Job Location: United States : North Carolina : Cary
As part of the enterprise's "general contractor of choice" for risk management and control and in compliance with Section 404(b) of Sarbanes-Oxley Act of 2002, guides and leads the assessment over the design and operational effectiveness over internal controls over financial reporting. MetLife maintains a global program to assess its compliance with SOX and also issues multiple SSAE16 reports for use by its customers. This role serves as Internal Audit’s focal point of communication for all ITGC matters globally affecting SOX and SSAE16. This role helps ensure the line of business (LOB) Internal Audit (IA) teams execute against their responsibilities to support the overall IT SOX program, and is critical in communicating and coordinating with:
- MetLife’s first lines of defense - the IT and business units that own and operate the controls
- Second lines of defense - the Internal Controls Department (ICD) and IT Risk & Security (ITRS) that provide oversight and monitoring over the first line’s execution of these controls
- The third line of defense – the Internal Audit teams globally that support ICD’s management testing efforts over internal controls over financial reporting (ICFR).
- Coordinate with ICD, ITRS, and LOB SOX Coordinators on the scope of applications, servers, databases and controls to be evaluated.
- Manage the LOB Internal Audit leads to execute against the enterprise services scoping framework to accurately assess which applications subscribe to enterprise services and controls and to identify the scope of application-specific testing performed by the LOB teams.
- Work with the external auditor on reliance strategy, and manage the workstream leads on the delivery of IA results against its reliance timelines.
- Communicate and coordinate ICD testing deadlines with Global Technology and LOB Internal Audit leads.
- Maintain direct responsibility and oversight for one or more testing workstreams (e.g., Identity and Access Management) and review the results of work performed by staff/senior resources in the design and execution of testing procedures. Provide coaching/feedback to team members based on the results of work performed.
- Ensure quality through the review of testing procedures and a sample of testing results, ensuring that exceptions are appropriately adjudicated to conclusion
- Design and deliver training to both US and India teams performing testing on prior lessons learned and changes in documentation and testing approach.
- Evaluate the results of IT testing, by evaluating the root causes for exceptions identified, altering testing procedures as appropriate, and communicating the results of testing/deficiencies with stakeholders.
- Work with ITRS and LOB teams to obtain management action plans for issues identified and ensure entry into IA GRC tool for tracking purposes.
- Reports on findings to management and compiles reports of status and results of testing for senior management.
- Maintain positive working relationships with all stakeholders, including IT management, ICD, ITRS and other IA teams.
- Serve as the IT SOX/SSAE16 subject matter expert for the organization, providing advice to ICD/ITRS on methodology and guidance on such topics as application controls, population completeness (also known as information provided by the entity/electronic audit evidence), deficiency aggregation, etc.
- Work with data analytics teams to provide guidance on innovative techniques to further automate SOX procedures performed. Lead the design and execution of less complex analytics techniques and provide oversight/review over the DA team’s design/execution over more advanced techniques.
- Manage overall SOX project management and testing results through use of GRC tool, Sharepoint, and other reporting mechanisms.
- Escalate potential issues in SOX project management and deficiencies in controls to appropriate IA and ITRS contacts for timely resolution.
Supervisory Responsibilities: No direct supervisory responsibilities, but will provide guidance/feedback to the team members directly working on SOX workstreams and other stakeholder feedback as requested.
(5 -7 bullets)
- 5-8 yrs. relevant business experience.
- Working towards CISA, CIA, CPA, CISM or CISSP designation.
- Possesses advanced-level understanding of IT general controls (security, change management, disaster backup recovery, data center, etc.).
- Understanding of system development lifecycle methodology, operating system and database platforms (mainframe, client/server, Web services, Windows, UNIX, AS400, DB2, etc.).
- Possesses fundamental understanding of COBIT principles.
- Possesses proficient understanding of data analysis tools such as ACL, and application of financial and operational analytics; knowledge of risk-based analytics of business finances and operations, and data sources that drive the analytics.
- Possesses proficient understanding of Generally Accepted Audit Standards, IIA standards, accounting and auditing sampling and testing methodologies, Sarbanes-Oxley requirements, risk management, and SEC and statutory reporting; also intermediate-level understanding of the financial services industry.
- Strong written and verbal communication skills, including listening and interviewing skills.
- In order to post for this position, you need the proper work authorization to work in the country where the position is located and not require relocation assistance.
- Bachelor's degree
At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.
MetLife is a proud equal opportunity/affirmative action employer committed to attracting, retaining, and maximizing the performance of a diverse and inclusive workforce. It is MetLife's policy to ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.
MetLife maintains a drug-free workplace.
Note to Mobile Users: If viewing on a mobile device and would like to apply, please email the job to yourself and complete the application from a desktop/laptop.
Note to Desktop/Laptop Users: For immediate consideration, click Apply Now button below. You will be directed to complete an on-line profile which takes 10 – 15 minutes to complete. Upon completion, you will receive an automated confirmation email verifying you have successfully applied to the job.
Internal Use Only: 12M