Senior Associate, Business Controls

Sallie Mae•Indianapolis, IN

14d•Hybrid

About The Position

The Senior Associate of Business Controls role is part of the Business Controls Office and is responsible for governance, risk and compliance (GRC) activities for the Technology and Enablement organization. A key responsibility of the position is serving as the liaison between the Internal Audit and First Line of Defense technology and security teams. In this capacity, the individual will monitor audit scope, provide guidance on audit expectations and processes, support prioritization of audit-related activities, and coordinate the collection and secure submission of requested evidence. Internal Audits and Audit Special Projects are conducted year-round, so this will be a continuous responsibility. This role also includes oversight of issue remediation activities, ensuring that monthly status updates are captured for all issues within the Chief Technology and Enablement Officer’s organization. The incumbent will support teams in navigating the issue management and operational event lifecycles, including timely issue and event creation within the GRC system. In addition, this individual will support the external SOX audit by partnering with stakeholders to gather and provide evidence for General IT Controls and application controls testing. Responsibilities also include contributing to other SOX-related activities, such as the review and evaluation of SOC Reports. The individual in this role will own the development of creating reports and dashboards that are generated for monthly management reporting. They will be responsible for ensuring data accuracy, consistency, and relevance. Finally, this role will contribute to the preparation for the IT regulatory examinations (e.g. FDIC/UDFI), including the coordination, collection and review of requested artifacts and the development of materials to support impacted teams.

Requirements

Bachelor’s Degree
4+ years of experience working in an audit, risk management and compliance field
Strong analytical and problem-solving skills
Must be a self-starter, capable of focused research, collection, and analysis of information
Ability to work both independently and in a team setting
Leadership, teamwork, organization and time management skills are critical.
Must be focused, energetic, willing to take ownership, and have a high-level of integrity
Ability to clearly communicate with staff at all levels of the organization and maintain effective working relationships across the organization and with external parties
Must be able to follow instructions and execute tasks independently
Experience in building reports for Management
Broad to advanced knowledge of computer applications such as Microsoft Excel, Word, Visio, PowerPoint, etc.

Nice To Haves

Experience and knowledge of working within a GRC system
Certifications such as CIA, CISA, CISSP, CRISC, CISM, CCSK, etc.

Responsibilities

Act as a resource to the technology and security teams for navigating the audit process
Develop strong working relationships with all control owners to build knowledge of operations and better facilitate the effort of gathering evidence
Maintain consistent communication with audit teams to ensure alignment of action items and status of requests
Review artifacts provided and securely submit to Audit teams
Coordinate the scheduling all meetings needed throughout the duration of the audit
Assist the Audit team with questions and follow up requests
Create Operational Events within the GRC system and monitor to ensure all remediation steps are completed as required
Ensure monthly updates are captured for open issues and events within the GRC system
Monitor issues against their target dates and take appropriate action if a date becomes at risk
Assist teams with preparing issue closure memos and review upon completion
Participate in a support role with the preparation for and execution of the IT FDIC/UDFI examination
Assist with the annual external SOX audit, providing support for all walkthroughs and requests that impact Corporate Security or Information Technology teams
Perform the review of SOC 1 reports and complete the applicable evaluation form
Complete all special projects and other duties as assigned through the year

Benefits

Competitive base salaries
Bonus incentives
Generous PTO, Floating Holidays and 12 Federal Holidays observed
Support for financial-well-being and retirement
401k with employer match
Comprehensive medical, dental, vision, hospital indemnity, critical illness, pet insurance and more
Employer paid short-term/long-term disability and basic life insurance
Flexible hybrid working arrangements.
Paid parental leave and adoption reimbursement programs
Free access to on-site staffed fitness centers (in Delaware) and gym subsidy (for locations outside Delaware)
Confidential counseling support (EAP), Health Advocacy services and Wellness program with financial incentives
Tuition Reimbursement and Family Scholarship Programs
Career development and training opportunities