BRCO Control Testing Analyst - Enterprise Security and Technology

Job Description

The Business Risk and Control Officers (BRCOs) play a pivotal role in guiding the business to identify and understand risk exposures and the controls needed which are integral to reducing risk and safeguarding our customers and colleagues. BRCOs are critical to the success of the Risk Management Lifecyle and play a role in Planning, Identifying, Assessing, Mitigating, Monitoring, and Reporting. BRCOs are members of the First Line of Defense (1

LOD) who:

• Provide leadership and coaching to the 1
  
  LOD to proactively identify and effectively manage risks.
• Translate and educate 1
  
  LOD to enable and drive business relevant implementation of Second Line of Defense (2
  
  LOD) risk management frameworks, policies, taxonomies, and inventories.
• Review, validate, and test 1
  
  LOD activities to ensure adequate control design and effective control operation.
• Provide credible challenge to 1
  
  LOD colleagues, ensuring safeguard and risk mitigation measures are upheld in decision making and adherence to 2
  
  LOD frameworks and policies prior to 2
  
  LOD review.
• Drive two-way collaboration across 1
  
  LOD and 2
  
  LOD; liaise between 1
  
  LOD and 2
  
  LOD to drive engagement throughout the risk management lifecycle.
• Collaborate and coordinate across the organization to help navigate and mitigate horizontal risk promoting resilience and ensuring safety and soundness.
• Document, aggregate and report risk in accordance with the risk management lifecycle.
• The Business Risk and Control Office (BRCO) Control Testing Analyst is responsible for the structured, post-execution review to validate that processes and controls function as intended to mitigate risk, including SOX controls. The BRCO Control Testing Analyst must not be involved in the design and execution of controls.

Position Responsibilities Translates and interprets corporate testing policies and participates in the implementation of overall independent testing program for the Line of Business (LOB)

• Adheres to a defined testing schedule and provides periodic updates on progress.
• Establishes relationships with business partners and other key stakeholders (SOX Office).

Develops testing processes and procedures in alignment with enterprise risk frameworks and policies and conducts baseline review activities

• Understands LOB end to end business processes, products, services, financial statement risks, controls, and risk profile.
• Adheres to testing procedures, standards, and methodologies established by 2
  
  LOD. Tests are performed periodically based on inherent risk level and frequency of controls operation; scope and sample size vary based on the type of test, inherent risk level, and dataset population size.
• Addresses any review and challenge comments as received to ensure alignment with 2
  
  LOD testing requirements.
• Designs and executes testing plans and scripts to evaluate the effectiveness of the overall control environment, including for SOX compliance.

Conducts testing of control design and operating effectiveness

• Assess both Design (is the control is designed to accomplish the goal or detect/prevent a misstatement - test sample of
  1) and Effectiveness (was the control executed correctly). Performs the role of Tester/Preparer (does the testing, picks the samples, executes testing based on test plan, documents, manages follow-up, reviews comments) or reviewer (reviews the testing, documents issues).
• Reviews 1
  
  LOD quality assurance procedures are aligned with frameworks and policies.

Documents and provides evidence for testing results

• Documents narratives, flowcharts, and controls.

Reports on control testing results and key themes to management reflecting trends, emerging risks, strengths, and weaknesses

• Identifies and escalates issues for remediation. Advises on how to remediate any control deficiencies/failures, proposing solutions to root causes of identified conditions.
• Validates remediation of control deficiencies and issues, including sustainability.
• Supports audits, exams and assessments conducted internally and externally.

Business Partnering

• Partners and engages with relevant business partners at varying levels in the organization to develop and maintain a strong control environment through effective testing and related activities that lead to early identification and sustainable mitigation of risks.
• Drives a strong enterprise risk culture by fostering rigor and discipline focused on risk and compliance awareness, ethical business practices, transparency, and escalation.
• Learns continuously about the line of business to strengthen subject matter expertise and provide more valuable application of control testing.

A successful candidate will have the following knowledge and/or skills:

• Demonstrated knowledge of banking industry products, services, and workflows.
• Familiarity with critical business processes and controls, as well as overall business needs and objectives, for the Line of Business.
• Track record of driving timely and effective issue resolution in a financial services context
• Ability to educate colleagues on risk…