GRC (Internal Control Tester)

Key Responsibilities:

1. Control Testing and Evaluation

• Conduct detailed testing of key controls across financial, operational, and IT processes.
• Evaluate the design and effectiveness of internal controls to ensure they meet compliance and operational objectives.
• Document test results, control deficiencies, and recommendations in a clear and structured format.
• Perform walkthroughs of processes to confirm control design alignment with policies and procedures.

1. Risk and Compliance Alignment

• Support risk assessments and control mapping exercises to ensure key business risks are appropriately mitigated.
• Assist in the maintenance and continuous improvement of the Risk and Control Matrix (RCM).
• Ensure all control testing activities comply with GLBA, SOX, COSO, or other internal control frameworks adopted by the organization.

1. Reporting and Communication

• Prepare and present findings to management, Internal Audit, and external auditors.
• Collaborate with process owners to develop remediation plans for identified control gaps or weaknesses.
• Track and validate remediation actions to ensure timely closure of issues.

1. Continuous Improvement

• Recommend enhancements to internal control documentation, testing methodologies, and reporting standards.
• Identify opportunities to automate control testing or monitoring using analytics tools.
• Stay informed about regulatory changes and best practices in risk and internal control management.

Key Competencies and Skills:

• Strong understanding of internal control frameworks (COSO, COBIT, SOX 404, ISO 27001).
• Analytical mindset with excellent attention to detail and critical thinking ability.
• Proficiency in documentation, process mapping, and testing methodologies.
• Strong written and verbal communication skills for reporting and stakeholder interaction.
• Ability to manage multiple testing assignments with minimal supervision.
• Working knowledge of audit tools, GRC platforms, or data analytics tools (e.g., ACL, Power BI, Excel, SAP, Archer, AuditBoard).

Qualifications:

• Education: Bachelor s degree in Accounting, Finance, Business Administration, Information Systems, or a related field.
• Experience:
• 8 years of experience in Internal Controls, Risk Management, Internal Audit, or External Audit.
• Experience in SOX control testing, process walkthroughs, and control documentation preferred.
• Certifications (preferred but not required):
• CIA (Certified Internal Auditor)
• CPA (Certified Public Accountant)
• CISA (Certified Information Systems Auditor)
• CRMA (Certification in Risk Management Assurance)

Performance Metrics / Success Indicators:

• Timely completion of control testing within audit plan timelines.
• Accuracy and completeness of control documentation and testing results.
• Reduction in repeat control deficiencies and audit findings.
• Positive feedback from business process owners and external auditors.