The First Line of Defense ( 1LOD) Business Control Testing (BCT) team is responsible for executing control testing activities to evaluate the effectiveness of SoFi’s Internal Controls.

The role:

The BCT IT Sr. Analyst is responsible for working closely with various SoFi business partners and/or control owners to execute control testing and deliver results within a timely manner. This person will execute tests of design and operating effectiveness, focusing on automated and application controls within SoFi’s in-scope business processes. This person will also be responsible for collaborating with the various stakeholders to understand processes, identify additional potential risks, and determine appropriate IT controls to implement.  The BCT IT Sr. Analyst will partner with the issue manager(s) to build out appropriate milestones, owners, and timelines for identified issues via the control testing lifecycle.  

Additionally, this role will partner with the BCT Manager to ensure the business units have a sustainable and effective end-to-end control environment by identifying gaps in existing processes to reduce errors and look for opportunities to create better controls with the process. 

What you’ll do: 

• Execute Design (DE) and Operating Effectiveness (OE) testing across the various SoFi business processes. 
• Conduct testing of IT controls to ensure they are operating effectively. This may involve reviewing documentation, interviewing personnel, and performing hands-on testing of system configurations.
• Create and maintain adequate testing support documentation such as workpapers, testing reports, etc. to support the results of reviews including the write-up of findings/issues for reporting. 
• Assess the adequacy of common IT Controls, including but not limited to access, change management, SoD, Incident Response, Data Security / Encryption, Network Security, Vulnerabilities / Patch Management, & IT Governance.
• Follow standardized procedures and templates.
• Develop and maintain effective relationships with internal business partners to execute work and fulfill control testing expectations.
• Drive accountability with control owners to ensure timely test completion.
• Prepare and present testing results and conduct the follow-up to monitor agreed-upon activities, including re-performance testing if needed. 
• Act as an objective source of independent advice and partner with control owners to discuss control testing results and mitigation activities.
• Advise management of any recurring test failures to ensure prompt corrective actions.
• Work independently on a range of complex tests, which may include unique IT controls. 
• Assist in the implementation of new IT controls and updating existing IT controls and the relevant documentation. 
• Supports change management of varying scope and type; tasks will typically focus on execution and sustainment activities. 
• Supports team members through training, peer review, and information sharing.
• Continually evaluates the environment for opportunities to proactively manage risk and improve processes based on observation, reviews, and feedback. 
• Ad-hoc responsibilities to support the Business Controls and Control Testing programs.
• Own cross-functional initiatives that enhance the overall 1LOD Risk and Controls Business organization. 

What you’ll need:

• Minimum 5-8 years of experience in IT risk management and/or IT control testing in financial services and/or banking operating environments.
• Minimum 4 years of experience in IT controls testing, quality control roles, or other complimentary capacities within the financial services industry. 
• Scope of experience should include risk identification, mitigation, and control assessments as well as writing test scripts, transactional testing, and documenting results.  
• Technical control testing proficiency and risk acumen. 
• Working knowledge in technology risk and controls testing, relevant industry regulations, and standard industry processes (e.g., COBIT, ISO/IEC 27001, NIST, etc.).
• Results-oriented, problem-solving skills, and attention to detail.
• Strong verbal and written communication skills with the ability to communicate via Zoom meetings. 
• Ability to balance multiple critical priorities simultaneously. 
• Ability to take ownership of and lead ad-hoc team initiatives 
• Experience in highly-matrixed, fast-paced environments.
• Self-starter with a strong ability to work independently with minimal oversight. 
• Fluent in MS Excel and PowerPoint, comfortable with analyzing large datasets in Google Suite (Sheets, Slides, etc.), MS Office applications, etc. 
• Proficiency in IT systems, networks, and security technologies and tools.
• Preferred qualifications include CISA, CISSP, and/or CIA
• A Bachelor’s Degree in information technology, computer science, or related field or 6 years of relevant experience, or equivalent work experience.