Senior/Lead SOX Controls Analyst - Risk

Location: VA Winchester - Operations Full/Part Time: Full-Time Regular/Temporary: Regular

Job Description


You have goals, dreams, hobbies and things you’re passionate about.

What’s Important to You Is Important to Us
We’re looking for people who not only want to do meaningful, challenging work, keep their skills sharp and move ahead, but who also take time for the things that matter to them—friends, family and passions. And we're looking for team members who are passionate about our mission—making a difference in military members' and their families' lives. Together, we can make it happen.

Don’t take our word for it.

• Military Times 2021 Best for Vets Employers
• WayUp Top 100 Internship Programs
• Forbes® 2022 The Best Employers for New Grads
• Forbes® America's Best Employers
• Newsweek Top 100 Most Loved Workplaces
Fortune Best Workplaces for Women
Fortune 100 Best Companies to Work For®
• Computerworld® Best Places to Work in IT

Basic Purpose

To provide internal control guidance, evaluate control design / operating effectiveness, and recommend improvements to control- related practices. Research and establish new practices to ensure credit union control alignment with Section 404 of the Sarbanes Oxley Act (SOX). Work closely with key business partners to understand processes, financial statement risks, and key controls to reduce the risk of financial misstatement. Responsible for gathering data, creating reports, documenting and assessing Internal Control over Financial Reporting (ICFR), and producing evidence of control effectiveness  for audit readiness and a strong control environment. 


• Lead multi-disciplinary control initiatives to evaluate controls and ultimately transform any control gaps into mature control environments 
• Evaluate the operational performance of existing controls and devise remediation strategies that align control performance with the appropriate risk mitigation methodology 
• Gather and review existing policies, process narratives, and process models to develop insight into the current state of business processes that have an ICFR impact
• Partner with external and internal auditors to establish audit scope, evidence, priorities and testing procedures that will serve as the foundation for the subsequent audit execution strategy 
• Design, develop, and implement Key Control Matrices (KCMs) that summarizes a broad range of business processes into a control-centric and executive-ready audit deliverable 
• Create and recommend remediation plans for existing ICFR related Information Technology General Computer (ITGC) controls to address control gaps in design effectiveness 
• Validate and update SOX-Like controls documentation (e.g., Business Process Modeling Notation [BPMN] modes, process narratives, and KCMs) as needed to ensure accuracy and completeness
• Identify industry best practices associated with risk management and ensuring a strong control environment and implement as needed 
• Produce detailed timelines and milestones for control-related projects and manage to ensure key targets and deliverables are successfully completed 
• Review results from control and substantive testing to facilitate the remediation of control gaps and escalate possible critical issues to senior management 
• Lead, guide and mentor junior staff
• Ensure preventative, detective, and corrective controls are properly identified and aligned with business priorities such that new controls have an insignificant negative impact on the successful realization of business objectives 
• Solve control-related business problems by defining the problem, interviewing stakeholders, identifying and evaluating recommendations and alternatives, and presenting findings 

Qualifications - All required unless otherwise noted:

• Bachelor’s degree in Accounting, or related field, or the equivalent combination of experience, education and training
• Significant experience commensurate with what SOX 404 describes as “expert.” Advanced knowledge of SOX, Internal Controls over Financial Reporting, COSO framework and Generally Accepted Accounting Principles (GAAP).      
• Significant experience re-designing processes and necessary controls to mitigate financial statement risk (in alignment with industry best practices and with SOX standards and guidance) and partnering with business unit personnel to complete the transformation
• Significant experience with extracting,documenting information technology general controls and application control/process information (e.g., access controls, change management controls, segregation of duties, etc.)
• Significant experience assessing the design and operational effectiveness of user control considerations: such as SSAE 18 SOC 1 Type II reports
• Advanced presentation skills and experience communicating at all levels of the organization (including executive & leadership)
• Extensive experience in problem resolution including determining root cause, scope and scale of issues
• Significant experience with leading large projects/initiatives which have internal controls over financial reporting impact
• Extensive experience in managing multiple priorities independently and/or in a team environment to achieve goals
• Expert skill interpreting and synthesizing large amounts of information
• Experience in leading, guiding and coaching professional staff
• Experience using a GRC tool to manage risk, controls, testing results and processes. 
• Advanced skill in project management to include establishing and leading project teams; managing timelines/deadlines/resources; ensuring successful project implementation
• Advanced skill presenting findings, conclusions, alternatives and information clearly and concisely
• Advanced skill interacting with staff, management, vendors and members diplomatically and tactfully
• Desired - Certified Public Accountant (CPA) designation
• Desired - Certified Internal Auditor (CIA) designation
• Desired – Experience implementing a SOX or internal controls program at a large organization
• Desired – Expert knowledge with use of a GRC tool 
• Desired-Advanced knowledge of databases (Oracle/DB2/SQL Server) and queries (SQL), data analysis skills, report mining experience (Monarch/IDEA), and process modeling (BPMN) experience

Hours: Monday - Friday, 8:00AM - 4:30PM

Location: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602

Navy Federal is now hybrid! Our standard enterprise requirement for a hybrid schedule is to report onsite 4-16 days each month. The number of days reporting onsite will ultimately be determined by the employee's leadership and business unit needs. You will learn more throughout the hiring and onboarding process.

Salary: Navy Federal Credit Union assesses market data to establish salary ranges that enable us to remain
competitive. You are paid within the salary range, based on your experience, location and market position.

The salary range for this position is: $83,100 to $142,000 Annual Salary

Equal Employment Opportunity

Navy Federal values, celebrates, and enacts diversity in the workplace.  Navy Federal takes affirmative action to employ and advance in employment qualified individuals with disabilities, disabled veterans, Armed Forces service medal veterans, recently separated veterans, and other protected veterans.  EOE/AA/M/F/Veteran/Disability

COVID-19 Safety Protocols

All employees are expected to follow our COVID-19 safety protocols.


Navy Federal reserves the right to fill this role at a higher/lower grade level based on business need. An assessment may be required to compete for this position.

Bank Secrecy Act

Remains cognizant of and adheres to Navy Federal policies and procedures, and regulations pertaining to the Bank Secrecy Act.