Employee Applicant Privacy Notice
Who we are:
Shape a brighter financial future with us.
Together with our members, we’re changing the way people think about and interact with personal finance.
We’re a next-generation financial services company and national bank using innovative, mobile-first technology to help our millions of members reach their goals. The industry is going through an unprecedented transformation, and we’re at the forefront. We’re proud to come to work every day knowing that what we do has a direct impact on people’s lives, with our core values guiding us every step of the way.
Join us to invest in yourself, your career, and the financial world.
The First Line of Defense ( 1LOD) Business Control Testing (BCT) team is responsible for executing control testing activities to evaluate the effectiveness of SoFi’s Internal Controls.
The role:
The BCT IT Sr. Analyst is responsible for working closely with various SoFi business partners and/or control owners to execute control testing and deliver results within a timely manner. This person will execute tests of design and operating effectiveness, focusing on automated and application controls within SoFi’s in-scope business processes. This person will also be responsible for collaborating with the various stakeholders to understand processes, identify additional potential risks, and determine appropriate IT controls to implement. The BCT IT Sr. Analyst will partner with the issue manager(s) to build out appropriate milestones, owners, and timelines for identified issues via the control testing lifecycle.
Additionally, this role will partner with the BCT Manager to ensure the business units have a sustainable and effective end-to-end control environment by identifying gaps in existing processes to reduce errors and look for opportunities to create better controls with the process.
What you’ll do:
- Execute Design (DE) and Operating Effectiveness (OE) testing across the various SoFi business processes.
- Conduct testing of IT controls to ensure they are operating effectively. This may involve reviewing documentation, interviewing personnel, and performing hands-on testing of system configurations.
- Create and maintain adequate testing support documentation such as workpapers, testing reports, etc. to support the results of reviews including the write-up of findings/issues for reporting.
- Assess the adequacy of common IT Controls, including but not limited to access, change management, SoD, Incident Response, Data Security / Encryption, Network Security, Vulnerabilities / Patch Management, & IT Governance.
- Follow standardized procedures and templates.
- Develop and maintain effective relationships with internal business partners to execute work and fulfill control testing expectations.
- Drive accountability with control owners to ensure timely test completion.
- Prepare and present testing results and conduct the follow-up to monitor agreed-upon activities, including re-performance testing if needed.
- Act as an objective source of independent advice and partner with control owners to discuss control testing results and mitigation activities.
- Advise management of any recurring test failures to ensure prompt corrective actions.
- Work independently on a range of complex tests, which may include unique IT controls.
- Assist in the implementation of new IT controls and updating existing IT controls and the relevant documentation.
- Supports change management of varying scope and type; tasks will typically focus on execution and sustainment activities.
- Supports team members through training, peer review, and information sharing.
- Continually evaluates the environment for opportunities to proactively manage risk and improve processes based on observation, reviews, and feedback.
- Ad-hoc responsibilities to support the Business Controls and Control Testing programs.
- Own cross-functional initiatives that enhance the overall 1LOD Risk and Controls Business organization.
What you’ll need:
- Minimum 5-8 years of experience in IT risk management and/or IT control testing in financial services and/or banking operating environments.
- Minimum 4 years of experience in IT controls testing, quality control roles, or other complimentary capacities within the financial services industry.
- Scope of experience should include risk identification, mitigation, and control assessments as well as writing test scripts, transactional testing, and documenting results.
- Technical control testing proficiency and risk acumen.
- Working knowledge in technology risk and controls testing, relevant industry regulations, and standard industry processes (e.g., COBIT, ISO/IEC 27001, NIST, etc.).
- Results-oriented, problem-solving skills, and attention to detail.
- Strong verbal and written communication skills with the ability to communicate via Zoom meetings.
- Ability to balance multiple critical priorities simultaneously.
- Ability to take ownership of and lead ad-hoc team initiatives
- Experience in highly-matrixed, fast-paced environments.
- Self-starter with a strong ability to work independently with minimal oversight.
- Fluent in MS Excel and PowerPoint, comfortable with analyzing large datasets in Google Suite (Sheets, Slides, etc.), MS Office applications, etc.
- Proficiency in IT systems, networks, and security technologies and tools.
- Preferred qualifications include CISA, CISSP, and/or CIA
- A Bachelor's Degree in information technology, computer science, or related field or 6 years of relevant experience, or equivalent work experience.
Compensation And Benefits
The base pay range for this role is listed below. Final base pay offer will be determined based on individual factors such as the candidate’s experience, skills, and location.
To view all of our comprehensive and competitive benefits, visit our
Benefits at SoFi page!
SoFi provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion (including religious dress and grooming practices), sex (including pregnancy, childbirth and related medical conditions, breastfeeding, and conditions related to breastfeeding), gender, gender identity, gender expression, national origin, ancestry, age (40 or over), physical or medical disability, medical condition, marital status, registered domestic partner status, sexual orientation, genetic information, military and/or veteran status, or any other basis prohibited by applicable state or federal law.
The Company hires the best qualified candidate for the job, without regard to protected characteristics.
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
New York applicants: Notice of Employee Rights
SoFi is committed to embracing diversity. As part of this commitment, SoFi offers reasonable accommodations to candidates with physical or mental disabilities. If you need accommodations to participate in the job application or interview process, please let your recruiter know or email accommodations@sofi.com.
Due to insurance coverage issues, we are unable to accommodate remote work from Hawaii or Alaska at this time.
Internal Employees
If you are a current employee, do not apply here - please navigate to our Internal Job Board in Greenhouse to apply to our open roles.