The role will provide leadership to identify, measure, monitor and shape the risks related to the internal control environment affecting both controls over financial reporting and operational controls within the organization through proactive identification of risks and opportunities. This role will ensure sound governance, oversight and execution of the financial and operational risks and controls as part of our Sarbanes Oxley (SOX) program, including key operational, regulatory and compliance related controls within their Department. The role will be responsible for managing all SOX and operational controls related design, implementation, documentation and self-testing to ensure we meet the requirements for the Company's SOX program as well as detect and prevent noncompliance with policies and procedures in advance of internal and external audits. This highly visible position will work closely with the related business management and SOX teams to ensure transparency and understanding of financial reporting and operational issues, opportunities, and the environment both for now and as we experience change from internal factors, such as growth and new business lines, and external factors, such as new regulations and industry expectations.
This is a position that reports to the business. This person will work closely and liaise between key stakeholders both within management and across the organization with Risk & Controls (SOX), Compliance, Internal Audit, External Audit, Enterprise Risk Management, Legal, and the other Risk Managers. The responsibilities include:
Assess, measure, and monitor the governance and risk profile, including determination of real vs perceived risk and inherent vs control risk. Maintain a complete and current inventory of all the material processes and functions, with the associated key risks and their thresholds. Participate and provide guidance for new initiatives and product expansions, including determination of mitigating controls.
Collaborate with management to develop key business control strategies and controls to mitigate related risks. Exercise judgment and influence, and if needed, assist management on the development, implementation and monitoring of strategies, policies, processes and controls to reduce risk and ensure legal and regulatory compliance. Keep control documentation updated to reflect current operating environment and perform self-testing to confirm control effectiveness.
Manage, communicate and provide periodic reporting and metrics to management and SOX team on the mission, strategies, and key issues of the risk governance framework. Proactively manage and promote effective communication with internal groups (management and legal), including second (SOX, Compliance and ERM) and third lines of defense (Internal Audit), and external auditors. This includes providing control documentation, testing support, and answering related questions timely.
Highlight control breakdowns, inadequate processes, and unexpected events and implement corrective actions quickly to address process and control deficiencies. Facilitate the timely remediation of control deficiencies and process improvements by working closely with the business to verify design, timing, and expectations are aligned and met.
Stay abreast and knowledgeable of the related regulatory, industry and compliance requirements in which the department must meet in order to satisfy our regulators and anticipate industry trends or changes. Analyze complex regulatory and industry requirements and the "right size" application of those requirements. Ensure all pertinent regulatory and rule changes are incorporated timely.
Perform annual risk assessment for identifying significant accounts and risks for reporting; done independently and then validated with 2nd line (SOX)
Coordinate, update and maintain all SOX related artifacts including walk-throughs, narratives and process/control specific flow charts
Ensure quarterly that all items are current and reflective of actual practices
Provide changes to controls if underlying processes have changed or new items / risks added top scope of the business - 2nd line would have to concur with the controls design and risk mitigation
Create / manage quarterly program of self-testing / certification to support the business units quarterly certification under Section 302 of SOX
Establish / manage ongoing program of procedure documentation and training within the department related to SOX and internal control processes / activities
Manage program specific to manual controls including spreadsheets and data received / sent out by the department to ensure integrity of data used and integrity, completeness and accuracy of data provided to downstream stakeholders for ICOFR purposes (MRC checklists, IPE controls, etc.)
Monitor and manage all Entity Level Controls within the department
Audit coordination - manage and facilitate all external and internal audit related matters including quality and delivery of audit schedules, follow up questions and resolution, etc.
Facilitate and manage all SOC 1 reports applicable to the business
Provide overall governance, dashboard reporting, tracking against deliverables, and issue escalation timely
Exercises creatively, critical thinking, analytical thinking, and collaboration to solve control problems
In-depth knowledge and application of principles, theories, and concepts, in area of specialty to determine best course
Makes risk and control recommendations to the business line and requires SOX team approval
Advises others about concepts, principles, issues, and alternatives to explore and determine course of action
Uses influence, negotiation, and persuasion to achieve objectives
Independently works with the business to ensure effective internal controls over financial reporting, including updated documentation, supporting testing requests, and tracking and monitoring remediation efforts
Understand Sarbanes-Oxley requirements
Bachelor's Degree in management, finance, economics, related field or equivalent experience
Experience in SOX controls for financial reporting is required
Strong leadership, critical thinking and collaboration skills
Excellent presentation and interpersonal skills
Working knowledge of Microsoft products required
Bachelor's Degree in management, finance, economics, related field or equivalent experience and MBA preferred
8 years working in the financial services industry with managerial level experience
In-depth business or functional expertise as well as knowledge of applicable policies and procedures required
Experience in risk, business controls or compliance management preferred
Ability to influence peers, colleagues and managers across business and divisional lines to take action on complex, technical or sensitive topics with companywide impact
Self-starter and disciplined manager who proactively will reach out as needed
Ability to work tight timelines and manage multiple competing priorities while delivering sound results