Join a financial group that’s as committed to your future as you are. We share a vision for our future, we share our successes, and we strive to bring out the best in each other in everything we do. Our 14,000 diverse colleagues are connected by a common ambition to create change for the better—from forging more dynamic career paths, to driving progress in our communities, to continuously reshaping the standards of global financial services. Positive impact starts here; see the change you can make as we strive to become the world’s most trusted financial group.
Reporting to the Sarbanes-Oxley (SOX) Controls Assurance Advisory (CAA) Manager, the CAA IT Controls Manager will be responsible for overseeing the development of Internal Controls for the Controller's Department – specifically Information Technology General Controls (ITGCs), applications, end-user computing controls (EUCs), user access and SSAE 16 reports. The CAA IT Controls Manager will have direct oversight of the Information Technology activities environment, computer operations, access to programs and data, program development and program changes. The incumbent will also be responsible for all IT application controls for transaction processing. The incumbent will provide internal control guidance and recommendations to process management and lead audits, evaluate risks, provide overview of testing controls designed to mitigate risk, communicate issues and findings to executives, devise solutions for business improvements, and follow-up on corrective actions.
- Assess the controls over application processes, physical and logical security; systems acquisition and development; system and network infrastructure; system architecture; change management; computer operations; and production support.
- Oversee the development and review of technical and process related documentation, including operating procedures, control manuals, business requirement documents
- Work with process owners to develop and update process documentation, flowcharts, and process risk assessments
- Works closely with external auditors for their independent assessment related to ITGCs and EUCs
- Create and execute test plans for high-risk or high-complexity audit areas
- Assess appropriateness of existing control environment (control design)
- Validate existing controls to assess control operating effectiveness
- Review new systems/applications being developed or implemented are properly authorized, tested, approved, implemented and documented.
- Review changes to existing systems to ensure all are properly authorized, tested, approved, implemented and documented.
- Develop recommendations to correct control deficiencies and provide ideas for process improvements
- Support audit related matters when needed, including oversight, internal facilitation, review and remediation efforts
- Responsible for development or updating of policies and procedures for SOX framework – ITGC, End-User Computing and Open Pages Reviews reports issued by IRMG and assess impact to ICFR – for ITGCs and EUCs
- Lead, identify and address systemic control and efficiency issues.
- Directly supervise a team of professional staff to ensure timely completion of the work load. Provide staff with strategic and day-to-day direction in their assigned responsibilities. Perform traditional managerial functions including staff recruiting, establishment of performance goals, coaching and training, performance counseling and appraisal, and salary administration.
- 10+ years of experience within the banking industry, including financial analysis/planning, capital planning or related functional experience.
- Bachelor’s degree in Accounting, Finance, Information Systems, or Information Technology required; CPA license or CISA certification preferred or equivalent combination of education and related experience.
- Three to five years of related work experience in SOX, IT Audit, and/or Compliance with some Big 4 public accounting experience preferred
- Working knowledge of controls as it relates to technology infrastructure and applications, information security/IT control frameworks and user access
- Detailed knowledge of Sarbanes-Oxley requirements and COSO framework
- Excellent written communication and presentation skills; strong understanding of banking, risk management and key risk drivers, quality control/assurance
- Advanced skills in Microsoft Office Suite
- Excellent time management skills and the ability to work under time pressure and handle multiple tasks/projects at the same time
- Ability to work with all levels of management.
- Minimum of 5 years of managerial experience, preferably involving at least five professional staff.
The above statements are intended to describe the general nature and level of the work being performed. They are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified.
We are proud to be an Equal Opportunity / Affirmative Action Employer and committed to leveraging the diverse backgrounds, perspectives, and experience of our workforce to create opportunities for our colleagues and our business. We do not discriminate in employment decisions on the basis of any protected category.