GreenSky is a leading company in the consumer finance marketplace specializing in Home Improvement and Retail Credit.  Since 2006, our company’s people, process and technology solutions have played a critical role in transforming business and consumer credit, enabling more affordable and pervasive access to financing.  We have built relationships with dealers, retailers, and merchants in all 50 states by providing their customers loans through our bank partnerships. We service our bank partners’ portfolios through an exceptional loan servicing organization, which is SSAE 18 Type II compliant.

Our corporate headquarters is located in Atlanta, Georgia.

Position: Risk & Controls Specialist, Technology Risk Assurance

The Risk & Controls Specialist reports into GreenSky’s Technology Risk Assurance (TRA) team and is responsible for day-to-day activities across the entire scope of GreenSky’s Technology Governance, Risk, Compliance, and Privacy Assurance programs. This position works closely with Operations, Information Technology, Security, HR, and other business units to develop proper processes that sufficiently identify and mitigate risk.

In this role, The Specialist is responsible for conducting control effectiveness assessments on organizational applications, infrastructure, and technologies. The Analyst is also required to facilitate the organizational quarterly systems access review program with appropriate owners, as well as identify, classify, and document control issues within the managed GreenSky computing environment. The Risk & Controls Analyst is responsible for assisting with execution of controls testing and documenting of results, recommending corrective actions, tracking remediation efforts, evaluating associated policies and control standard exceptions, and regularly reporting up to TRA management.

This role also assists during internal and external audits of GreenSky’s computing environments.

• Assists in the completion of Information and Information Systems Control Testing, in accordance with GreenSky TRA Department methodology and industry professional standards, to ensure effective controls are in place to meeting operational and compliance requirements.

• Effectively reports and communicates testing results to TRA management for corrective action, where required.
• Performs evidence collection and project management assistance with annual Compliance program audits (SOC 1, SOC 2, PCI DSS, etc.).
• Assists in the facilitation of ongoing corporate logical access reviews. Recommends access control privilege updates to ensure proper Segregation of Duties is maintained.
• Assists with the performance of Information Technology General Control (ITGC) testing to ensure SOX readiness is maintained.
• Demonstrates excellent teamwork and responsibility with engagement of team members.
• Contributes to the team knowledge base by participating in appropriate training and providing industry and best practice knowledge. Uses current technology/tools to enhance the effectiveness of deliverables and services.
• Performs other duties, as requested.

Organizational: This position is a member of the Technology Risk Assurance (TRA) team, and reports to the Manager, TRA. This team reports up to the Corporate Risk Department to maintain independence during its day-to -day responsibilities

• Bachelor's degree in accounting, finance, or information technology. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree.
• Knowledge of management information systems terminology, concepts, and practices.
• Knowledge of risk management, control, and control frameworks.
• Knowledge of Financial Services business processes and regulatory requirements.
• Skills in collecting and analyzing complex data, evaluating information and systems, and drawing logical conclusions.
• Ability to flourish in a fast-paced, complex environment and willing to adapt to change.
• Good communication skills along with good or developing negotiation skills.

Preferred Skills:
• 2 to 3 years of relevant Enterprise Cloud Computing Information Systems experience
• Information Technology General Control (ITGC) audit experience.
• SOC 1, Type 2; SOC 2, Type 2; PCI DSS audit experience.

Location: Sandy Springs, GA

GreenSky is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.