Manager, Control Testing - Independent Risk Management

The role:

The Control Testing Manager is a key member of the Independent Risk Management function. This role is responsible for independently assessing the design and operating effectiveness of controls owned by Risk and Compliance (inclusive of BSA/AML). The individual will execute end-to-end control testing, provide insightful reporting, and help drive enhancements to the bank’s risk management framework.

The ideal candidate has strong experience in risk management, compliance or internal audit, excels in evaluating control environments, and can work collaboratively with stakeholders across the organization while maintaining independence and objectivity.

What you’ll do:

• Execute end-to-end control testing, including planning, walkthroughs, design assessments, sample selection, evidence review, and evaluation of operating effectiveness and drafting reports.
• Assess controls established by the Risk and Compliance organizations, such as those related to enterprise risk, operational risk, privacy, model risk, third-party risk, AML/BSA, Sanctions, etc.
• Identify control design weaknesses, ineffective procedures, and opportunities for improvement.
• Assist in developing and maintaining the annual risk-based control testing plan.
• Contribute to the continuous refinement of testing methodologies, documentation standards, and quality assurance processes.
• Communicate findings clearly and concisely to management, including root-cause analysis and recommendations for remediation.
• Support Risk and Compliance leadership in preparing materials for governance committees, regulators, and internal audit.
• Prepare high-quality workpapers in accordance with internal methodology and regulatory expectations.
• Produce testing reports, dashboards, and summaries that highlight trends, emerging risks, and thematic issues.
• Maintain thorough documentation to support regulatory examinations and audit reviews.
• Recommend enhancements to control design, risk management practices, and testing processes.
• Stay current on industry best practices, regulatory updates (e.g., OCC, FDIC, FRB, CFPB), and evolving risk management frameworks.

What you’ll need:

• Approximately 8 years of experience in risk management, compliance, internal audit, operational risk, or a similar control-assurance function.
• Experience within the financial services industry.
• Prior involvement with control testing, process walkthroughs, risk assessments, or issue validation.
• Strong understanding of risk and control frameworks (e.g., COSO, three lines of defense, risk and control self-assessments).
• Working knowledge of regulatory requirements impacting mid-sized banks (e.g., BSA/AML, Fair Lending, UDAAP, operational risk rules, privacy).
• Proficiency in testing methodologies, sampling techniques, documentation standards, and evidence evaluation.
• Ability to analyze data, identify themes, and translate findings into actionable insights.
• Excellent written and verbal communication skills, with the ability to convey complex concepts to diverse audiences.
• Strong critical-thinking and problem-solving skills.
• High level of independence, integrity, and professional skepticism. Collaborative mindset with the judgment to maintain 2LOD independence.
• Ability to manage multiple testing engagements and deadlines.
• Bachelor’s degree in Business, Finance, Accounting, Risk Management, or related field.

Nice to have:

• Experience in management consulting, investment banking and/or business operations 
• Professional certification (e.g., CIA, CRCM, CAMS, CISA, CRMA, CPA).
• Experience in Fintech
• MBA