CBGC Senior Control Testing Analyst - Omaha, Nebraska

Pen Fed is hiring a (Hybrid) CBGC Senior Control Testing Analyst at our Tysons, Virginia;
San Antonio, Texas or Omaha, Nebraska location. The primary purpose of this Consumer Banking Governance and Controls (CBGC) Sr. Control Testing Analyst role is responsible for planning and executing independent testing of internal controls to evaluate design and operating effectiveness and support a strong internal control environment. This role develops test procedures, performs evidence-based testing (e.g., inspection and reperformance), documents clear work papers that withstand audit/exam scrutiny, and communicates results and remediation recommendations to control owners and stakeholders.

The Sr. Control Testing Analyst partners closely with business units, Compliance, Enterprise Risk Management (ERM), and Internal Audit to drive consistent methodology, timely reporting, and sustainable risk reduction.

Equivalent combination of education and experience is considered.

• Bachelor’s degree in Business, Finance, Accounting, Risk Management, Information Systems, or a related field.
• Minimum of five (5) years of progressive experience in monitoring and testing, internal controls, compliance testing, audit, operational risk, quality assurance/quality control; credit union or retail banking experience required.
• Demonstrated experience developing test procedures, executing control tests, and documenting work papers/evidence that are clear, complete, and defensible.
• Working knowledge of internal controls concepts and testing approaches (inquiry, observation, inspection, reperformance), including sampling and evidence evaluation.
• Experience supporting issue management and remediation governance, including retesting/validation activities.
• Proficiency with Microsoft Office (advanced Excel), required.
• Experience with GRC tools (e.g., Archer), workflow/case tools, and reporting/dashboard tools (e.g., Power BI/Tableau) preferred.
• Training or practical experience with controls frameworks and risk assessment practices (e.g., COSO, RCSA) and issue management lifecycle practices, required.
• Experience using A.I. tools preferred

This position will not directly supervise employees.

CIA, CISA, CPA, CRCM, CFE, or other relevant risk/controls/testing credentials, preferred.

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds.

Ability to travel to various worksites and be on-call is required.

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties, and the position will perform other duties as assigned.

• Execute control testing in accordance with the enterprise internal controls testing methodology, ensuring the tester remains independent from the control owner (as appropriate).
• Perform control walkthroughs and obtain an end-to-end understanding of process flows, risks, and control intent prior to testing.
• Develop test steps and test questions tailored to the control design, frequency, population, and systems of record.
• Perform testing using appropriate methods (inquiry, observation, inspection, and/or reperformance), with inspection and reperformance preferred when feasible.
• Validate that controls are performed consistently as designed and that results support clear conclusions on control effectiveness.

• Identify testing scope from the applicable RCSA and/or business unit testing plan; confirm control population and control frequency prior to sample selection.
• Select samples using appropriate sampling methods (random or judgmental) and document the rationale and sample size, considering control frequency and population characteristics.
• Validate completeness and accuracy of testing populations and source reports (e.g., reconciliations, control totals, tie-outs) and document data assumptions and limitations.
• Apply professional judgment to interpret test results, evaluate deviations/exceptions, and determine whether issues indicate design gaps, process breakdowns, or execution errors.

• Prepare complete, well-organized, audit-ready work papers that clearly document objective, scope, methodology, sample selection, evidence reviewed, results, and conclusions.
• Ensure evidence is sufficient and appropriate to support conclusions, including screenshots, system reports, approvals, and other artifacts demonstrating control performance.
• Submit required testing artifacts and evidence in the system of record (e.g., Archer) or designated repository in accordance with reporting and retention requirements.
• Maintain version control and clear naming conventions to support traceability and efficient stakeholder review.