About GreenSky:

GreenSky makes it easy for businesses of all sizes to offer credit to their customers with a fast and paperless solution. With billions of dollars in loans and hundreds of thousands of satisfied customers, GreenSky is quickly changing the consumer credit marketplace.  We are committed to our people, capital, and ideas to help our clients, shareholders and the communities we serve grow.  

Position:  Risk & Controls Specialist, Technology Risk Assurance

Location: Remote

The Technology Risk Assurance Specialist reports into GreenSky’s Technology Risk Assurance (TRA) team and is responsible for day-to-day activities across the entire scope of GreenSky’s Technology Governance, Risk, Compliance, and Privacy Assurance programs. This position works closely with Operations, Information Technology, Security, HR, and other business units to develop proper processes that sufficiently identify and mitigate risk.

In this role, The Specialist is responsible for conducting control effectiveness assessments on organizational applications, infrastructure, and technologies. The Specialist is also required to facilitate the organizational quarterly systems access review program with appropriate owners, as well as identify, classify, and document control issues within the managed GreenSky computing environment.

The Risk & Controls Specialist is responsible for assisting with execution of controls testing and documenting of results, recommending corrective actions, tracking remediation efforts, evaluating associated policies and control standard exceptions, and regularly reporting up to TRA management. 

This role also assists during internal and external audits of GreenSky’s computing environments.

• Assists in the completion of Information and Information Systems Control Testing, in accordance with GreenSky TRA Department methodology and industry professional standards, to ensure effective controls are in place to meeting operational and compliance requirements.
• Effectively reports and communicates testing results to TRA management for corrective action, where required.
• Performs evidence collection and project management assistance with annual Compliance program audits (SOC 1, SOC 2, PCI DSS, etc.).
• Assists in the facilitation of ongoing corporate logical access reviews. Recommends access control privilege updates to ensure proper Segregation of Duties is maintained.
• Assists with the performance of Information Technology General Control (ITGC) testing to ensure SOX readiness is maintained.
• Demonstrates excellent teamwork and responsibility with engagement of team members.
• Contributes to the team knowledge base by participating in appropriate training and providing industry and best practice knowledge. Uses current technology/tools to enhance the effectiveness of deliverables and services.
• Performs other duties, as requested.

Organizational:  This position is a member of the Technology Risk Assurance (TRA) team, and reports to the Manager, TRA. This team reports up to the Corporate Risk Department to maintain independence during its day-to -day responsibilities.

• Bachelor's degree in accounting, finance, or information technology. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree.
• Knowledge of management information systems terminology, concepts, and practices.
• Knowledge of risk management, control, and control frameworks.
• Knowledge of Financial Services business processes and regulatory requirements.
• Skills in collecting and analyzing complex data, evaluating information and systems, and drawing logical conclusions.
• Ability to flourish in a fast-paced, complex environment and willing to adapt to change.
• Good communication skills along with good or developing negotiation skills.

Preferred Skills:

• 2 to 3 years of relevant Enterprise Cloud Computing Information Systems experience
• Information Technology General Control (ITGC) audit experience.
• SOC 1, Type 2; SOC 2, Type 2; PCI DSS audit experience.

GreenSky is an equal opportunity employer and will not discriminate against any employee or applicant on the basis of age, color, disability, gender, national origin, race, religion, sexual orientation, veteran status, or any classification protected by federal, state, or local law.