Director, Internal Controls and Operational Risk, IT

Benefits Overview

A career at CoBank can offer you the opportunity to make a personal impact on the people and communities where we do business. When you choose a career with CoBank, you make a difference by standing for something that matters. In order to be the best, we hire the best!

Remarkable Benefits Offered By CoBank

• Careers with a purpose. Stand for something!
• Time-Off Packages, 20 days of vacation, 10 paid sick days and 11 paid holidays
• Competitive Compensation & Incentive
• Hybrid work model: flexible arrangements for most positions
• Benefits Packages, including Medical, Dental and Vision coverage, Disability, AD&D, and Life Insurance
• Robust associate training and development with CoBank University
• Tuition reimbursement for higher education up to $10,000 per year
• Outstanding 401k: up to 6% matching and additional 3% non-elective contribution
• Community Impact: United Way Angel Day, Volunteer Day and Associate Directed Contribution
• Associate Resource Groups: creating a culture of diversity and inclusion
• Recognize a fellow associate through our GEM awards
  
  

Job Description

Leads the relationship between the Internal Controls and Operational Risk (ICOR) team and the Technlogy and Data Innovation (TDI) team. Includiing partnering with the TDI and Agile Coaching Team (ACT) to ensure risk in the SAFe environment are properly identified and controls are designed to appropriately mitigate the risks, including ongoing monitoring. Active partnership with the agile teams to drive enhancement and efficiency in the control environment across the enterprise including automating existing controls and audit requests. Lead control assessments of new technologies including AWS, cloud technologies, GenAI, and others to ensure risks are identified and controls are designed and implemented to mitigate the risks sufficiently including automated monitoring of control effectiveness. Develops and implements program to become SOC 2 compliant in the Security and Availabilty Trust Services Principles (TSP) and potentially future TSPs in the future.

Essential Functions

• Leads the relationship with the TDI team in all matters relating to risk identification, control design and control effectiveness monitoring to ensure risks are properly identified and controls are designed, implemented and operating effectively to address the risks identified.
• Leads partnership with IT SLT and Product team to coordinate ICOR resources in support of enterprise initiatives, development activities completed by the Agile Release Trains (ARTs) and activities in support of CoBank’s Digital First initiative.
• Leads the development of a SOC 2 program beginning with compliance with the Security and Availabilty TSPs and evaluating the other TSPs for applicability.
• Leads the ongoing Control Effectiveness Testing over controls in the SAFe environment to ensure controls are consistently executed in accordance with expectations and any deviations are timely identified, investigated and remediated as appropriate.
• Drives enhancements to the enterprise control environment that leverage technology to reduce manual controls and implement ongoing automated monitoring of control effectiveness to provide ongoing assurance that controls are operating as designed and timely identifying controls that are not operating as designed.
• Partners with TDI team to implement processes and controls to enable automated releases to production through continuous integration/ continuous development.
• Leads the ICOR effort to evaluate controls readiness for new technologies and practices, including GenAI, Optical Character Recognition (OCR), Robotic Process Automation (RPA), Amazon Web Services (AWS) and other emerging technologies and identify opportunities to leverage these technologies to drive enhancements in the control environment and processes across the enterprise.
• Develop and implement controls over cloud environments in partnership with TDI and Product leadership teams to ensure risks in cloud environments are appropriately identified and controls are designed and implemented to address the risk appropriately.
• Support the TDI organization on operational incidents identified to ensure root cause is identified, controls impact is properly evaluated, remeditation plans are identified and the evaluation is in accordance with Operational Incident standards as set by the ICOR team.
• Partners across the ICOR team in interactions with both internal and external auditors and the Farm Credit Administration (FCA) to maintains on-going communication, including alignment on ICFR, SOC 1, operational audits and FCA exam activities of the COO Group, including providing walkthroughs of process, results of internal testing, responding to audit information requests, and evaluating deficiencies and mitigation plans.
• Supports management in the execution of all internal controls (ICFR, SOC 1, SOC 2, operational, etc.) to ensure controls are properly executed and documented.
• Collaborates with management across all divisions to encourage an environment of continuous improvement that increases productivity, produces cost savings and fosters the adoption of best practices. Works with management as needed to update internal controls to better address business needs and identify efficiencies (i.e. automation of controls). Evaluates current design effectiveness of controls, and recommends best in class controls, driving continuous improvement throughout the processes.
• Identifies and ensures appropriate adoption of new rules issued by applicable regulatory or governing bodies to remain current on auditing standards, emerging technologies and regulatory trends. Provides periodic training for control owners and operators to ensure appropriate understanding on the background, purpose and importance of the ICFR, SOC 1 and other internal control programs.
• Identifies information technology controls (Security, Program Change, /and Computer Operations) operated outside of the IT division, and works with management to move the controls under the established IT control environment. Supports management in design, implementation and testing of controls for new applications and key initiatives.
• Partners with the ICOR leadership team to provide regular status to the MEC and COO Group management on open audit issues, and serves as a central point of contact for both internal and external audit and the FCA on remediation status.
• Works with TDI management to develop an ongoing risk assessment process to ensure new and changed processes are identified and reviewed efficiently to ensure they are in accordance with internal control and business process governance standards. Acts as an internal control resource for management, and determines whether internal controls are appropriate and effective in addressing noted risks by analyzing specific processes as requested.
• Manages associates of the internal controls team. Sets performance standards, establishes clear expectation, manages workflow, manages assignments, grants authorities, evaluates performance, provides coaching/mentoring, implements development plans, and recommends personnel actions within delegated authorities. Partners with Human Resources.
  
  

Education

• Master's Degree preferred
• Bachelor's Degree in Accounting, Finance, Information Technology or a related field. required
  
  

Work Experience

10 years of audit related experience, preferably with financial services industry, required

Prior Experience in business systems design, IT architecture design or digital transformation. required

Certified Public Accountant (CPA), Certified Internal Auditor (CIA), and/or Certified Information Systems Auditor (CISA) certification.

Big 4 Public Accounting Experience Preferred.

Advanced knowledge of ICFR, SOC 1, COSO and internal control standards.

Knowledge of SOC 2 and GRC systems and standards and experience with IT systems and controls, including how IT controls relate to business and operational processes.

Proven experience with emerging technologies (i.e. GenAI) and identification of opportunities to leverage emerging technologies in the enterprise control environment.

Proven Experience With IT Systems And Controls, Including

How IT controls relate to business and operational processes;

Driving enhancements in the enterprise control environment leveraging technology; and

Rationalizing controls to ensure risks are appropriately mitigated in an efficient mannor.

Advanced knowledge of and experience leveraging data technologies (i.e. Altryx, PowerBI, etc.) in the enterprise control environment and operational processes.

Proven experience and strong proficiency in identifying and evaluating complex business and technology risks, developing internal controls that mitigate risks, and identifying opportunities for improving processes and automated controls.

Demonstrated work management skills, with the focus on timely and successful completion of tasks and objectives.

Excellent analytical reasoning, strategic thinking and creative problem-solving skills.

Demonstrated leadership and organizational skills, with the ability to work independently as well as collaboratively in a team environment.

Strong executive presence, with the ability to build and maintain successful relationships with all levels of executives, internal team members, and external stakeholders and partners in the Farm Credit System.

Excellent written and verbal communications and presentation skills, with the ability to effectively present complex analysis with clarity.

Knowledge of Microsoft Office applications (Word, Excel, PowerPoint, Outlook), and other relevant business applications and systems.

About CoBank

The typical base pay range for this role is between $154,056.65 - $214,215.77. Compensation may vary based on individual job-related knowledge, skills, expertise, and experience. This position is eligible for a discretionary annual incentive program driven by organization and individual performance.

The listed salary, other compensation and benefits information is accurate as of the date of this posting. This job will be posted for a minimum of five (5) business days or until the position is filled. CoBank reserves the right to adjust compensation for all positions and to modify or discontinue benefits programs at any time in its sole discretion, subject to applicable law.

CoBank is a cooperative bank serving vital industries across rural America. The bank provides loans, leases, export financing and other financial services to agribusinesses and rural power, water and communications providers in all 50 states. The bank also provides wholesale loans and other financial services to affiliated Farm Credit associations serving more than 76,000 farmers, ranchers and other rural borrowers in 23 states around the country. CoBank is a member of the Farm Credit System, a nationwide network of banks and retail lending associations chartered to support the borrowing needs of U.S. agriculture, rural infrastructure and rural communities. Headquartered outside Denver, Colorado, CoBank serves customers from regional banking centers across the U.S. and also maintains an international representative office in Singapore.

REASONABLE ACCOMMODATION

We are committed to ensuring that our online application process provides an equal employment opportunity to all applicants, including qualified individuals with disabilities. If you are an applicant with a disability, or are assisting an applicant with a disability, and require accessibility assistance or would like to request a reasonable accommodation for any aspect of the application process, including completing an application, interviewing, or otherwise participating in the employee selection process, please submit a request by emailing recruiting@cobank.com. Include your contact information and specific details about your requested accommodation.

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment visa at this time.

CoBank is an Equal Opportunity Employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability, or status as a protected veteran.