Business Risk And Control Officer - Control Testing Sr. Analyst

BRCO Control Testing Senior Analyst

The Business Risk and Control Officers (BRCOs) play a pivotal role in guiding the business to identify and understand risk exposures and the controls needed which are integral to reducing risk and safeguarding our customers and colleagues. BRCOs are critical to the success of the Risk Management Lifecyle and play a role in Planning, Identifying, Assessing, Mitigating, Monitoring, and Reporting. BRCOs are members of the First Line of Defense (1LOD) who:

• Provide leadership and coaching to the 1LOD to proactively identify and effectively manage risks.

• Translate and educate 1LOD to enable and drive business relevant implementation of Second Line of Defense (2LOD) risk management frameworks, policies, taxonomies, and inventories.

• Review, validate, and test 1LOD activities to ensure adequate control design and effective control operation.

• Provide credible challenge to 1LOD colleagues, ensuring safeguard and risk mitigation measures are upheld in decision making and adherence to 2LOD frameworks and policies prior to 2LOD review.

• Drive two-way collaboration across 1LOD and 2LOD; liaise between 1LOD and 2LOD to drive engagement throughout the risk management lifecycle.

• Collaborate and coordinate across the organization to help navigate and mitigate horizontal risk promoting resilience and ensuring safety and soundness.

• Document, aggregate and report risk in accordance with the risk management lifecycle.

The Business Risk and Control Office (BRCO) Control Testing Senior Analyst is responsible for the structured, post-execution review to validate that processes and controls function as intended to mitigate risk, including SOX controls. The BRCO Control Testing Senior Analyst must not be involved in the design and execution of controls.

Position Responsibilities:

Translates and interprets corporate testing policies and participates in the implementation of overall independent testing program for the Line of Business (LOB).

• Adheres to a defined testing schedule and provides periodic updates on progress.

• Establishes relationships with business partners and other key stakeholders (i.e. SOX Office).

Develops testing processes and procedures in alignment with enterprise risk frameworks and policies and conducts baseline review activities.

• Understands LOB end to end business processes, products, services, financial statement risks, controls, and risk profile.

• Adheres to testing procedures, standards, and methodologies established by 2LOD. Tests are performed periodically based on inherent risk level and frequency of controls operation; scope and sample size vary based on the type of test, inherent risk level, and dataset population size.

• Addresses any review and challenge comments as received to ensure alignment with 2LOD testing requirements.

• Designs and executes testing plans and scripts to evaluate the effectiveness of the overall control environment, including for SOX compliance.

Conducts testing of control design and operating effectiveness; including issue control testing/validation for more complex issues.

• Assesses both Design (is the control is designed to accomplish the goal or detect/prevent a misstatement - test sample of 1) and Effectiveness (was the control executed correctly).

• Performs the role of Tester/Preparer (does the testing, picks the samples, executes testing based on test plan, documents, manages follow-up, reviews comments) or Reviewer (reviews the testing, documents issues).

• Reviews 1LOD quality assurance procedures are aligned with frameworks and policies.

Documents and provides evidence for testing results.

• Documents narratives, flowcharts and controls.

Reports on control testing results and key themes to management reflecting trends, emerging risks, strengths, and weaknesses.

• Identifies and escalates issues for remediation. Advises on how to remediate any control deficiencies/failures; proposing solutions to root causes of identified conditions.

• Validates remediation of control deficiencies and issues, including sustainability.

• Supports audits, exams and assessments conducted internally and externally.

Business Partnering

• Partners and engages with relevant business partners at varying levels in the organization to develop and maintain a strong control environment through effective testing and related activities that lead to early identification and sustainable mitigation of risks.

• Drives a strong enterprise risk culture by fostering rigor and discipline focused on risk and compliance awareness, ethical business practices, transparency, and escalation.

• Learns continuously about the line of business to strengthen subject matter expertise and provide more valuable application of control testing.

A successful candidate will have the following knowledge and/or skills:

• Demonstrated knowledge of banking industry products, services, and workflows.

• Familiarity with critical business processes and controls, as well as overall business needs and objectives, for the Line of Business.

• Track record of driving timely and effective issue resolution in a financial services context.

• Ability to educate colleagues on risk management, controls, and compliance concepts, frameworks, and policies.

• Ability to build relationships and engage constructively in a proactive and transparent approach with cross-functional stakeholders, to challenge status quo and drive buy-in to achieve common goals.

• Ability to clearly and effectively communicate, including ability to summarize and explain findings and issues to a wide range of audiences.Ability to apply sound judgment and appropriately escalate concerns and issues.

• Ability to demonstrate managerial courage and inspire colleagues across the organization to embrace change.

• Ability to gather, analyze and interpret large datasets from various sources.

• Strong analytical and critical thinking skills with high attention to detail and accuracy.

• Ability to manage multiple tasks and projects, prioritize work, meet deadlines, achieve goals.

• Self-starter, able to work fairly independently under the guidance of management, flexible and can navigate through an organization.

Position Qualifications:

• Bachelor's degree from an accredited university or a High School Diploma or GED and 6 years of Risk Management or other related experience in the Financial Services Industry
• 4 years of experience in Risk Management, Compliance, Audit, or related field

Experience in executing and reporting on testing reviews and/or regulatory issue validation activities

• Knowledge and experience with testing/auditing principles, particularly in the understanding of risk and controls, execution of testing strategy and approach, perform data testing

• Understanding of rules, laws, regulatory requirements and ability to develop/execute tests to assess for compliance with requirements

• Proficient in risk management software, MS Office Suite, and other related technology tools

• Strongly Preferred: 2years of experience in Financial Services industry and/or knowledge of Business Line products, services, and business processes

Comerica Great Lakes Campus8:00am

• 5:00pm Monday

• Friday, this position includes both onsite and remote work.