Salary Range:$104,000 – $133,000 Salary range estimated by Zippia
Posted 21 hours ago
Apply Now
Description
Employee Applicant Privacy Notice
Who we are:
Shape a brighter financial future with us.
Together with our members, we're changing the way people think about and interact with personal finance.
We're a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we're at the forefront. We're proud to come to work every day knowing that what we do has a direct impact on people's lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.
The First Line of Defense ( 1LOD) Business Control Testing (BCT) team is responsible for executing control testing activities to evaluate the effectiveness of SoFi's Internal Controls.
The role:
The Business Controls Testing QA Lead will be responsible for:
- Supporting the delivery of high-quality, consistent, and risk-focused 1LOD control testing to assess the design and operating effectiveness of controls for in-scope Risk Control Self Assessments (RCSA) processes, through the execution of quality assurance reviews, with an emphasis on technology (IT) controls.
- Improving processes to optimize the efficiency and effectiveness with which assurance work is executed, by undertaking quality assurance reviews, driving control testing skills training, and maintaining IT & business control testing and reporting standards and methodology.
- Assist business and technology stakeholders and risk partners in establishing or updating control inventories, control descriptions, workflows/ processes, etc. to support and drive consistent control testing.
- Proactively monitoring for changes to the enterprise, industry, and regulatory requirements, guidance and pronouncements, and supporting control remediation efforts such as the creation of action plans to address control deficiency/gaps and analyze process deficiencies that could lead to process improvement initiatives where appropriate.
Overall, work will also include driving improvement efforts in efficiency, effectiveness, and productivity, including implementing initiatives across 1LOD Business Controls.
What you'll do:
- Perform quality assurance reviews (QARs) of work performed by the control testing teams on both a real-time and look-back basis, including the test of design, test of operating effectiveness, issue pre-validation, control remediation retests, test plan, tracking and reporting in alignment with risk and control inventory changes.
- Assess the adequacy of testing related to common IT Controls, including but not limited to access, change management, SoD, Incident Response, Data Security / Encryption, Network Security, Vulnerabilities / Patch Management, & IT Governance.
- Experience with reviewing system configurations, scripts, automations, etc.
- Record, observe, and prepare reports related to the status of control test execution and QA activities and results, including thematic issues identified and the status of any pre-validation and remediation efforts to leadership.
- Develop and/or enhance key success measures/metrics and reporting to support control testing activities.
- Provide day-to-day support and guidance on IT control testing, including participating in walkthrough meetings, reviewing documentation and assessing the adequacy, and leading final disposition meetings.
- Proactively monitor for changes to the enterprise, industry, and regulatory requirements, guidance, and pronouncements.
- Partner with risk groups such as compliance, SOX, 2LOD, and internal audit to drive consistency and continuous improvement.
- Review and improve the 1LOD BCT procedures, methodology, and standards including related practices, by drafting and presenting methodology documents to key internal stakeholders, developing guidance notes, and other guides.
- Develop and update methodology and guidance to align with evolving practices and innovation initiatives.
- Apply technical understanding of enterprise-wide risk management policies, standards, and practices to recommend enhancements to BCT methodology and guidance.
- Identify and contribute to the development of continuous improvement opportunities to train the team on program findings/enhancements.
- Produce effective communication tools to share best practices and methodology.
- Assist in the provision of methodology training to control testers and business stakeholders, including tailored training as needed.
- Support 1LOD and Business Controls preparation for and participation in regulatory exams or external assessments.
- Participate in selected departmental initiatives.
- Perform other duties as assigned.
What you'll need:
- 5+ years of experience in IT risk management in financial services, technology, and/or banking operating environments; specifically managing and executing/reviewing first-line controls testing, internal audit, quality control roles, or other complimentary capacities within the financial services industry.
- A Bachelor's Degree in information technology, computer science, or 8 years of relevant experience in place of a degree.
- Preferred qualifications include CISA, CISSP, and/or CIA.
- Working knowledge of SoFi's products and services.
- Subject matter expertise in operational risk and controls testing; working knowledge of relevant industry regulations and standard industry processes.
- Working knowledge in technology risk and controls testing, relevant industry regulations, and standard industry processes (e.g., COBIT, ISO/IEC 27001, NIST, etc.).
- Knowledge of process development (e.g., process taxonomy, process mapping, etc.)
- The scope of experience should include risk identification, mitigation, and control assessments as well as writing test scripts and documenting results.
- Strong written and verbal communication skills, and experience preparing audit workpapers, issues, reports, and management presentations.
- Strong ability to create a culture of ownership, accountability, collaboration, and ability to influence at different levels.
- Ability to work independently with limited daily supervision while meeting deadlines.
- Ability to navigate through ambiguity, manage and coordinate multiple project assignments, and deliver on commitments.
- Partnership mindset to ensure we have positive and productive working relationships with auditors and examiners.
- Proficiency in IT systems, networks, and security technologies and tools.
- Experience in highly-matrixed, fast-paced environments.
The following experiences are a plus:
- Payments, FinTech, and/or Startup experience.
- Performing data analysis using data mining and visualization techniques (Alteryx, Tableau, SAS, SQL, R, Python).
- Familiarity with the FRB, OCC, FDIC, and CFPB examination procedures.
