Ensure development of fit-for-purpose solutions that support the business activities.
- Manage integration of Firm applications into the GPS Enclave environment.
- Understand and facilitate communication of EY’s IT disaster recovery and business continuity plans to GPS clients, potential clients and engagement teams (including engagement team responsibilities).
- Augment existing Client Security Assurance reviews of data protection requirements contained in RFPs/RFQs to adequately respond, and assist in development of GPS client security and data protection (confidentiality) plans.
- Monitor regulatory or other developments in INFOSEC principles, regulatory requirements and leading practices.
Leadership, Team and Budget
- Role model a leadership style that brings infrastructure, application and cybersecurity professionals together to collaborate constructively on the design, implementation and operation of controls.
- Build and mentor a high‑performing organization spanning Policy/GRC, AppSec/DevSecOps, Security Engineering/Architecture, SOC/IR, and Third‑Party & Supply‑Chain Risk.
- Own the cybersecurity budget and vendor portfolio; rationalize tools and services for value, performance, and compliance.
- Participate in purchasing and enhancement of third-party tools for GPS.
- Augment and potentially streamline existing Vendor Supplier Risk Assurance Program during evaluation of subcontractor compliance with applicable cybersecurity and data protection clauses.
- Drive a security‑first culture: ongoing training, phishing simulations, secure coding education, and leadership engagement including data protection and awareness and role-based training programs.
- Coordinate and respond to annual (or more frequent) independent risk assessments and cyber security reviews.
Qualifications:
- 12+ years of progressive cybersecurity leadership, including 5+ years at the enterprise or business‑unit executive level.
- 5+ years FISMA related experience
- Bachelor’s degree in IT-related field or bachelor’s degree in non-IT related field with a total of 10 years of information security experience
- Master’s degree preferred
- Ability to obtain and maintain Top Secret clearance
- US citizenship required
- Must have government sector experience
- Thorough knowledge and understanding of:
- FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems
- DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting
- NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
- NIST SP 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
- GSAM 552.239-70, Information Technology Security Plan and Security Authorization, 552.239-71, Security Requirements for Unclassified Information Technology Resources and similar clauses in agency FAR supplements
- FISMA
- Specialized knowledge and experience with the implementation of the NIST Special Publication (SP) 800 family of publications, particularly those associated with the Risk Management Framework
- Proven experience in the Defense Industrial Base with DFARS/CMMC and NIST SP 800‑171 implementation and audits (including POA&M and SPRS management).
- Experience with FEDRAMP compliance authorization and monitoring
- Deep expertise securing Azure Government and Microsoft 365 GCC High environments
- Experience working with other Government cloud communities, including AWS
- Experience working with classified environments, achieving/maintaining ATOs, overseeing classified systems under NISPOM and DoD RMF, and working understanding of SCIF operations
- Knowledge and experience with vulnerability scanning execution, assessment, and analysis
- Knowledge and experience of networks, including LAN and WAN
- Knowledge and experience with application security, database security, and network security
- Experience with evaluating system, network, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines
- Hands‑on leadership of DevSecOps and software security programs covering GitHub/Azure DevOps/Jenkins with SAST/DAST/SCA, IaC/container security, SBOMs, and supply‑chain controls.
- Demonstrated analytical, problem-solving, organizational, interpersonal and communication skills required.
- The ability to collaborate effectively with diverse stakeholders, including client-facing, legal, finance and contracting teams, executives, engineers, customers and assessors on a wide variety of tasks, as needed.
- Ability to foster professionalism and demonstrate integrity and confidentiality in all actions.
- Ability to demonstrate flexibility when required, sense urgency, organize and prioritize work, and achieve against tight deadlines.
- The ability to interpret and communicate regulatory requirements related to cybersecurity and data protection.
- Possession of excellent written/verbal communications skills.
- Possession of excellent analytical skills, including strict attention to detail.
- Ability to assess and weigh current and evolving security threats in an operational environment
- Possession of Information Systems Security Professional certification (CISSP)
- Certifications such as CISSP, CISM, CCISO, CCSP, CRISC, CISA, PMP, and relevant GIAC credentials preferred
What we offer you
- We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The base salary range for this job in all geographic locations in the US is $235,700 to $466,700. The base salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $282,900 to $530,400. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options.
- Join us in our team-led and leader-enabled hybrid model. Our expectation is for most people in external, client serving roles to work together in person 40-60% of the time over the course of an engagement, project or year.
- Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.
These jobs might be a good fit
