Primary Responsibilities:

• Conducting risk and control assessments across assigned technology and data domains.
• Aggregating and analyzing risk events reported and documented in eGRC Archer.
• Performing root cause analyses on identified risk events to recommend improvements to prevent these risk events from re-occurring in future. 
• Document remediation plans and track with assigned domains through completion to address any gaps in the mitigating measures identified. 
• Analyzing identified trends in the performance of controls tested by Enterprise Risk.
• Assisting the Enterprise Risk Manager in preparing reports to the Senior Managers, Executives, and Enterprise Risk Committee members. 
• Develop and maintain Quality Assurance (QA) control testing methodology and standards.
• Assist manager in identifying risks and developing control test templates.
• Develop & execute testing based on test plans utilizing eGRC Archer.
• Stay current on industry best-practices and regulatory rules and changes.

Methodology 20%:

• Assist Enterprise Risk Manager in developing QA methodology to include:
• Testing guidelines including developing test plans.
• Population and sampling guidelines.
• Performance reporting and remediation guidelines.
• Review/update annually.
• Work with Enterprise Risk Manager to establish goals and monitor progress.

Testing 50%:

• Develop a thorough understanding of risk and controls within the assigned domains at TMCC. 
• Proactive partner with risk and control owners in developing testing plans.  
• Create new test plans when new areas applicable to risk are developed or brought in-scope.
• Execute tests based on test plan for all applicable controls.
• Partner with Enterprise Risk manager and business process owner to evaluate errors and develop remediation action plans.

Reporting 15%:

• Develop and present to Risk senior management top issues along with recommendations on a monthly basis.
  Special Projects 15%:
• Coordinate and perform special reviews and ad hoc projects for Risk management with minimal supervision and direction from the Enterprise Risk manager. 
• Responsible for fielding incoming operational and procedural questions and concerns from the field and corporate departments.

Continuing Education and Professional Development 5%:

• Pursue professional development opportunities, including external and internal training and professional association memberships, and share information gained with co-workers.

Technical Requirements:
(Excel, PowerPoint, MS Word, Lotus Notes, etc.)
Describe the technical knowledge and experience required to accomplish the job duties and responsibilities.

• Proficiency in Microsoft Excel, Word, PowerPoint, VISIO.
• Strong ability to perform data analysis using excel techniques.
• Experience with Governance, Risk, Compliance systems (Archer eGRC) a plus.

Experience / Educational Requirements / Licenses or Certifications:

• Bachelor’s degree in accounting, Finance, Information systems, or Computer Science. (Nice to have)
• Certifications: CISA, CISSP, CISM or CRMA preferred. (Nice to have)
• Minimum of 5-10 years of experience with COSO, COBIT, and GRC methodologies and frameworks.
• Strong working knowledge of industry standard IT change management practices, data architecture principles, release testing, and QA procedures.
• Kaizen, Lean, or Six Sigma certifications are desirable.

Special Skills / Knowledge:

• Ability to develop and document process maps for control processes.
• Ability to identify and assess technology and data risks.
• Strong oral and written communication skills.
• Ability to credibly present findings & deficiencies to senior management.
• Ability to develop strong partnerships and influence people.
• Data analytics skill.