The Control Testing team within the AMER Region of Société Générale (“SG) operates as part of the 2nd Line of Defense within a “Three Lines of Defense” model and is a key component of the SG’s risk management program.
The Control Testing team performs risk-based independent testing of controls related to the management of compliance and operational risks across business lines, support units (i.e., compliance, information technology, operations, human resources, data office, etc.) and legal entities. The primary objective of the testing is to evaluate internal controls, policies and procedures to assess whether they are reasonably designed and in the case of transaction testing, that controls are working as intended to ensure SG activities comply with applicable Laws, Rules and Regulations and that the firm's operational risks are appropriately mitigated.
The candidate will report to an experienced testing manger and will be responsible for leading reviews as part of the Annual Control Plan focused speficically on Information Technology, Infosec and Cyber risks. The candidate will be responsible to:
- Conduct business process and control walkthroughs and gather information to understand the context, risks and intended control operation to be tested.
- Scope, plan and execute technology and compliance control audits with the following focus areas:
- Design and execute tests to validate application system controls, which may require data analysis, code inspection and re-performance of system processes.
- Analyse the design of controls around the underlying system architecture in the context of information technology controls such as security, availability and performance and their impact on business-aligned technology groups.
- Analyse the business and technology processes to evaluate the effectiveness of the relevant technology controls.
- Validate that system features meet business, technology and regulatory requirements.
- Identify issues through testing, ensuring that appropriate action plans are being developed by the business to correct the deficiencies noted.
- Discuss results and findings with relevant stakeholders including the business or function being tested.
- Document review work and develop final testing reports to document and formally communicate testing results to stakeholders.
- Validate that the business has completed the agreed upon action plans by the due date.
- Maintain regular engagement and provide feedback to key stakeholders within Compliance, Risk and Business units.
- Assist the audit manager with development of the annual risk based Testing Plan.