SunTrust SOX Program Management is an integral and active part of a dynamic risk management environment at SunTrust Bank. We collaborate and consult with the risk teams for the various Lines of Business (LOBs) and Departments across the bank, as they design, identify, evaluate and document, controls and processes in support of SunTrust’s Sarbanes-Oxley, FDICIA compliance efforts as well as System and Organization Controls (SOC) reports.
We have an opportunity for an experienced, business oriented, information technology (IT) risk professional. This candidate will have significant opportunities to collaborate with key technology, business and audit partners to evaluate risks, perform control testing, guide teams in identifying controls and remediating control gaps to keep pace with changes in the underlying business and changes in technology.
- Serve as a Subject Matter Expert (SME) for risk and compliance for SOC processes and initiatives.
- Interface with business and technology partners on SOC1 efforts both for the SunTrust issued SOC1s and vendor issued SOC1s.
- Perform testing of business and IT controls as part of the work of others reliance program.
- Provide support as risk and audit teams perform assessments to evaluate controls, security, SOD, and execute audit procedures.
- Lead the adaptation of a work program and practice aids.
- Utilize COSO Framework, CoBIT, ITIL, ISO, FFIEC and/or other leading business and IT control frameworks to provide guidance to teams.
- Identify key risks and controls, recommend improved controls, perform controls readiness projects and identify and assess configuration of controls in business processes.
Demonstrated audit experience in:
- Control testing for both business controls including automated and IT dependent manual controls
- Control testing for IT General Controls
- Audit documentation quality standards
- Information Performed by Entity (IPE) audit requirements
- Obtaining, assessing and reviewing process documentations to identify key risk areas
- Ability to work independently and produce high quality audit documentation
- Collaborating with cross functional teams in an audit and SME capacity
- Developing, presenting, and defending clear, concise, and relevant issues timely to management
- Delivering both formal and informal presentations that are appropriate and on topic, demonstrate superior knowledge, and achieve intended results
- Confidently using clear, professional and effective communication skills at all levels
- Demonstrating strong interpersonal, project management and execution skills, including: prioritizing tasks, balancing workload, anticipating next steps, and adapting to change
- Pursuing work with enthusiasm, energy and drive
- Committing to personal growth and development of the team
- Collaboratively working with management to improve internal controls and identify process efficiencies
- Establishing and building effective relationships with key contacts
- Understanding the roles, responsibilities, processes and goals of key contacts and their departments
- Tailoring risk mitigation approaches based on client needs and changing business environment
- Maintaining a positive, professional and team-oriented attitude
- Understanding and applying risk and internal control concepts
- Identifying root cause factors contributing to audit issues
- Surfacing and pursuing resolution of audit issues with clients
- Developing practical recommendations for reducing risk
- Minimum Requirements:
- Bachelor’s degree Accounting or Information Systems, Computer Science or related IT Audit & Control disciplines
- 4 years of relevant business and information technology audit experience
- Preferred Qualifications:
- SOC1 testing experience
- Control testing experience in a public accounting firm
- Certification in at least one of the following: CISA, CIA, ITIL, CPA, CISSP
- Bachelor’s degree in Business, Economics, Finance, or Accounting, or an equivalent combination of education and work experience.
- 5 years of work experience including audit, operations, process engineering or risk management
- Strong knowledge of SOX and other industry-related regulatory requirements, and operational risk concepts.
- Professional communications and presentation skills.
- Strong relationship management skills.
- Demonstrated leadership or management skills.
- Solid knowledge of risk management principles and controls, broad-based business practices, and deep understanding of segment/function business processes, with the ability to assess levels of adherence/execution and identify risk/control improvement opportunities.
- Experience in the financial services industry
- Project management skills
- Strong writing and verbal skills
- Ability to work within a matrix organization
Equal Opportunity Employer: SunTrust supports a diverse workforce and is a Drug Testing and Equal Opportunity Employer. SunTrust does not discriminate against individuals on the basis of race, creed, color, gender, religion, national originTo review the EEO Poster, copy and paste the following link into your browser: http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf