United Fire & Casualty
IT Internal Controls Manager
United Fire & Casualty, Cedar Rapids, Iowa, United States, 52404
United Fire Group is seeking a
Manager of IT Internal Controls
to lead the design and oversight of a robust IT control framework. This role is responsible for oversight over the Company's IT control framework and providing risk and control advisory support for system upgrades and implementations. The ideal candidate is a strategic, hands-on leader with a strong background in IT risk identification, control design, and process optimization within the P&C insurance or financial services industries. This individual will be instrumental in fostering a culture of strong governance, IT risk management, and continuous improvement across the organization.
Essential Duties & Responsibilities:
Support the vision, strategy, and roadmap for the IT Internal Controls function Serve as a subject matter expert on IT internal controls, providing guidance and education to IT and business partners. Assist in the development of a comprehensive, risk-based IT SOX compliance program that meets regulatory requirements and provides assurance over the company's Information Technology internal controls over financial reporting (ITGCs and IT Application Controls). Lead walkthroughs of key business processes and underlying technology, collaborating with IT and business process owners to design effective, preventative, and efficient IT controls. Provide proactive risk and control advisory support for system upgrades and new technology implementations, from the planning stages through post-implementation reviews. Create and maintain detailed IT SOX documentation, including IT process flowcharts, risk and control matrices, and narratives. Conduct IT risk assessments to identify, evaluate, and prioritize technology-related risks to financial reporting and business operations. Evaluate and mature the company's IT control environment by providing strategic risk guidance and designing mitigating controls related to IT infrastructure, security, and application layers. Establish and monitor key risk indicators (KRIs) and key performance indicators (KPIs) to provide early identification of risk trends and potential control deficiencies within IT systems. Evaluate IT control deficiencies to understand root cause and impact and work with process and control owners to develop and track effective remediation plans. Evaluate controls and processes for opportunities to leverage automation and new technologies, reducing manual effort and improving control effectiveness. Assist in the development and execution of the IT audit plan, including the performance of IT risk assessments and coordination of internal audit testing. Liaise directly with the company's external auditors, serving as a point of contact for IT SOX and internal control matters. Job Specifications:
Education:
Bachelor's degree in management information systems, Computer Science, Accounting, or a related field. Certifications/Designations:
Certified Information Systems Auditor (CISA) or Certified Public Accountant (CPA) is strongly preferred. Experience:
5-7 years of experience in IT audit, IT internal controls, or public accounting with a focus on technology, preferably within the insurance or financial services industry. Experience supporting a SOX compliance program, including participation in IT risk assessments, control design, and documentation. Experience providing risk and control advisory support for system implementations (e.g., ERP, core insurance systems). Experience in a public company environment is a plus. Knowledge, Skills, & Abilities:
Strong knowledge of the Sarbanes-Oxley Act, COSO framework, and US GAAP as they relate to IT controls. Exceptional analytical skills with the ability to identify, analyze, and interpret complex IT and business processes and risks. Proven ability to drive IT process improvements and implement automated control solutions. Excellent communication skills, both written and oral, with the ability to effectively present complex IT risk information to all levels of the organization. Strong leadership, interpersonal, and collaborative skills to influence change across IT and business teams. Strong understanding of cybersecurity and information security frameworks (e.g., NIST, COBIT).
Disclaimer: The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this job. It is not designed to contain or be interpreted as a comprehensive list of all duties, responsibilities, and skills required. Additional tasks and requirements may be assigned, as necessitated by business need. UFG retains the right to modify the description of this job at any time.
Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.
Manager of IT Internal Controls
to lead the design and oversight of a robust IT control framework. This role is responsible for oversight over the Company's IT control framework and providing risk and control advisory support for system upgrades and implementations. The ideal candidate is a strategic, hands-on leader with a strong background in IT risk identification, control design, and process optimization within the P&C insurance or financial services industries. This individual will be instrumental in fostering a culture of strong governance, IT risk management, and continuous improvement across the organization.
Essential Duties & Responsibilities:
Support the vision, strategy, and roadmap for the IT Internal Controls function Serve as a subject matter expert on IT internal controls, providing guidance and education to IT and business partners. Assist in the development of a comprehensive, risk-based IT SOX compliance program that meets regulatory requirements and provides assurance over the company's Information Technology internal controls over financial reporting (ITGCs and IT Application Controls). Lead walkthroughs of key business processes and underlying technology, collaborating with IT and business process owners to design effective, preventative, and efficient IT controls. Provide proactive risk and control advisory support for system upgrades and new technology implementations, from the planning stages through post-implementation reviews. Create and maintain detailed IT SOX documentation, including IT process flowcharts, risk and control matrices, and narratives. Conduct IT risk assessments to identify, evaluate, and prioritize technology-related risks to financial reporting and business operations. Evaluate and mature the company's IT control environment by providing strategic risk guidance and designing mitigating controls related to IT infrastructure, security, and application layers. Establish and monitor key risk indicators (KRIs) and key performance indicators (KPIs) to provide early identification of risk trends and potential control deficiencies within IT systems. Evaluate IT control deficiencies to understand root cause and impact and work with process and control owners to develop and track effective remediation plans. Evaluate controls and processes for opportunities to leverage automation and new technologies, reducing manual effort and improving control effectiveness. Assist in the development and execution of the IT audit plan, including the performance of IT risk assessments and coordination of internal audit testing. Liaise directly with the company's external auditors, serving as a point of contact for IT SOX and internal control matters. Job Specifications:
Education:
Bachelor's degree in management information systems, Computer Science, Accounting, or a related field. Certifications/Designations:
Certified Information Systems Auditor (CISA) or Certified Public Accountant (CPA) is strongly preferred. Experience:
5-7 years of experience in IT audit, IT internal controls, or public accounting with a focus on technology, preferably within the insurance or financial services industry. Experience supporting a SOX compliance program, including participation in IT risk assessments, control design, and documentation. Experience providing risk and control advisory support for system implementations (e.g., ERP, core insurance systems). Experience in a public company environment is a plus. Knowledge, Skills, & Abilities:
Strong knowledge of the Sarbanes-Oxley Act, COSO framework, and US GAAP as they relate to IT controls. Exceptional analytical skills with the ability to identify, analyze, and interpret complex IT and business processes and risks. Proven ability to drive IT process improvements and implement automated control solutions. Excellent communication skills, both written and oral, with the ability to effectively present complex IT risk information to all levels of the organization. Strong leadership, interpersonal, and collaborative skills to influence change across IT and business teams. Strong understanding of cybersecurity and information security frameworks (e.g., NIST, COBIT).
Disclaimer: The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this job. It is not designed to contain or be interpreted as a comprehensive list of all duties, responsibilities, and skills required. Additional tasks and requirements may be assigned, as necessitated by business need. UFG retains the right to modify the description of this job at any time.
Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.