Manager, IT Controls (SOX)

Navy Federal Credit Union - Merrifield, VA (30+ days ago)4.0


Employee Perks

Why You Will Love Being Part of the Navy Federal Team:
  • Competitive compensation with opportunities for annual raises, promotions, and bonus potential
  • Best-in-Class Benefits! (7% 401k match / Pension plan / Tuition reimbursement / Great insurance options)
  • On-site amenities include fitness center, wellness center, cafeteria, etc. at Pensacola, FL; Vienna, VA and Winchester, VA campuses
  • Consistently Awarded Top Workplace
  • Nationally recognized training department by TRAINING Magazine IND123
  • An employee-focused, diverse, and service-oriented workplace environment
Basic Purpose

The Internal Risk and Controls (IRC) Control Technical Analysis team executes data intensive and system specific initiatives to deepen and expand knowledge related to Information Technology General Computing (ITGC) controls embedded within, and enabled by, credit union systems. The team’s primary responsibility is the preparation of audit responses that require the review of 3GL source code, querying of relational databases, evaluation of infrastructure documentation, and analytical exercises involving other deeply technical formats. The team’s secondary responsibility is the enablement of control optimization strategies that require innovative system-based solutions as well as the application of fraud detective/predictive analytics to journal entry data.

Role Description:
The Sarbanes-Oxley (SOX) Controls Manager (Manager, Control Technical Analysis) must have extensive experience leading highly technical and multi-disciplinary teams to accomplish audit-specific objectives. The preferred candidate will have considerable experience with SOX controls; specifically, COSO Framework Activity Controls (Level 3), Information and Communications Controls (Level 4), and Monitoring Controls (Level 5). The selected candidate will have the majority of the following:

  • Have two to four years of management experience leading a team responsible for technology that supported a SOX or SOX-like environment such that the systems were subject to periodic external ITGC control audits and the results of same were deemed the ITGCs to have design and operational effectiveness; and
  • Possess knowledge consistent with a SOX 407 “financial expert” to include an understanding of GAAP principles, financial statement preparation, and internal accounting controls; and
  • Possess technical expertise in the areas of client/server architecture: particularly with regard to documenting system relationships for Information Technology General Computing Control (ITGC) audits and translating complex system relationships into control-specific documents; and
  • Possess technical expertise in the area of database systems (e.g., IBM DB2, Oracle, Microsoft SQL Server, etc.), Extract/Transform/Load (ETL) systems, VSAM mainframe data storage formats, ASCII/CSV data conversion extracts, and other data storage systems in preparation for data-centric auditor requests; and
  • Have considerable experience leading transformation efforts that involve migrating away from End User Computing (EUC) applications to enterprise Robotic Process Automation (RPA) environments with full Software Quality Assurance (SQA) and User Acceptance Testing (UAT) functions; and
  • Have extensive experience related to the full life cycle of General Ledger (GL) technology including the sun setting of legacy GL systems, GL data conversion strategies, GL data integration (DI) and cleansing techniques, as well as Accounting Rules Engines (AREs) and business enablement technologies; and
  • Have experience creating, assessing, and extracting controls from data-centric documentation standards such as Data Flow Diagrams (DFDs) and Source-to-Target-Mapping documents; and
  • Have experience evaluating technical SSAE 16/18 Service Organization Control 1 (SOC 1) Type II reports to determine Internal Control Over Financial Reporting (ICFR) in preparation for review by Information Security.
Required:
B.S. in Information Technology/Cybersecurity (or related area), recent SOX 404 experience, current Certified Internal Auditor (CIA) credentials, and recent experience with SSAE 16/18 report creation and/or review.

Desired:
Ideal candidate will have current Certified Public Accountant (CPA) credentials, “Big 4” consulting experience, certifications related to databases (Oracle/DB2/SQL Server) or data analytics, and/or a Master’s degree in Information Technology, Accounting, Cybersecurity, or a related field.

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace. Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans. EOE/AA/M/F/Veteran/Disability