Senior Associate, Business Controls

When you join Sallie Mae, you become a champion for all students.

We're on a mission to power confidence as students begin their unique journey. To help them plan their higher education, successfully finish, and prepare for life after school. To help them Start smart. Learn big.

Students need guidance navigating this important time in their life. They need someone who acknowledges that their education path is unique. They need a partner willing to evolve and not only meet but surpass their expectations. We're changing. Because students need a better way.

We're looking for people who are excited to drive this transformation. To break barriers and think of new ways to adapt, help, and create better experiences for students-and for each other.

This is where diverse backgrounds, beliefs, and perspectives matter. It's where you're empowered to bring your authentic self to work.

Feeling your best allows you to do your best. Our benefits take care of the whole you-from physical and mental to financial and professional. You'll get opportunities to further your education and career, support for you and your family (including your pets!), paid time off to volunteer for the things that matter to you, and more.

We're obsessed with impact and making a real difference. For us, that means putting relationships first, asking "why not?" when tackling challenges, and continuously learning new skills.

Come do more than join something, change something. For students, for future generations, for the future of education.

What You'll Contribute

The Senior Associate of Business Controls role is part of the Business Controls Office and is responsible for governance, risk and compliance (GRC) activities for the Technology and Enablement organization. A key responsibility of the position is serving as the liaison between the Internal Audit and First Line of Defense technology and security teams. In this capacity, the individual will monitor audit scope, provide guidance on audit expectations and processes, support prioritization of audit-related activities, and coordinate the collection and secure submission of requested evidence.

Internal Audits and Audit Special Projects are conducted year-round, so this will be a continuous responsibility.

This role also includes oversight of issue remediation activities, ensuring that monthly status updates are captured for all issues within the Chief Technology and Enablement Officer's organization. The incumbent will support teams in navigating the issue management and operational event life cycles, including timely issue and event creation within the GRC system.

In addition, this individual will support the external SOX audit by partnering with stakeholders to gather and provide evidence for General IT Controls and application controls testing. Responsibilities also include contributing to other SOX-related activities, such as the review and evaluation of SOC Reports.

The individual in this role will own the development of creating reports and dashboards that are generated for monthly management reporting. They will be responsible for ensuring data accuracy, consistency, and relevance.

Finally, this role will contribute to the preparation for the IT regulatory examinations (e.g. FDIC/UDFI), including the coordination, collection and review of requested artifacts and the development of materials to support impacted teams.

What You'll Do

Internal Audit Coordination

* Act as a resource to the technology and security teams for navigating the audit process

* Develop strong working relationships with all control owners to build knowledge of operations and better facilitate the effort of gathering evidence

* Maintain consistent communication with audit teams to ensure alignment of action items and status of requests

* Review artifacts provided and securely submit to Audit teams

* Coordinate the scheduling all meetings needed throughout the duration of the audit

* Assist the Audit team with questions and follow up requests

Issue and Operational Event Monitoring

* Create Operational Events within the GRC system and monitor to ensure all remediation steps are completed as required

* Ensure monthly updates are…