In this role you will implement, manage and conduct independent comprehensive assessments of the management, operational, and technical controls, and control enhancements designed to identify, evaluate, and manage related risks and controls across the company or within a particular business or function. Responsibilities include integrating that framework with business operations and keeping key stakeholders across the organization informed about new or existing operational and/or technology assets and third-party vendor engagements; leading or supporting various programs, including Risk and Control Self-Assessment (RCSA), process, risk, and control, and other risk policies, standards, and processes. The primary focus of this role will be assessing the operating effectiveness of key controls documented within RCH through the development and execution of control testing performed in alignment with internal policies and standards.
We currently offer a hybrid work arrangement, that permits employees to work from home part of each workweek. The successful candidate will be required to report to the office on the first day to complete onboarding, orientation, initial training and to receive the required equipment.
ESSENTIAL FUNCTIONS AND BASIC DUTIES
- Management of compliance/audit activities as assigned in relation to Sarbanes Oxley IT Control Framework, Service Operation Control audits.
- Manage internal/external audit engagements and third-party business reviews, contract compliance reviews.
- Partner with stakeholders, including process owners and control officers, to document controls, enhance control language, and ensure test scripts that validate controls are being performed in compliance with policies, procedures, and regulatory requirements to mitigate operational and technology risk to the company.
- Implement timely control testing for multiple in-scope processes across various business entities; conclude on the operating effectiveness of controls to mitigate risks and control objectives within aligned processes.
- Validate implementation of control testing of controls based on internal and industry standards and guidelines.
- Conduct control assessments first time and ongoing to support necessary compliance activities and prepare meaningful documentation to support testing conclusions.
- Track and coordinate the execution of policy and standards control testing activities.
- Ensure control testing is in alignment with broader risk assessment activities and remediation.
- Create synergies by identifying opportunities to repurpose control testing results to satisfy assessment requirements
- Provide ongoing communication to internal stakeholders throughout the testing process to keep them apprised of progress and findings, escalating when appropriate
- Prepare written reports that summarize the objectives, scope, findings, and conclusions for each assigned review
- Support iterative review and challenge of assessment results, working with appropriate stakeholders across the lines of defense
- Support adoption of automated testing platform by identifying controls for inclusion and respective prerequisites and logic for automated testing
- Coordinate required meetings, reviews, and scheduling needs
- Prepare materials for ongoing team meetings and meetings with senior management
- Special projects as requested.
- Bachelor’s Degree in Accounting, Finance, Computer Science, Information Systems, or equivalent
- Preferred Certifications: Certified Public Accountant (CPA), Certified Internal Auditor (CIA)
- Additional Preferred Certifications: Certified Information Systems Auditor (CISA), or Certified in Risk and Information Systems Control (CRISC)
- Combined experience in audit, risk management and/or compliance
- 3-5 years of experience in Privacy, Risk and compliance and/or Audit experience preferred.
- 2-4 years of experience in an audit, accounting, or risk management role in operations or information technology/information security, and/or operational risk management (includes operations, operational risk management, compliance, audit, and third-party risk management within technology and/or information security), or a combination thereof
- Financial Services experience
- Experience with process documentation, risk assessment, evaluation of control operating effectiveness and designing/executing test scripts for operations and/or technology controls Ability to understand technology, management, and leadership issues related to organization processes and problem solving.
- Knowledge of public cloud providers (AWS, Azure, etc.)
- Proficient with Microsoft Office (Project, PowerPoint, Excel, Word)
- Understanding of the regulatory environment and regulations related to technology and operational risk.
- Experience with problem solving in a team environment by thinking outside of the box and providing innovative solutions, with and without technology.
- Knowledge in technology and/or operations areas including, but not limited to incident response.
- Understanding of assessment for compliance with Sarbanes-Oxley (SOX) a plus
- Ability to manage multiple priorities concurrently, prioritize, and efficiently complete responsibilities while maintaining the highest quality.
- Ability to constructively work both independently and in collaborative environments involving all levels of management and employees.
- Proven analytical, critical thinking and problem-solving skills.
Retirement Clearinghouse provides a competitive hourly rate and comprehensive benefits package, including medical, dental, vision, life insurance, short-term and long-term disability insurance, HSA and FSA plans, a Safe Harbor 401k plan with matching contributions, paid holidays sick time, and paid time off, and bonus potential.
Retirement Clearinghouse is an EEO employer and participates in the E-Verify program. Pre-employment background checks, including drug screening, will be performed upon acceptance of offer of employment.
Back to Current Openings