TITLE: SYSTEMS AND CONTROLS SPECIALISTSTATUS: EXEMPTREPORT TO: MANAGER – SYSTEMS & CONTROLS SPECIALISTDEPARTMENT: AUDIT SERVICESJOB CODE: 11184PAY SCALE: $81,400.00 - $88,000.00 ANNUALLY GENERAL DESCRIPTION: Under the direction of the Manager – Systems & Controls Specialist and the Senior Systems & Controls Specialist, responsible for executing audit consultations, control investigations, and root cause analysis reviews, including operations, applications, operating systems, database systems, host systems (teller platform), PC security systems, network systems, and telecommunications. This includes working with information technology and business operations personnel to identify risks, communicate and collaborate with management on observations and recommendations to strengthen controls, draft reports with observations and recommendations, and document work performed. Must demonstrate collaborative nature in working with client and team members to communicate and develop mitigation strategies to address risks identified. TASKS, DUTIES, FUNCTIONS: Collaborate with Audit Services and Senior Leadership to conduct consultative reviews and controls analysis. Evaluate the systems of control to determine the areas of highest risk using accepted risk management techniques. Develop review plans and test approach that adequately address areas within engagement scope. Compile timely, accurate, and complete conclusions, workpapers and reports that are in accordance with department procedures and expectations. Maintain an understanding of state and federal laws and regulations related to credit union compliance, including protection of member data and information and all consumer financial protection regulations. Execute test programs to validate relevant control objectives, document the results, and report to management regarding the adequacy of internal controls. Identify issues and develop recommendations for management to consider. Provide independent evaluations of IT controls, security, policies, and procedures. Perform and coordinate follow-up reviews to determine if management has taken action to mitigate risks identified. Where appropriate, consult on new systems acquisitions to assist in ensuring that the adequacy of controls are considered throughout the development life cycle. Participate in fraud and special investigations as necessary, including privileged reviews at the request and direction of General Counsel. Develop and build lasting client relationships. PHYSICAL SKILLS, ABILITIES, AND EXERTION UTILIZED IN THE PERFORMANCE OF THESE TASKS:Effective oral and written communication skills required to conduct interviews and control walkthroughs and analysis, and to communicate recommendations to Management, and staff.Must possess sufficient manual dexterity to skillfully operate an on-line computer terminal and other standard office equipment, such as financial calculators, personal computer, facsimile machine, and telephone. ORGANIZATIONAL CONTACTS & RELATIONSHIPS: INTERNAL: All levels of management and staff. EXTERNAL: External specialists, regulators/examiners, and peer groups. QUALIFICATIONS: EDUCATION: Bachelor’s Degree in relevant field of study, such as Information Technology, Information Systems, Accounting, Audit or other analytical fields. Pursuit of professional certification in related field. (Certified Internal Systems Auditor (CISA), Certified Information System Security Professional (CISSP), Certified Internal Auditor (CIA), or Certified Professional Accountant (CPA)). EXPERIENCE: 2 years or more of controls and/or audit experience preferred with at least 1 year of relevant IT controls experience. Experience with communicating audit results to management strongly preferred. Previous controls experience in the financial services industry strongly preferred. KNOWLEDGE/SKILLS: Knowledge and/or practical experience with common internal control frameworks such as COSO and COBIT. Experience with general computer controls (change management, incident management, disaster recovery, information integrity, capacity planning, security administration, vendor management, etc.), firewalls, intrusion detection preferred. Familiarity with PCI Compliance requirements a plus. Familiarity with FFIEC practices, IT systems acquisitions, Project Management, computerized information systems and applications, administrative and IT systems controls, computer operations, PC hardware, PC software, audit software (including CCH Team Mate), electronic banking equipment. Strong skills in Microsoft Office, email, Visio, etc. PHYSICAL REQUIREMENTS: Prolonged sitting throughout the workday with occasional mobility required. Corrected vision within the normal range. Hearing within normal range. A device to enhance hearing will be provided if needed. Occasional movements throughout the department daily to interact with staff, accomplish tasks, etc. LICENSES/CERTIFICATIONS: Pursuit of Certified Information Systems Auditor (CISA) or Certified Information System Security Professional (CISSP) acceptable. Pursuit of Certified Internal Auditor (CIA) or Certified Public Accountant (CPA) or equivalent is acceptable. THIS JOB DESCRIPTION IN NO WAY STATES OR IMPLIES THAT THESE ARE THE ONLY DUTIES TO BE PERFORMED BY THIS EMPLOYEE. HE OR SHE WILL BE REQUIRED TO FOLLOW OTHER INSTRUCTIONS AND TO PERFORM OTHER DUTIES REQUESTED BY HIS OR HER SUPERVISOR THAT ARE WITHIN HIS / HER KNOWLEDGE, SKILL AND ABILITY AS WELL AS HIS / HER MENTAL AND PHYSICAL ABILITIES. REV. 1/22/2024