'%3e%3cpath d='M15.3069 13.1535H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 8.15347H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3cpath d='M15.3069 3.30693H1' stroke='%23333333' stroke-width='1.4' stroke-linecap='round' stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath id='clip0_126_10407'%3e%3crect width='16' height='16' fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
AVP - Operational Risk Officer - BFS
Chennai/OthersResponsibilities :
- Take ownership of the day-to-day management of the Group Technology Policy including managing the annual refresh cycle, annual policy effectiveness review and other related activities for policy management such as reviewing dispensation requests, fielding policy queries, building and executing training and awareness plans and materials, and ensuring traceability to IT standards, processes and controls for policy effectiveness measures.
- The role is key in driving attention to key-risk areas based on how prevailing risk information supports the view of policy effectiveness, particularly providing a view of prioritisation for Second Line Assurance and RCSA trigger reviews.
- In addition, the key responsibility for day-to-day policy management, the individual will have the opportunity to contribute to other OR activities performed by the wider team of second line operational risk officers:
- Risk Appetite - Provide support for monitoring risk outcomes are within Technology Risk appetite and challenge the appropriateness of treatment actions. Provide subject matter expertise in improving risk information in support of Risk Appetite.
- Scenario Analysis - Provide support for selecting appropriate scenarios, help drive workshop outcomes with other members of an expert panel and challenge appropriateness of the analysis outcomes in support of the OR-led ICAAP.
- Risk & Control Self-Assessments (RCSA) - Challenge key RCSA steps including Risk Assessments, Control Designs against Standards, Treatment Plans, Annual Reviews and Top Down Reviews. Ensure assessments are completed timely and final approvals are obtained within the required approval authorities for Elevated Risks and Treatment Plans.
- Response Framework - Challenge the 1st Line of Defence assessment of impact and treatment actions for materialised operational risk events (OREs). Challenge the appropriateness of Root Cause Reviews (RCRs) for Material Risk Events (MREs). Ensure OREs and RCRs are completed timely and final approvals are obtained within the required approval authorities for MREs.
- Committee Reporting - Provide support to Group Operational Risk Heads on actionable insight into Technology Risk matters that would benefit from escalation to Business and Function Non-Financial Risk Committees.
- Regulatory Reporting - Keep informed of regulatory developments in Technology Risk matters. Provide support for information requests on an as-needed basis.
- Change Risk Assessments - Challenge the 1st Line of Defence assessment of change delivery risks and the appropriateness of go-live readiness checks for prioritised projects.
- Second Line Assurance - Perform thematic and targeted assurance reviews for prioritised areas.
- Horizon Risk - Contribute to horizon risk scanning activities performed by Group Operational Risk and support if needed the 1st Line of Defence equivalent activities.
Provide support or act as an advocate for the wider Group Operational Risk activities:
- OR Systems and Infrastructure - Help to ensure the data quality of risk information held in the OR supporting systems(s). Get involved as needed in user acceptance testing and contribute to ideas for feature enhancements.
- Training & Awareness - Help promote the wider training available via the Group Operational Risk function and contribute as required to development of materials. Get involved as needed in developing or running training for Technology Risk.
- AskOR - Support AskOR colleagues in resolving any queries directed to the Technology Risk OR sub-risk type Risk Framework Owner delegate.
- Event Accountability (Behavioural Feedback Surveys) - Provide support on an as-needed basis for Event Reviews (i.e. Conduct accountability) for Materialised Risk Events and Behavioural Feedback for Material Risk Takers.
Key Stakeholders :
- Enterprise Risk Management, Policy Management
- TTO Technology Governance
- TTO owners of IT Standards
- TTO Technology Process Owners and Teams, via OR contacts as needed
- TTO Risk & Control Teams
- TTO CIO Domain Teams
- Group Operational colleagues
- Other Policy Owners and delegates that connect to the Technology Policy (e.g. Operational Resilience, Information & Cyber Security, End User Computing, etc).
Our Ideal Candidate :
- Demonstrate experience and exposure to policy formation and policy management.
- Comfortable working in a single contributor role and/or small team challenging risk-decisions made by more senior staff.
- Able to demonstrate a risk-based approach to focus attention on the key risks and sound judgement on matters that can be dealt with autonomously versus matters that require escalation.
- Comfortable looking beyond a purely task-driven approach and able to take ownership of the wider objective, while seeking for support when required.
- Passionate about keeping abreast of industry developments in technology risk and keen to advance their own subject matter expertise by seeking personal growth opportunities.
- Able to demonstrate Advanced (Band 5b) level of competency in Critical Thinking, Non-Financial Risk Management including Operational Risk, Managing Change and Stakeholder Management.
- Able to demonstrate previous experience in technology risk roles (1st, 2nd or 3rd line of defence) and/or practical hands-on experience in delivering technology solutions or technology support with a view to make a career move into a risk role. Candidates with experience in other non-financial risk disciplines are also encouraged to apply if able to demonstrate a strong interest and understanding of technology risk.
- Minimum 12 years' experience in financial institutions and/or highly regulated technology dependent industries.
- Experience in advisory, audit, or consulting roles that require strong stakeholder management an advantage.
- Professional Certifications related to technology risk (e.g. ISACA CRISC, CGEIT, CISA) an advantage.
- Profession Certifications related to project management, software delivery lifecycles, technology processes (e.g. ITIL) an advantage or equivalent practical "on the job" experience.
- Familiarity with modern and emerging technology techniques and an interest to stay abreast of industry developments (e.g. Agile development, DevOps, Cloud, APIs, service-orientated architectures etc).
Didn’t find the job appropriate? Report this Job
'%3e %3cpath d='M24 48C37.2548 48 48 37.2548 48 24C48 10.7452 37.2548 0 24 0C10.7452 0 0 10.7452 0 24C0 37.2548 10.7452 48 24 48Z' fill='%23333333' fill-opacity='0.8'/%3e %3cpath fill-rule='evenodd' clip-rule='evenodd' d='M22.5299 19.0115V19.5849V29.0154V31.5316C22.5299 32.3403 23.1967 33 24.004 33C24.8114 33 25.4784 32.3358 25.4784 31.5316V29.0154V19.5849V19.013L29.4885 23.0077C30.0627 23.5795 31.0044 23.5743 31.5733 23.0077C32.1421 22.441 32.1423 21.4975 31.5735 20.9308L30.1054 19.4684C30.0891 19.4504 30.0724 19.4329 30.0551 19.4156L25.0837 14.4634L25.0479 14.4264C24.9234 14.3024 24.7807 14.2055 24.6281 14.1358L24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946C24.0039 13.8983 23.3839 14.0068 22.9622 14.4268L22.9533 14.436L21.4743 15.9093C21.4615 15.9211 21.449 15.933 21.4367 15.9452L16.4286 20.934C15.8598 21.5008 15.8545 22.4389 16.4286 23.0108C17.0027 23.5826 17.9394 23.5827 18.5135 23.0109L20.0019 21.5283C20.0147 21.5164 20.0274 21.5043 20.0399 21.492L22.5299 19.0115ZM24.5952 14.1212C24.5751 14.1126 24.549 14.1022 24.5286 14.0946L24.5952 14.1212Z' fill='white'/%3e %3c/g%3e %3cdefs%3e %3cclipPath id='clip0_99_1825'%3e %3crect width='48' height='48' fill='white'/%3e %3c/clipPath%3e %3c/defs%3e%3c/svg%3e "Scroll Up"){kind=small}