BRCO Control Testing Lead - Enterprise Security and Technology

Job Description BRCO Control Testing Lead

The Business Risk and Control Officers (BRCOs) play a pivotal role in guiding the business to identify and understand risk exposures and the controls needed which are integral to reducing risk and safeguarding our customers and colleagues. BRCOs are critical to the success of the Risk Management Lifecyle and play a role in Planning, Identifying, Assessing, Mitigating, Monitoring, and Reporting. BRCOs are members of the First Line of Defense (1

LOD) who:

• Provide leadership and coaching to the 1
  
  LOD to proactively identify and effectively manage risks.
• Translate and educate 1
  
  LOD to enable and drive business relevant implementation of Second Line of Defense (2
  
  LOD) risk management frameworks, policies, taxonomies, and inventories.
• Review, validate, and test 1
  
  LOD activities to ensure adequate control design and effective control operation.
• Provide credible challenge to 1
  
  LOD colleagues, ensuring safeguard and risk mitigation measures are upheld in decision making and adherence to 2
  
  LOD frameworks and policies prior to 2
  
  LOD review.
• Drive two-way collaboration across 1
  
  LOD and 2
  
  LOD; liaise between 1
  
  LOD and 2
  
  LOD to drive engagement throughout the risk management lifecycle.
• Collaborate and coordinate across the organization to help navigate and mitigate horizontal risk promoting resilience and ensuring safety and soundness.
• Document, aggregate and report risk in accordance with the risk management lifecycle.
• The Business Risk and Control Office (BRCO) Control Testing Lead is responsible for the structured review to validate that processes and controls function as intended to mitigate risk, including SOX controls. The BRCO Control Testing Lead does not own the design nor execution of controls.

Translates and interprets corporate testing policies and participates in the implementation of overall independent testing program for the Line of Business (LOB).

• Adheres to a defined testing schedule and provides periodic updates on progress.
• Provides guidance to other team members supporting the engagement.
• Establishes strong relationships with business partners and other key stakeholders ( SOX Office).

• Understands LOB end to end business processes, products, services, financial statement risks, controls, and risk profile.
• Adheres to testing procedures, standards, and methodologies established by 2
  
  LOD. Tests are performed periodically based on inherent risk level and frequency of controls operation; scope and sample size vary based on the type of test, inherent risk level, and dataset population size.
• Addresses any review and challenge comments as received to ensure alignment with 2
  
  LOD testing requirements. Designs and executes testing plans and scripts to evaluate the effectiveness of the overall control environment, including for SOX compliance.
• Performs walkthrough prep and walkthrough execution.

• Assesses both Design (is the control is designed to accomplish the goal or detect/prevent a misstatement - test sample of
  1) and Effectiveness (was the control executed correctly).
• Performs the role of Tester/Preparer (does the testing, picks the samples, executes testing based on test plan, documents, manages follow-up, reviews comments) or Reviewer (reviews the testing, documents issues). Documents and provides evidence for testing results.
  • Documents narratives, flowcharts, and controls.
  Reports on control testing results and key themes to management reflecting trends, emerging risks, strengths, and weaknesses.
  • Identifies and escalates issues for remediation. Advises on how to remediate any control deficiencies/failures, proposing solutions to root causes of identified conditions.
  • Validates remediation of control deficiencies and issues, including sustainability.
    Supports audits, exams and assessments conducted internally and externally.
  Adapts testing methodology ( sampling methodology, resourcing) based on testing results and overall risk profile of organization.
  • Identifies and assesses the impact of the changing regulatory environment on business objectives, risk appetite and testing methodology.
  Business Partnering
  • Partners and engages with relevant business partners at varying levels in the organization to develop and maintain a strong control environment through effective testing and related activities that lead to early identification and sustainable mitigation of risks.
  • Drives a strong enterprise risk culture by fostering rigor and discipline focused on risk and compliance awareness, ethical business practices, transparency, and escalation.
  • Learns continuously about the line of business to strengthen subject matter expertise and provide more valuable application of control testing.
  A successful candidate will have the…