Financial Examiner VI - Cybersecurity

Job Title: Financial Examiner VI - Cybersecurity

**Location: ** Texas

Benefits Offered: Comprehensive healthcare options, State of Texas retirement plan, paid vacation/holidays, Employee Assistance Program, Training/Employee Development Program, and more.

Military Specialty Codes : Army – 36A; Navy – N/A; Coast Guard – F&S, FIN10; Marine – 3404, 3408, 8844; Air Force – 6F0X1, 65FX, 65WX; Space Force – N/A Additional information on the SAO Military Crosswalk.

Summary:** **

Performs advanced (senior‑level) cybersecurity and information systems examinations of regulated entities. Leads the development, implementation, and continuous improvement of SML’s Non‑Depository Cybersecurity Examination Program, incorporating the CSBS Baseline and Enhanced Nonbank Cybersecurity Exam Programs and evaluating institutions using the URSIT framework (Audit; Management; Development & Acquisition; Support & Delivery). Assesses cybersecurity governance, risk management, operational controls, outsourced technology dependencies, and compliance with applicable state and federal requirements including the FTC Safeguards Rule. Responsible for examiner training, program documentation, and ensuring consistent supervisory practices across the Mortgage Regulation Division. Collaborates and provides support to Information Resources staff. May assist the Thrift Regulation Division. Works under minimal supervision with considerable latitude for the use of initiative and independent judgment. May supervise the work of others.

Essential Job Duties:** **

• -Develop, implement, and maintain SML’s Non‑Depository Cybersecurity Examination Program, aligning with CSBS Nonbank Cybersecurity Exam standards and industry best practices.

• -Create and update examination modules, procedures, and standardized workpapers incorporating URSIT components, CSBS Examiner Considerations, and FFIEC IT Handbook references.

• -Continuously evaluate program effectiveness and recommend improvements based on emerging threats, technology changes, and CSBS program updates.

• -Conduct highly complex cybersecurity and IT examinations of regulated entities.

• -Apply the CSBS Baseline or Enhanced Exam Programs based on the size, complexity, and cyber‑risk profile of licensees and registrants.

• -Perform pre‑examination activities, including issuing exam notifications and reviewing CSBS-recommended pre‑exam document request lists, risk assessments, policies, and other artifacts.

• -Evaluate cybersecurity risk management practices across the URSIT framework: Audit (independence, reporting, testing); Management (governance, oversight, risk assessment); Development & Acquisition (change management, SDLC, vendor onboarding); and Support & Delivery (network security, endpoint controls, patching, monitoring)

• -Assess mortgage entities’ compliance with the FTC Safeguards Rule, including required elements of written information security programs.

• -Evaluate a broad range of cybersecurity domains specified by CSBS, including IT/IS governance, asset inventory, access control and authentication, network/endpoint security, patch management and vulnerability management, malware controls, cloud and outsourced provider oversight, incident response planning and testing, business continuity and disaster recovery, and ransomware preparedness and controls.

• -Utilize the Ransomware Self‑Assessment Tool (R‑SAT) as part of examinations, interpret results, and incorporate findings into supervisory conclusions.

• -Serve as examiner‑in‑charge for complex or multi‑state examinations.

• -Train and mentor SML staff on cybersecurity concepts, CSBS exam procedures, risk identification, and documentation standards.

• -Provide technical support to SML staff who identify IT‑related issues during examinations.

• -Communicate examination findings clearly through written reports and presentations to leadership and information security teams of regulated entities, and SML senior management staff.

• -Participate in multi‑state working groups, CSBS forums, and interagency initiatives to promote supervisory consistency.

• -Maintain proficiency with updates to CSBS exam programs, federal and state cybersecurity regulatory expectations, and industry best practices.

• -Collaborates with and provides support to Information Resources staff.

• -Other related duties as assigned.

Reports To:** **

​​Director of Mortgage Regulation

External final male applicants who are 18-25 years of age will be required to furnish proof of registration or exemption from registration with the Selective Service System as a condition of state employment.

All offers of employment are contingent upon the candidate having legal authorization to work in the United States. Failure to present such authorization within the time specified by the U.S. Department of Labor will result in the offer being rescinded.

All offers of employment are also contingent upon satisfactory credit and background check.

For directions or to request physical accommodations, email humanresources@sml.texas.gov

E-Verify – This organization participates in E-Verify. This employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization.

Department of Savings and Mortgage Lending is an equal opportunity employer. ​