The Business Control Manager (BCM) equips the business with the risk expertise and resource capability to meet Cenlar's goal of managing risks, complying with regulatory requirements, and meeting contractual obligations. The BCM continuously assesses and improves the business control environment to ensure its risk management capability. In coordination with Business Function leaders, the BCM is responsible and accountable for managing the business functions' overall control environment.
Responsibilities:
Manages, mentors, trains, and evaluates a team of Business Control Analysts
Drives the continuous improvement of business control performance and risk mitigation through the on-going RCSA program execution
Assesses inherent risks of business operations and evaluates the effectiveness of controls
Proactively identifies control deficiencies
Continuously updates control ratings as changes occur, or due to new issues, closed issues, or new processes
Performs continuous monitoring of new issues, Quality Assurance, Quality Control, and Compliance testing to determine underlying control deficiencies/breakdowns
Links new issues to controls to determine impact to residual risk
Timely evaluates controls linked to compliance requirements
Updates Cenlar's risk system of record (ProcessUnity)
Maintains the business risk and control profile leveraging the RCSA process to ensure new process changes, regulatory changes, and technology changes are updated appropriately and timely
Facilitates continuous RCSA reassessment and attestation (subject to Inherent Risk Rating, IRR)
Assists in the creation of effective Management Action Plans (MAPs) to remediate issues
Works with Issue Management team and business to perform root cause analysis of new issues
Works with Issue Management team in the evaluation of new issues to determine business response based on business risk appetite and Cenlar Issue Management guidelines
Reviews and validates remediation MAP activities to ensure they address root cause of open issues or linkage to pre-existing MAPs when appropriate
Prepares and processes Risk Acceptance requests
Ensures controls for closed issues successfully pass AVT Validations and Sustainability; Demonstrates improved controls as a result of closed issues
Updates Cenlar's risk system of record (ProcessUnity)
Identifies and escalates emerging risks
Provides control design advice and change management in response to changes in business process, technology, or compliance requirements
Enhances risk awareness within the business function
Timely responds to Client requests (Client Audit Support/Client Management)
Liaises with Cenlar's Policies and Procedures (P&P) team to ensure risks and controls are appropriately reflected within department procedures, Business Function Procedures (BFPs)
Liaises with Internal Audit and Exam Management to satisfy any requests for risk and control information during audits and examinations; Coordinates management responses into MAPs for submission to auditors and examiners
Liaises with testing partners (QA, QC, Compliance) to analyze root cause of testing results and suggest remediation activity
Liaises with Audit validation team to satisfy evidence requests for validating remediated issues; Coordinates business walkthroughs and any subsequent updates in Process Unity, as appropriate
Assist the Business Control Director (BCD) and Issue Management team as assigned
Appropriately assess risk when business decisions are made, include but not limited to compliance and operational risk. Demonstrate consideration for Cenlar's reputation as well as our clients, by driving compliance with applicable laws, rules and regulations, adhering to Policy, applying sound ethical judgment regarding personal behavior, conduct and business practices, and escalating, managing and reporting control issues, as well as effectively supervise the activity of others and create accountability with those who fail to maintain these standards
Technology
Evaluates and performs testing of the design and operating effectiveness of Technology controls, updating the IT Business Control Director and IT Center of Excellence leadership with progress and observations
Leads Technology Risk and Control Self-Assessments including identifying, assessing and documenting risks and controls and completing testing
Writes high quality risks and control descriptions as part of creating and editing the Technology risks and controls matrix
Provides consulting advisory services to management for actions to address Technology control issues
Recommends practical ways of improving the work the Technology business functions do and applying where appropriate
Qualifications:
Bachelor's degree or equivalent experience
7 to 10 years of relevant experience and knowledge of sound risk management practices for mortgage servicing functions
A demonstrated understanding of risk management and internal control principles, including what constitutes effective control design
The ability to analyze and provide a credible assessment of the effectiveness of risk management and internal controls within his or her assigned area
Effective communication skills, both oral and written, and the ability to communicate at all levels of the organization
Additional Requirements for Technology
Technology professional certification a plus (e.g., CISA, CRISC, CISM, CISSP)
