Overview

PenFed is hiring a (Hybrid) CGGC Senior Control Testing Analyst at our Tysons, Virginia; San Antonio, Texas or Omaha, Nebraska location. The primary purpose of this Consumer Banking Governance and Controls (CBGC) Sr. Control Testing Analyst role is responsible for planning and executing independent testing of internal controls to evaluate design and operating effectiveness and support a strong internal control environment. This role develops test procedures, performs evidence-based testing (e.g., inspection and reperformance), documents clear workpapers that withstand audit/exam scrutiny, and communicates results and remediation recommendations to control owners and stakeholders. The Sr. Control Testing Analyst partners closely with business units, Compliance, Enterprise Risk Management (ERM), and Internal Audit to drive consistent methodology, timely reporting, and sustainable risk reduction.

Responsibilities

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. This is not intended to be an all-inclusive list of job duties, and the position will perform other duties as assigned.

Essential Functions

• Execute control testing in accordance with the enterprise internal controls testing methodology, ensuring the tester remains independent from the control owner (as appropriate).
• Perform control walkthroughs and obtain an end-to-end understanding of process flows, risks, and control intent prior to testing.
• Develop test steps and test questions tailored to the control design, frequency, population, and systems of record.
• Perform testing using appropriate methods (inquiry, observation, inspection, and/or reperformance), with inspection and reperformance preferred when feasible.
• Validate that controls are performed consistently as designed and that results support clear conclusions on control effectiveness.

Methodology, Sampling and Data Integrity

• Identify testing scope from the applicable RCSA and/or business unit testing plan; confirm control population and control frequency prior to sample selection.
• Select samples using appropriate sampling methods (random or judgmental) and document the rationale and sample size, considering control frequency and population characteristics.
• Validate completeness and accuracy of testing populations and source reports (e.g., reconciliations, control totals, tie-outs) and document data assumptions and limitations.
• Apply professional judgment to interpret test results, evaluate deviations/exceptions, and determine whether issues indicate design gaps, process breakdowns, or execution errors.

Documentation, Evidence and Record Retention

• Prepare complete, well-organized, audit-ready workpapers that clearly document objective, scope, methodology, sample selection, evidence reviewed, results, and conclusions.
• Ensure evidence is sufficient and appropriate to support conclusions, including screenshots, system reports, approvals, and other artifacts demonstrating control performance.
• Submit required testing artifacts and evidence in the system of record (e.g., Archer) or designated repository in accordance with reporting and retention requirements.
• Maintain version control and clear naming conventions to support traceability and efficient stakeholder review.

Issue Identification, Escalation and Remediation Support

• Assign a clear pass/fail (or equivalent) assessment for each control tested, supported by evidence, and documented rationale.
• When control performance is not effective, analyze drivers and document whether root cause appears related to design, process, training, tooling, or execution.
• Partner with stakeholders to draft issue statements, articulate impact (including potential member impact), and recommend practical corrective actions.
• Support issue tracking through closure and perform or coordinate retesting/validation after remediation to confirm sustainable improvement.

Reporting and Stakeholder Management

• Communicate testing status, results, exceptions, and themes to control owners and leadership in a timely, concise manner.
• Provide credible challenge by asking effective questions, validating evidence quality, and confirming that management responses address the underlying risk.
• Coordinate with Compliance, ERM, and Internal Audit to support document requests, exam/audit inquiries, and alignment on testing expectations.
• Contribute to dashboards, scorecards, and periodic reporting by maintaining accurate testing metadata (e.g., scope, dates, outcomes, and issue linkages).

Continuous Improvement and Automation

• Identify opportunities to improve test efficiency and consistency through standard templates, playbooks, and repeatable testing procedures.
• Partner with data automation/analytics resources to strengthen population pulls, reconciliation checks, exception analytics, and reporting automation.
• Participate in calibration sessions and quality reviews to improve methodology adherence and reduce variability in conclusions across testers

*This role is responsible for ensuring business continuity. *

Qualifications

Equivalent combination of education and experience is considered.

• Bachelor's degree in Business, Finance, Accounting, Risk Management, Information Systems, or a related field.
• Minimum of five (3) years of progressive experience in monitoring and testing, internal controls, compliance testing, audit, operational risk, quality assurance/quality control; credit union or retail banking experience required.
• Demonstrated experience developing test procedures, executing control tests, and documenting workpapers/evidence that are clear, complete, and defensible.
• Working knowledge of internal controls concepts and testing approaches (inquiry, observation, inspection, reperformance), including sampling and evidence evaluation.
• Experience supporting issue management and remediation governance, including retesting/validation activities.
• Proficiency with Microsoft Office (advanced Excel), required.
• Experience with GRC tools (e.g., Archer), workflow/case tools, and reporting/dashboard tools (e.g., Power BI/Tableau) preferred.
• Training or practical experience with controls frameworks and risk assessment practices (e.g., COSO, RCSA) and issue management lifecycle practices, required.
• Experience using A.I. tools preferred

Supervisory Responsibility

This position will not directly supervise employees.

Licenses and Certifications

CIA, CISA, CPA, CRCM, CFE, or other relevant risk/controls/testing credentials, preferred.

Work Environment

While performing the duties of this job, the employee is regularly exposed to an indoor office setting with moderate noise.

*Most roles require working in an office setting with moderate noise and the ability to lift 25 pounds. *

Travel

Ability to travel to various worksites and be on-call is required.

#LI-Hybrid