Employee Applicant Privacy Notice
Who we are:
Shape a brighter financial future with us.
Together with our members, we're changing the way people think about and interact with personal finance.
We're a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we're at the forefront. We're proud to come to work every day knowing that what we do has a direct impact on people's lives, with our core values guiding us every step of the way. Join us to invest in yourself, your career, and the financial world.
The First Line of Defense ( 1LOD) Business Control Testing (BCT) team is responsible for executing control testing activities to evaluate the effectiveness of SoFi's Internal Controls.
The role:
The Business Controls Testing QA Lead will be responsible for:
- Supporting the delivery of high-quality, consistent, and risk-focused 1LOD control testing to assess the design and operating effectiveness of controls for in-scope Risk Control Self Assessments (RCSA) processes, through the execution of quality assurance reviews, with an emphasis on technology (IT) controls.
- Improving processes to optimize the efficiency and effectiveness with which assurance work is executed, by undertaking quality assurance reviews, driving control testing skills training, and maintaining IT & business control testing and reporting standards and methodology.
- Assist business and technology stakeholders and risk partners in establishing or updating control inventories, control descriptions, workflows/ processes, etc. to support and drive consistent control testing.
- Proactively monitoring for changes to the enterprise, industry, and regulatory requirements, guidance and pronouncements, and supporting control remediation efforts such as the creation of action plans to address control deficiency/gaps and analyze process deficiencies that could lead to process improvement initiatives where appropriate.
Overall, work will also include driving improvement efforts in efficiency, effectiveness, and productivity, including implementing initiatives across 1LOD Business Controls.
What you'll do:
- Perform quality assurance reviews (QARs) of work performed by the control testing teams on both a real-time and look-back basis, including the test of design, test of operating effectiveness, issue pre-validation, control remediation retests, test plan, tracking and reporting in alignment with risk and control inventory changes.
- Assess the adequacy of testing related to common IT Controls, including but not limited to access, change management, SoD, Incident Response, Data Security / Encryption, Network Security, Vulnerabilities / Patch Management, & IT Governance.
- Experience with reviewing system configurations, scripts, automations, etc.
- Record, observe, and prepare reports related to the status of control test execution and QA activities and results, including thematic issues identified and the status of any pre-validation and remediation efforts to leadership.
- Develop and/or enhance key success measures/metrics and reporting to support control testing activities.
- Provide day-to-day support and guidance on IT control testing, including participating in walkthrough meetings, reviewing documentation and assessing the adequacy, and leading final disposition meetings.
- Proactively monitor for changes to the enterprise, industry, and regulatory requirements, guidance, and pronouncements.
- Partner with risk groups such as compliance, SOX, 2LOD, and internal audit to drive consistency and continuous improvement.
- Review and improve the 1LOD BCT procedures, methodology, and standards including related practices, by drafting and presenting methodology documents to key internal stakeholders, developing guidance notes, and other guides.
- Develop and update methodology and guidance to align with evolving practices and innovation initiatives.
- Apply technical understanding of enterprise-wide risk management policies, standards, and practices to recommend enhancements to BCT methodology and guidance.
- Identify and contribute to the development of continuous improvement opportunities to train the team on program findings/enhancements.
- Produce effective communication tools to share best practices and methodology.
- Assist in the provision of methodology training to control testers and business stakeholders, including tailored training as needed.
- Support 1LOD and Business Controls preparation for and participation in regulatory exams or external assessments.
- Participate in selected departmental initiatives.
- Perform other duties as assigned.
What you'll need:
- 5+ years of experience in IT risk management in financial services, technology, and/or banking operating environments; specifically managing and executing/reviewing first-line controls testing, internal audit, quality control roles, or other complimentary capacities within the financial services industry.
- A Bachelor's Degree in information technology, computer science, or 8 years of relevant experience in place of a degree.
- Preferred qualifications include CISA, CISSP, and/or CIA.
- Working knowledge of SoFi's products and services.
- Subject matter expertise in operational risk and controls testing; working knowledge of relevant industry regulations and standard industry processes.
- Working knowledge in technology risk and controls testing, relevant industry regulations, and standard industry processes (e.g., COBIT, ISO/IEC 27001, NIST, etc.).
- Knowledge of process development (e.g., process taxonomy, process mapping, etc.)
- The scope of experience should include risk identification, mitigation, and control assessments as well as writing test scripts and documenting results.
- Strong written and verbal communication skills, and experience preparing audit workpapers, issues, reports, and management presentations.
- Strong ability to create a culture of ownership, accountability, collaboration, and ability to influence at different levels.
- Ability to work independently with limited daily supervision while meeting deadlines.
- Ability to navigate through ambiguity, manage and coordinate multiple project assignments, and deliver on commitments.
- Partnership mindset to ensure we have positive and productive working relationships with auditors and examiners.
- Proficiency in IT systems, networks, and security technologies and tools.
- Experience in highly-matrixed, fast-paced environments.
The following experiences are a plus:
- Payments, FinTech, and/or Startup experience.
- Performing data analysis using data mining and visualization techniques (Alteryx, Tableau, SAS, SQL, R, Python).
- Familiarity with the FRB, OCC, FDIC, and CFPB examination procedures.
Compensation and Benefits
The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate's experience, skills, and location.
To view all of our comprehensive and competitive benefits, visit our Benefits at SoFi page!
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
New York applicants: Notice of Employee Rights
SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email [email protected].
Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
Internal Employees
If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.
What We Do
For over a decade, SoFi has helped transform the Fintech industry by creating financial products and services that help people borrow, save, spend, invest, and protect their money better, so they can achieve financial independence and realize their ambitions. Whether it’s owning a home, saving for retirement, paying off their student loans, or helping our members invest - SoFi is there every step of the way. Want to learn more about how it works? Check it out here: https://www.sofi.com/how-it-works/
Our core values are at the center of how we help our millions of members get their money right. They are our guiding principles for how we think about serving our members, building our company, and most importantly, how we work together. At SoFi, it’s not just what we do - but how we do it.
SoFi is also proud to be the naming rights partner of SoFi Stadium, home of the Los Angeles Chargers and the Los Angeles Rams.
For more information, visit SoFi.com
Why Work With Us
Together with our members, we’re changing the way people think about and interact with personal finance. We’re a next-generation Fintech company using innovative, mobile-first technology to help our members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront.
Gallery
SoFi Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
For the majority of our workforce who work on a hybrid schedule, the in-office requirement is a handful of days per month!