Senior Financial Manager (Audit)

About The Position

Requirements

• Experience performing ITGC testing (access management, change management, Configuration)
• Experience supporting A-123 Statement of Assurance IT requirements
• Experience with Service Organization Controls (SOC) and Complementary User Entity Control (CUEC) assessments and implementation.
• Familiarity with FISCAM, NIST 800-53, and Federal financial system controls.
• Experience performing Quality Assurance reviews of audit workpapers and control documentation.
• Experience with Notice of Findings and Recommendations (NFRs), Corrective Action Plans (CAPS), Test of Operating Effectiveness (TOE), Test of Design (TOD), and Service Organization Controls (SOC) Reports
• Experience managing IT audit evidence repositories (SharePoint, Teams, etc.)
• Minimum 8+ years’ experience
• Minimum Bachelor’s Degree

Nice To Haves

• CISA or similar IT audit/security certification (preferred)

Responsibilities

• Provide Quality Assurance (QA) review of IT control documentation, test plans, and Key Supporting (KSD) packages prior to submission for audit or Statement of Assurance purposes.
• Support testing of IT General Controls (ITGCs), including: User Access Management (provisioning, de-provisioning, privileged access) Change Management Configuration Management System Interfaces and Data Transfers
• Assist in the development and execution of ITGCtest plans (Test of Design (ToE)/(Test of Effectiveness (ToE)) procedures, including walkthroughs, sampling and evidence validation.
• Validate completeness and accuracy of IT control populations and samples used for testing.
• Support Statement of Assurance (SoA) IT inputs, including identification of IT risks, mapping of IT controls to financial reporting objectives, and documentation of IT control ownership.
• Assist in drafting SoA narratives and flowcharts related to IT systems, including control descriptions risk statements, and remediation status.
• Review SOC 1/ SOC 2 reports to identify CUEC applicable to CBDP and support mapping of SOC controls to internal CBDP IT controls and assist in documenting reliance strategies.
• Audit Engagement support including development, QA review, validation, and submission of IT and business process documentation in response to audit prepared by client (PBC) requests.
• Review Notice of Findings and Recommendations (NFRs) and develop or recommend Corrective Action Plans (CAPs) to remediate deficiencies and weaknesses.
• Monitor and assess the implementation and validation of CAPs.
• Risk Management and Remediation to include providing expertise, recommendations, and industry best practices to support continuous improvements and increased feedback throughout the Audit Engagement and Audit Remediation processes, to include guidance, business rules, and process workflows.
• Audit Remediation Data Management using information provided by stakeholders, perform timely uploads or updates to CAP-related documentation in the designated audit remediation tool and provide an update to customer management.
• Perform data analytics to assess the risk of misstatement from CAPs that are not fully remediated.
• Assess remediation testing results to determine sufficiency of remediation procedures.
• Internal Controls Over Financial Systems (ICOFS) - Develop test plans to validate internal controls are in place for ICOFS/Complementary User Entity (CUECs).
• Conduct a review of Statements of Assurance (SOA) for accuracy and completeness as it relates to ICOFS. This includes providing advice and performing, reviews, assessments, and a gap analysis to Federal Information Systems Control Audit Manual (FISCAM) requirements and NIST 800-53 standards and controls.
• Develop, update, and review Memorandums of Understanding (MOUs) with service providers to include CUEC roles and responsibilities.
• Plan and execute the day-to-day activities of IT audit and CUEC engagements.
• Assist with the review of work performed by other team members.