Controls Assurance Associate

Sheer Logic Management ConsultantsClient, a leading international financial institution, is seeking to recruit a suitable candidate to undertake Risk Management Governance and Control Assurance engagements within their
business.

Job title: Controls Assurance Associate
Level: Entry Level
Salary: 45k.

Job Summary / Purpose:

The jobholder’s role is to provide management with assurance on the control environment in the business through the control testing First Line of Defence (FLOD) methodology. The jobholder is expected to be responsible for the robustness of all Risk Management governance within the business in line with the Enterprise Risk Management Framework.

The job holder’s responsibilities include Operational and Conduct Risk Testing & Monitoring for ad-hoc tasks, due diligence, and other demand initiatives. The role holder is responsible for completing all allocated Control Assurance engagements to a high standard as allocated by the Head of Reconciliation and Ops & Tech Controls Assurance.

The role holder will be responsible for the following:

Control Testing Reviews (CT)

• Deliver a comprehensive Control assurance review program plan covering all the key business requirements and ensuring that any gaps in the review process are identified and escalated.
• Manage and oversee the testing of Control Assurance review areas as per the FLOD methodology.
• Carry out reviews professionally and consistently produce a high standard of documentation i.e. evidence and in the agreed timelines with the business stakeholders.
• Conducting annually planned and contracted reviews across all business functions with the highest level of professionalism.
• Assessing how well the business is complying with rules and regulations and informing management whether any issues need escalations.
• Conducting unplanned/ad-hoc reviews in terms of a specific need and expectation received from Executive/Senior Management within the business units.
• Effective tracking, monitoring and closure of CT findings arising from planned/ Ad-hoc reviews.

Internal Audit / Regulatory/ External Auditors Control Issues/Combined Assurance

• Tracking and conducting pre-issues validation on AIA and Regulatory observations for the business.
• Provide assurance with regards to the remediation of Control Issues across the business in support of the combined assurance approach.
• Supporting partner functions during AIA & regulatory audits.

Other Control Assurance Engagements

• Ensuring that all Significant Control and Material Issues are being managed effectively and efficiently across the business.
• Ensure Root causes are effectively identified and lessons learnt are embedded.
• Provide, where appropriate, independent evaluations of the business risk profile to the senior management, local board, and regulators.
• Support business in control agenda by attending and enhancing business control meetings.
• Undertaking control awareness on control management to identified officials across the business.

As part of this process, the role holder will be responsible for undertaking the assurance work, to undertake engagements with limited supervision, reporting directly to the Head of Reconciliation and Ops & Tech Controls Assurance. This will cover the entire E2E assurance process, including the assessment of control environments within Ops and Tech through discussion with Senior Managers, facilitating assurance workshops with senior staff, planning and executing engagements.

Key accountabilities/Deliverables/Outcomes

Accountability: CONTROL ASSURANCE Sampling / Testing Time Split: 70%
Outputs:

• Understand and analyse the full range of evidence and information available to identify risks and controls, to undertake effective Control Assurance testing and draw objective conclusions. This will include the identification of root causes with management and the agreement of SMART actions which are realistic / sustainable and address the root cause(s). These will be for review by the Head of Reconciliation and Ops & Tech Controls Assurance and the Head of Financial Crime and Controls.
• Consistently produce a high standard of documentation to support the Controls Testing & Monitoring process, ensuring the work is carried in accordance with the requirements detailed in the FLOD methodology.
• Responsible for ensuring Controls Testing & Monitoring is in line with risk based FLOD engagement methodologies, including the production of soft working papers.
• Produce error free review reports upon completion of engagement for review by the Head of Reconciliation and Ops & Tech Controls Assurance and Head of Financial Crime and Controls.
• Effectively communicate the FLOD methodology to requisite stakeholders and ensure the Head of Reconciliation and Ops & Tech Controls Assurance and Head of Financial Crime and Controls are kept fully aware of the progress / issues during any engagement.
• Ensure all reviews are completed as per the approved assurance plan and output reports issued within the agreed time frames
• Identify thematic control issues within the business and recommend suitable solutions.
• Undertake ad-hoc engagements, due diligence work and demand initiatives as may be required.
• Maintain accurate and up to date working databases which correctly reflect the final report issued.
• Ensure reports/working papers and databases are properly archived after the completion of the CT engagements.
• Review the implemented user access controls and identity and access management systems and give recommendations to mitigate identified gaps
• Review the Monitoring of network and application performance to identify irregular activity and
• Perform regular audits to ensure security practices are compliant
• Deploy endpoint detection and prevention tools to thwart malicious hacks
• Perform review on set up patch management systems and give management assurance on process adherence to policies and standards
• Review the vulnerability management systems across all assets on-premises and in the cloud and highlight gaps to management
• Work with HR and/or team leads to educate employees on how to identify suspicious system activity
• Contribute to the continuous improvement of the IT controls matrix, ensuring alignment with applicable laws, regulations, and industry standards.
• Assess the effectiveness of IT controls, identifying areas for enhancement through risk assessments, control testing, and data analysis.
• Collaborate with IT teams to develop and implement corrective action plans, ensuring timely resolution of identified issues.
• Provide regular reporting to senior management forums on the status of IT controls and ongoing remediation efforts.
• Support activities of IT Control Owners to ensure compliance with internal policies, procedures, and external regulations.
• Identify, recommend, and implement process improvements to enhance control effectiveness and efficiency.
• Stay abreast of industry best practices, leading IT Controls Frameworks, Audit methodologies, and IT industry standards.
• Drive continual improvement of the IT SOX Controls governance program through the development of training materials and support processes for control owners.
• Participate in reviews, projects, and training initiatives as needed, and lead such efforts when required.
• Perform other duties as assigned.

Accountability: BUSINESS SUPPORT Partnerships Time Split: 10%
Outputs:

• Support the business unit in Issue identification and closure.
• Support the business unit in identifying emerging risks.
• Assist the business unit in understanding their processes and procedures.
• Share knowledge, information, ideas and assist in awareness sessions in the business units.
• Support the business unit in accurately identifying root causes and making actionable recommendations.
• Identify root cause of risk events arising from process failures to come up with controls to avoid repeats

Accountability: COMBINED ASSURANCE: Internal Audit / Regulatory/ External Auditors Control Issues/ CT Sampling / Testing Time Split: 10%
Outputs:

• Tracking and conducting pre-issues validation on AIA and Regulatory observations for the business.
• Provide assurance with regards to the remediation of Control Issues across the business.
• Support partner functions during AIA & regulatory audits

Accountability: Team Participation (Self- Development) Time Split: 10%

• Contribute fully to the team effort
• Facilitate coaching / training of team members in areas of specialist knowledge, or allocated areas of common interest
• Share knowledge, information, ideas and assist in the training of less experienced colleagues.
• Consistently equip oneself with relevant knowledge to the role.

Role/person specification

Preferred Qualification Education and experience required

• B-degree in Computer Science
• Formal qualification or studying for ACIB, CPA, CIA, CISA, CCSA and or business or risk related degree / qualification.

Preferred Experience

• Experience within a banking environment
• Report writing and presentation experience.
• Exposure to consultation and facilitation.
• IT software Audit tools and techniques
• Stakeholder management and negotiation experience

Knowledge and Skills

• Auditing/Assurance/Risk/Rigor and investigative skills under a risk-based methodology
• Understanding of key risks faced by banks and core control environment
• Penetration testing/Red teaming
• Full stack web development (MERN)
• Microsoft office suite (word, excel, PowerPoint)
• Project management (Agile)
• Knowledge of the Bank’s governance requirements
• Stakeholder management and negotiation experience

Behavioural Competencies 

• Integrity and professionalism
• Relationship/ Partnership Approach

Technical Competencies

• Problem Solving/ Decision Making
• Communication Skills
• Analytical, Testing & Monitoring
• Planning and Organising
• Innovation & Change