Technology Risk Analyst

Department:

We are Walker & Dunlop.  We are one of the largest providers of capital to the commercial real estate industry, enabling real estate owners and operators to bring their visions of communities — where people live, work, shop, and play — to life. We are committed to creating meaningful social, environmental, and economic change in our communities.

Department Overview

WDTech is W&D’s in-house technology team – a group of highly skilled technology professionals, all of whom are leading experts in real estate data, data science, and technology.

WDTech Information Security protects W&D's information assets by way of a comprehensive policy framework that oversees and operates cybersecurity countermeasures and technology risk controls.

The Impact You Will Have

Technology Risk Management is a critical function within Information Security and a key connector across the organization. In this role, you will help operationalize the technology risk program by ensuring risk assessments, control evidence, remediation efforts, and executive reporting are timely, accurate, and audit-ready. You will monitor control performance, enforce security standards, and translate complex technical telemetry into actionable compliance insights. Your work will enable leadership to make informed, risk-adjusted decisions that protect and strengthen our technology environment.

Primary Responsibilities

• Align organizational controls to NIST CSF 2.0 and other relevant frameworks, translating policies into measurable technical standards and control requirements.

• Maintain continuous SOC 2 Type II readiness by managing the year-round evidence lifecycle and validating control effectiveness across all Trust Services Criteria using GRC tools.

• Conduct and support technology and cybersecurity risk assessments across key domains, including IAM, change management, incident response, vulnerability management, logging and monitoring, cloud/SaaS, data protection, endpoint security, and backup/disaster recovery.

• Monitor control performance and risk telemetry against established thresholds, proactively identifying, escalating, and addressing at-risk controls before critical failure points are reached.

• Lead corrective action plans (CAPs) for identified gaps, partnering with control owners to drive timely remediation and root cause resolution.

• Perform risk-based assessments of critical third parties, including SaaS, AI, and cloud providers, evaluating SOC reports and security posture against internal risk standards.

• Document control design and operating effectiveness, including process narratives, control mappings, and evidence standards.

• Serve as a liaison for internal and external audits, providing clear, defensible documentation and rationale for control decisions.

• Develop executive dashboards and reporting that provide visibility into framework alignment, control health, and audit readiness, enabling proactive risk insights for leadership.

• Collaborate cross-functionally with business and technology teams to embed security and risk standards into products and services and support timely, comprehensive risk reporting to senior leadership.

• Perform other duties as assigned.

Education and Experience

• Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Risk, Finance/Accounting, or related field (or equivalent practical experience).

• 3+ years of experience in technology risk, information security, IT audit, compliance, GRC, or IT operations.

• CRISC, CISA, or similar certification preferred.

• Cloud certifications such as AWS Cloud Practitioner or Azure Fundamentals (AZ-900) preferred.

Knowledge, Skills and Abilities

• Working knowledge of identity and access management principles, including least privilege, multi-factor authentication, and access reviews.

• Familiarity with SDLC and change management controls, incident management processes, vulnerability management, and basic security monitoring concepts.

• Understanding of third-party risk management practices and penetration testing processes.

• General knowledge of networking, operating systems, enterprise IT systems, and cloud computing concepts.

• Familiarity with security and risk management frameworks such as NIST and SOC 2.

• Proficiency with spreadsheets, documentation platforms, ticketing/work management tools (e.g., Jira), and collaboration tools.

• Ability to translate complex security concepts into clear, actionable communication for both technical and non-technical audiences.

• Strong organizational, analytical, and critical thinking skills with high attention to detail and commitment to quality.

• Demonstrated ability to manage and influence multiple stakeholders across functions through clear written and verbal communication.

• Ability to show ownership of your work, take on challenges and acknowledge growth opportunities, and demonstrate patience when learning new processes.

• Courtesy, respect, and thoughtfulness in teaming with colleagues and other stakeholders.

This position has an estimated base salary of $75,000 - $85,000 plus a discretionary bonus. An employment offer is based on the applicant’s relevant work experience, applicable knowledge, skills, abilities, internal equity, and alignment with market data.

#LI-MR1

#LI-Remote

What We Offer  

• The opportunity to join one of Fortune Magazine’s Great Places to Work winners from 2015-2023 

• Comprehensive benefit options* that have earned Walker & Dunlop the silver level of the 2022 Cigna Healthy Workforce Designation™, some of which include:
    - Up to 83% subsidized medical payroll deductions
    - Competitive dental and vision benefits
    - 401(k) + match
    - Pre-tax transit and commuting benefits
    - A robust health and wellness program – earn cash rewards and gain access to resources that
      promote health, engagement, and balance
    - Paid maternity and parental leave, as well as other family paid leave programs
    - Company-paid life, short and long-term disability insurance
    - Health Savings Account and Healthcare and Dependent Care Flexible Spending 

• Career development opportunities 

• Empowerment and encouragement to give back – volunteer hours and donation matching 

 
*Eligibility may vary based on average number of hours worked 

EEO Statement

We are committed to equity in all steps of the recruitment and employment experience. We believe in equal access to opportunities in our workplace. We do not tolerate discrimination, including harassment, based on any characteristic protected by applicable law, such as race, color, national origin, religion, gender identity, sexual orientation, sex, age, disability, veteran or military status, and genetic information, or any other characteristic protected by applicable law. We strive to be a safe place to ask questions, build professional relationships, and develop careers.

SPAM
Please be wary of recruitment scams. An indication of a scam might be a request for sensitive or bank information at the time of application or emails coming from a non walkerdunlop.com email address. Please call us at 301.215.5500, if you have any concerns about information requested during or after the application process.

Fair Chance Hiring

Background checks, including any questions related to infractions, arrests, or conviction records, will not be conducted until after a conditional offer of employment has been accepted. We will consider for employment qualified applicants regardless of arrest and conviction records, in accordance with federal, state, and local laws.