BRCO Control Testing Lead - Enterprise Security and Technology

Job Description

BRCO Control Testing Lead The Business Risk and Control Officers (BRCOs) play a pivotal role in guiding the business to identify and understand risk exposures and the controls needed which are integral to reducing risk and safeguarding our customers and colleagues. BRCOs are critical to the success of the Risk Management Lifecyle and play a role in Planning, Identifying, Assessing, Mitigating, Monitoring, and Reporting. BRCOs are members of the First Line of Defense (1LOD) who:

• Provide leadership and coaching to the 1LOD to proactively identify and effectively manage risks.
• Translate and educate 1LOD to enable and drive business relevant implementation of Second Line of Defense (2LOD) risk management frameworks, policies, taxonomies, and inventories.
• Review, validate, and test 1LOD activities to ensure adequate control design and effective control operation.
• Provide credible challenge to 1LOD colleagues, ensuring safeguard and risk mitigation measures are upheld in decision making and adherence to 2LOD frameworks and policies prior to 2LOD review.
• Drive two-way collaboration across 1LOD and 2LOD; liaise between 1LOD and 2LOD to drive engagement throughout the risk management lifecycle.
• Collaborate and coordinate across the organization to help navigate and mitigate horizontal risk promoting resilience and ensuring safety and soundness.
• Document, aggregate and report risk in accordance with the risk management lifecycle.
• The Business Risk and Control Office (BRCO) Control Testing Lead is responsible for the structured review to validate that processes and controls function as intended to mitigate risk, including SOX controls. The BRCO Control Testing Lead does not own the design nor execution of controls.

Position Responsibilities Translates and interprets corporate testing policies and participates in the implementation of overall independent testing program for the Line of Business (LOB).

• Adheres to a defined testing schedule and provides periodic updates on progress.
• Provides guidance to other team members supporting the engagement.
• Establishes strong relationships with business partners and other key stakeholders ( SOX Office).

Develops testing processes and procedures in alignment with enterprise risk frameworks and policies and conducts baseline review activities.

• Understands LOB end to end business processes, products, services, financial statement risks, controls, and risk profile.
• Adheres to testing procedures, standards, and methodologies established by 2LOD. Tests are performed periodically based on inherent risk level and frequency of controls operation; scope and sample size vary based on the type of test, inherent risk level, and dataset population size.
• Addresses any review and challenge comments as received to ensure alignment with 2LOD testing requirements. Designs and executes testing plans and scripts to evaluate the effectiveness of the overall control environment, including for SOX compliance.
• Performs walkthrough prep and walkthrough execution.

Conducts testing of control design and operating effectiveness; including issue control testing/validation for more complex issues.

• Assesses both Design (is the control is designed to accomplish the goal or detect/prevent a misstatement - test sample of 1) and Effectiveness (was the control executed correctly).
• Performs the role of Tester/Preparer (does the testing, picks the samples, executes testing based on test plan, documents, manages follow-up, reviews comments) or Reviewer (reviews the testing, documents issues).
• Ensures 1LOD quality assurance procedures are aligned with frameworks and policies.

Documents and provides evidence for testing results.

• Documents narratives, flowcharts, and controls.

Reports on control testing results and key themes to management reflecting trends, emerging risks, strengths, and weaknesses.

• Identifies and escalates issues for remediation. Advises on how to remediate any control deficiencies/failures, proposing solutions to root causes of identified conditions.
• Validates remediation of control deficiencies and issues, including sustainability.
  Supports audits, exams and assessments conducted internally and externally.

Adapts testing methodology ( sampling methodology, resourcing) based on testing results and overall risk profile of organization.

• Identifies and assesses the impact of the changing regulatory environment on business objectives, risk appetite and testing methodology.

Business Partnering

• Partners and engages with relevant business partners at varying levels in the organization to develop and maintain a strong control environment through effective testing and related activities that lead to early identification and sustainable mitigation of risks.
• Drives a strong enterprise risk culture by fostering rigor and discipline focused on risk and compliance awareness, ethical business practices, transparency, and escalation.
• Learns continuously about the line of business to strengthen subject matter expertise and provide more valuable application of control testing.

A successful candidate will have the following knowledge and/or skills:

• Demonstrated knowledge of banking industry products, services, and workflows.
• Strong familiarity with critical business processes and controls, as well as overall business needs and objectives, for the Line of Business.
• Strong track record of driving timely and effective issue resolution in a financial services context.
• Deep expertise and ability to educate colleagues on risk management, controls, and compliance concepts, frameworks, and policies.
• Ability to establish authority, influence stakeholders, and productively debate issues (, credible challenge) at all levels including without direct reporting responsibility.
• Ability to build strong relationships and engage constructively in a proactive and transparent approach with cross-functional stakeholders, to challenge status quo and drive buy-in to achieve common goals.
• Ability to clearly and effectively communicate, including ability to summarize and explain complex findings and issues to a wide range of audiences.
• Ability to apply sound judgment and appropriately escalate concerns and issues.
• Ability to demonstrate managerial courage and inspire colleagues across the organization to embrace change.
• Ability to gather, analyze and interpret large datasets from various sources.
• Strong analytical and critical thinking skills with high attention to detail and accuracy.
• Ability to manage multiple tasks and projects, prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment.
• Self-starter, able to work independently, flexible and can navigate a complex organization.