Arch is seeking a Manager, IT Governance, Risk & Compliance (GRC) to execute governance, risk, and compliance activities for the Arch Global Mortgage business. You will serve as the primary coordination point between mortgage stakeholders, technology teams, customers, and regulators, ensuring alignment with technology, security, and regulatory obligations.
What You'll Do
- Serve as the primary contact for Arch Global Mortgage on requests related to technology risk, security controls, customer audits, and regulatory inquiries.
- Interface with international stakeholders to understand regulatory, customer, and business drivers.
- Triage incoming requests, identify subject‑matter experts, coordinate inputs, and track responses to completion.
- Draft and prepare regulatory responses, customer communications, and supporting materials for review by the CISO.
- Develop background analysis, control narratives, and documentation to support external responses.
- Create and maintain regulatory‑to‑control mappings showing alignment between mortgage requirements and technology/security controls.
- Interpret Arch policies, standards, and control frameworks for mortgage-specific use cases and escalate gaps.
- Support SOC 2 engagements and other audits by coordinating evidence collection, drafting control descriptions, and managing auditor requests.
- Maintain familiarity with business continuity and disaster recovery (BC/DR) concepts relevant to the mortgage business.
- Support BC/DR governance, documentation updates, testing preparation, and related audit or regulatory requests.
- Partner with the CISO to establish and maintain a calendar of recurring governance, compliance, and reporting activities.
- Draft metrics, summaries, and artifacts for senior leadership discussions and board materials.
- Surface risks, control gaps, and areas of uncertainty clearly to support prioritization.
What We're Looking For
- 5+ years working in IT Audit or IT Compliance, or an equivalent combination of education and experience.
- Bachelor's degree.
- Experience in IT governance, risk, compliance, or security risk management within financial services or insurance.
- Experience supporting customer audits and third‑party risk management (TPRM) programs, particularly with banks or large financial institutions.
- Prior technical background sufficient to understand, assess, and question technology and security controls.
- Strong written communication skills, with experience drafting materials for external review.
- Familiarity with SOC 2 and BC/DR concepts.
- Ability to work across time zones, with willingness to overlap with Australian (Sydney) business hours.
Nice to Have
- Experience working with global or non‑U.S. regulated businesses.
- Located on the U.S. West Coast.
Team & Environment
You will work in close partnership with and report directly to the VP, Chief Information Security Officer.
Benefits & Compensation
- Compensation: $120,000 - $200,000/year.
- Multiple medical plans plus dental, vision and prescription drug coverage.
- Competitive 401k with generous matching.
- PTO beginning at 20 days per year.
- Up to 12 paid company holidays per year plus 2 paid days of Volunteer Time Off.
- Basic Life and AD&D Insurance as well as Short and Long-Term Disability.
- Paid Parental Leave of up to 10 weeks.
- Student Loan Assistance and Tuition Reimbursement.
- Backup Child and Elder Care.
Work Mode
This is a remote position open to candidates in the United States.
Arch is an equal opportunity employer.
