• Review, redline, and approve marketing and advertising materials submitted by loan officers, branches, and corporate marketing, including flyers, mailers, rate sheets, open-house collateral, presentations, and co-branded materials. • Evaluate all triggered-term advertising for required disclosures under TILA / Regulation Z §1026.24 (e.g., APR, payment, term, and rate disclosures), ensuring clear and conspicuous presentation. • Screen content for prohibited, deceptive, or misleading representations under the MAP Rule (Regulation N, 12 CFR Part 1014), including claims about rates, payments, government affiliation, FHA/VA programs, and “too good to be true” offers. • Confirm proper use of company NMLS ID, individual LO NMLS IDs, Equal Housing Lender language, licensing footers, and required state-specific advertising disclosures. • Audit company and loan-officer websites, landing pages, and microsites for accurate licensing disclosures, disclaimers, and compliant rate/payment presentations. • Review social media posts, paid digital ads, email campaigns, video, and text/SMS marketing for advertising-rule compliance across all channels. • Monitor third-party lead-generation, listing-site profiles, and co-marketing arrangements for compliance with advertising rules and RESPA Section 8 marketing-services considerations. • Maintain advertising review logs and retain commercial communications consistent with MAP Rule recordkeeping requirements (24-month retention) and company policy. • Track review turnaround times, recurring deficiencies, and approval status; report trends and risk areas to the Chief Compliance Officer. • Assist with updates to advertising policies, disclosure libraries, and pre-approved template language as regulations and guidance evolve. • Deliver targeted training and feedback to loan officers and marketing staff on common advertising violations and best practices. • Support regulatory examinations, audits, and investor/agency reviews by compiling advertising documentation and responding to findings.

• Lead assessments of financial reporting risks and key business processes, including order-to-cash, procure-to-pay, record-to-report, payroll, inventory, and revenue recognition. • Design, evaluate, and optimize process-level and entity-level controls, with a focus on accuracy, completeness, authorization, and segregation of duties. • Translate accounting and operational risks into practical control recommendations aligned with management’s business objectives. • Review and challenge management’s risk assessments, control narratives, and control rationales for sufficiency and audit-readiness. • Lead all phases of client engagements, including planning, execution, staffing, quality assurance, and reporting. • Serve as a trusted advisor to clients, ensuring alignment with their risk management and compliance objectives. • Partner with CFOs, Controllers, and Finance leaders to address financial reporting risk, audit readiness, and control maturity. • Assist with sales efforts and contribute to expanding the GRC practice. • Identify opportunities for additional services and value-added solutions. • Coach, mentor, and develop team members to support career growth and engagement quality. • Foster a positive, collaborative work environment. • Perform and oversee engagements such as SOX 404 advisory, financial and operational internal audits, SOC 1 examinations, business process reviews, and related compliance frameworks, with a strong emphasis on financial reporting risk and control effectiveness. • Stay current on regulatory changes and industry best practices. • Lead internal projects and contribute to continuous improvement of methodologies and processes. • Approximately 30% travel required.

• Automated Compliance Monitoring: Review, audit, and monitor security compliance programs against frameworks like PCI-DSS, NIST CSFv2, and SOC 1/2, leveraging automation tools to continuously assess control health • Process Optimization & AI Integration: Identify opportunities to leverage AI tools and LLMs to accelerate risk assessments, summarize complex regulatory requirements, and streamline process improvements • Code-Assisted Evidence Collection: Lead and automate evidence collection for external audits (SOC 1, PCI Level 1), reducing manual overhead for engineering and product teams • Identity & Access Management (IAM): Oversee user access management and quarterly user access reviews, exploring ways to automate provisioning audits and detect anomalies • Cross-Functional Collaboration: Build and cultivate positive working relationships with engineering, DevOps, and product stakeholders to bake compliance directly into the CI/CD pipeline and cloud infrastructure

• Lead and enhance compliance operations, systems, and workflows. • Support HCP/HCO engagement processes, transparency reporting, and third-party compliance activities. • Develop compliance metrics, dashboards, and reporting capabilities. • Partner with cross-functional stakeholders to implement compliant business processes. • Support audits, monitoring activities, and continuous improvement initiatives.