Program Manager - Internal Controls

About The Position

Requirements

• Strong Internal Control and Risk Assessment Skills: Analyzing business processes end-to-end, identify key risks and controls, and assess their design and operating effectiveness. Capable of designing test plans and evaluating results critically.
• Project Management: Excellent project management abilities to plan, execute, and monitor a multifaceted compliance program. Can manage timelines, prioritize tasks, and direct supporting team members or consultants. Detail-oriented and organized, ensuring thorough coverage of all in-scope areas and timely completion of testing and remediation.
• Communication: Exceptional written and verbal communication skills. Able to prepare clear, executive-level reports and presentations on complex issues. Confident in leading meetings and presenting findings to senior executives and the Board Audit Committee. Skilled at influencing and collaborating with stakeholders at all levels.
• Leadership and Teamwork: Demonstrated leadership in driving cross-functional initiatives. Able to work collaboratively with accounting, IT, operations, and audit teams, and to build consensus on control improvements.
• Problem-Solving and Adaptability: Strong analytical and problem-solving skills; capable of root-cause analysis and creative solutioning for control issues. Comfortable working in a dynamic environment – able to adapt as the company grows or regulations change. Proactive in staying current on emerging risks and any changes that could impact management’s assessment of internal controls over financial reporting.
• Proficiency in Microsoft Office (Excel, Word, PowerPoint) for analysis and reporting.
• Bachelor’s Degree in Accounting, Finance, Business Administration, or related field.
• A minimum of seven (7) years of experience in audit, compliance, or internal controls roles.

Nice To Haves

• Experience with GRC software or SOX workflow tools (e.g., Optro/AuditBoard, Workiva Wdesk, or similar) is a plus.
• CPA, CIA, CISA, or similar certification preferred.
• Prior experience leading SOX 404 compliance for a public company is strongly preferred.

Responsibilities

• Lead Program of Internal Controls over Financial Reporting: Plan and manage the end-to-end SOX 404 compliance process, including annual scoping of accounts/processes, updating control documentation, identifying key controls and evaluating control design for new or changing business processes or systems. Establish the testing calendar and ensure all in-scope controls are identified and assessed.
• Internal Control Design and Implementation: Work with business units to develop and maintain effective internal controls and procedures that mitigate financial reporting risks. Update and improve control documentation, as needed, including narratives, flowcharts, and risk-control matrices.
• SOX Testing and Evaluation: Coordinate the execution of management’s testing of controls. This involves scheduling and overseeing testers (internal audit or external consultants), providing them with documentation, and reviewing test results. Monitor testing progress and facilitate remediation of any control deficiencies or exceptions. Perform an assessment of control deficiencies, including severity analysis and coordinate with the Chief Audit Executive and Chief Accounting Officer to determine whether deficiencies are control deficiencies, significant deficiencies or material weaknesses. Work with process owners to develop remediation action plans.
• Audit Coordination: Serve as the primary liaison to external auditors for SOX matters. Organize walkthrough meetings and provide auditors with requested evidence of controls. Address auditor questions and ensure any issues raised are resolved. Similarly, coordinate with internal audit for independent testing. This position will also support any regulatory examinations related to internal controls or compliance, ensuring information is provided accurately and in a timely manner.
• Reporting and Communication: Report on SOX compliance status to senior management on a regular basis. Prepare materials for executive leadership that summarize the scope of SOX compliance efforts, testing results, identified deficiencies, and remediation status. Escalate significant control issues promptly to the CFO and CRO. Also, facilitate and execute the quarterly CEO/CFO certification process under Section 302 by providing needed data on controls and any material changes.
• Software: Provide expertise for the use of the Optro (formerly AuditBoard) platform to maximize its use and find ways to improve efficiency across the SOXHUB module as well as participate in collaboration sessions with other AuditBoard module owners to extend its reach and enhance efficiency within Farmer Mac.
• Training and Advisory: Act as an internal consultant on internal controls over financial reporting and their related assessment requirements to business units and control owners. Train control owners on their responsibilities for internal controls over financial reporting, including how to perform self-assessments and maintain documentation. Provide guidance during process changes (e.g., system implementations or new product launches) to ensure appropriate controls are built in from the start. Foster awareness of financial reporting risks and internal controls over financial reporting throughout the organization.