SOX Manager overseeing Sarbanes - Oxley compliance initiatives at Axos Bank. Responsible for internal controls assessment, risk management, and collaboration across departments.
About the role
- Risk Analyst managing Alviere's enterprise risk control framework for compliance and regulatory at fintech. Involved in audits, control testing, and relationship management with auditors.
Responsibilities
- Own and maintain Alviere's Enterprise Risk Control Framework — mapping identified risks across AML/CFT, cybersecurity, TPRM, consumer protection, fraud, and data privacy to applied controls and residual risk ratings; maintain the Risk Appetite Statement; and prepare KRI summaries and risk reports for the quarterly Risk & Compliance Committee and Board.
- Design and execute the internal control testing calendar — running scheduled monthly and quarterly tests (OFAC, access management, transaction monitoring, and other key controls), documenting results, opening corrective actions on exceptions, and tracking remediation to closure.
- Own the annual SOC 2 audit program end-to-end — standing up the AUDIT Jira project each cycle, routing 40+ individual evidence requests to Engineering, IT/Security, HR, Finance, and Operations, managing each ticket through all workflow stages, and interfacing directly with external auditors on review comments and re-evidence requests.
- Run the annual system access review program across 30+ in-scope platforms — coordinating with system owners to pull 100% population access lists, documenting review outcomes, ensuring required removals are executed and evidenced, and tying results into SOC 2 and PCI audit evidence.
- Manage Alviere's external auditor relationship, conducting the annual assessor qualification and independence review; serve as the primary internal operational point of contact for reviews and examinations including transaction population pulls and examination documentation.
- Track enterprise control findings and corrective action plans in Jira (CDCAP project), ensuring open items have documented owners, deadlines, and remediation progress for reporting to the CRCO and committee.
Requirements
- 3–6 years of experience in internal audit, IS audit, compliance testing, or risk control functions at a financial institution, fintech, payment company, or professional services firm serving such clients.
- Demonstrated experience contributing to or coordinating a SOC 2 audit evidence cycle — familiarity with Trust Services Criteria control categories, ability to read Type II reports critically, and comfort managing auditor interactions independently.
- Practical understanding of control testing methodology: how to design a test, document results, assess the significance of a control exception, and communicate findings to non-technical leadership.
- Strong operational discipline — experience managing Jira workflows, owning complex multi-stakeholder evidence campaigns, and meeting hard external deadlines without close supervision.
- Clear, analytical written communication skills — capable of producing board-quality risk summaries, committee materials, and control testing documentation.
- Preferred: CISA, CISSP, CRCM, or CIA certification; experience with PCI DSS compliance coordination; familiarity with state money transmitter regulatory examination processes.
Benefits
- Developing and promoting talent as an Equal Employment Opportunity Employer - Veteran/Disability
- Commitment to providing reasonable accommodation to qualified job applicants and employees with known physical or mental disabilities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Investigation Analyst in Provider Risk at Manulife focusing on fraud prevention, detection, and investigation in the healthcare sector, working with internal teams and stakeholders.
Operational Risk & Resilience Manager overseeing governance and risk management activities in the financial services sector. Collaborating with multiple businesses to enhance operational risk awareness.
Consultant providing ecotoxicology and environmental risk assessment services for clients in the chemical sector. Role involves working collaboratively to meet regulatory needs and deliver high - quality consultancy services.
Operational Risk Analytics Intern assisting in operational risk management tasks at State Street across various departments. Engaging in projects, learning events, and supporting deliverables with a focus on data and analytics.
Merchant Risk Monitoring Associate assessing fraud, credit, and brand risks for global fintech company. Collaborating with merchants to manage risk effectively in hybrid setting.
Data Analyst intern at Česká spořitelna focusing on Data Governance and AI initiatives in banking. Involves collaborating on data management and quality projects with modern data tools.
Senior Data Governance professional designing and implementing data governance frameworks. Working closely with clients to align governance with data architectures and business needs at SunnyData.
IT Risk Analyst conducting threat analysis and managing Technology risk at Davy Group. Collaborating with teams to enhance IT security and ensuring compliance with regulatory standards.
CCO Governance Analyst assessing the integrity and effectiveness of the banks internal control framework. Collaborating with stakeholders to maintain control effectiveness and mitigate risk.