IT General Control Consultant



Boston, MA, USA
Posted on Tuesday, November 7, 2023

IT General Control Consultant

Boston, Massachusetts Risk Management Job ID R13837

IT General Control Consultant

Enterprise Risk Management - Financial Reporting Risk


Springfield, MA or Boston, MA

The Opportunity

To enhance the organization’s assessment of financial reporting risk, we are looking for a high-performing Information Technology (IT) risk and control professional. The IT General Control Consultant role will be responsible for evaluating the design and operating effectiveness of IT controls and support the successful execution of external audits, such as the SOC2 and Financial Statement Audit. Additionally, this role will facilitate satisfying the requirements of the internal controls over financial reporting (ICFR) program.

In this role, as well as all roles within MassMutual, you will demonstrate accountability, agility, a dedication to be inclusive, a strong business acumen, and will show courage, even in the most difficult situations. The ideal candidate will be able to interact with management at all levels within the organization to understand both financial reporting and IT risks, develop analytics, and testing approaches to assess both risks and controls.

The Team

The Financial Risk Reporting (FRR) team within ERM works with business process owners to evaluate financial reporting and IT risks, and the effectiveness of the related controls.  On an annual basis, the FRR team completes the internal controls over financial reporting (ICFR) program to satisfy the requirements of the NAIC’S Annual Financial Reporting Model Regulation.  In the Three Lines of Defense model, ERM is a second line of defense function; our responsibility is to independently ensure that risks are identified, understood and managed effectively and provide guidance to Risk Owners in the business (first line). Additionally, ERM quantifies and reports on enterprise risks and drives action based on risk prioritization. Internal audit (third line) provides independent assurance.

The Impact

  • Ensure successful external audit engagement.
  • Manage multiple, complex projects simultaneously, facilitating audit engagements to ensure that objectives are met consistently.
  • Serve as the liaison between external audit and internal coordinators.
  • Create status reporting for all projects, individually and in aggregate for multiple audiences.
  • Log and track all audit requests.  Assess audit evidence submitted to determine if it meets audit objectives and demonstrates completeness and accuracy of testing.
  • Discuss audit findings and their impacts professionally and confidently as directed by management.
  • Ensure completion of FRR program requirements.
  • Evaluate the organization’s frameworks for IT governance, risk, and control and identify opportunities for control alignment.
  • Assist in identifying and tracking Financially Significant Applications.
  • Complete annual testing of IT General Controls impacting Financially Significant Applications.
  • Review Financially Significant Vendor Assessments.
  • Perform risk assessments of identified deficiencies and partner with process owners to verify proper remediation.

The Minimum Qualifications

  • Bachelor’s degree preferably technology, accounting/audit or business related major.
  • A minimum of either: (a) 5 + years relevant technology work experience (e.g., IT audit, systems administration, quality assurance, development, etc.) and/or (b) at least 5 + years of audit/risk related work experience.
  • Technical Skills: MS Excel, MS Word, MS PowerPoint, MS Teams, SharePoint

The Ideal Qualifications

  • CISA or CISSP strongly preferred.
  • CPA, CIA, CFA or other professional designation.
  • Fundamental understanding of risk concepts including inherent and residual risks as well as how to assess the design and effectiveness of internal controls.
  • General knowledge of IT controls and concepts in the execution of audit field work.
  • Facilitate project/status meetings, walkthroughs, observations, and other tasks.
  • Participation/experience in aspects of SOC1 and SOC2 external audits.
  • Experience with SOX and/or Model Audit Rule programs.
  • Strong analytic and problem-solving capabilities.
  • Strong executive communication skills; experienced and confident at presenting business results to management.
  • Comfortable with ambiguity and complexity; willingness to explore multiple solutions to a problem.
  • Motivated self-starter with high aptitude for quickly learning new concepts and skills.
  • Strong collaboration skills.  Experience with collaboration software a plus (i.e., SharePoint, Archer, Microsoft Teams, Slack)

What to Expect as Part of MassMutual and the Team

  • Focused one-on-one meetings with your manager.
  • Access to mentorship opportunities.
  • Networking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQ, veteran and disability-focused Business Resource Groups.
  • Access to learning content on Degreed and other informational platforms.
  • Your ethics and integrity will be valued by a company with a strong and stable ethical business with industry leading pay and benefits.


MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.

If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
Salary Range: $115,900.00-$152,100.00 Apply