Head Risk & Control - Service Compliance
- Permanent, Full time
- Standard Chartered Bank
- 06 Sep 16
Please view Job Description for details.
The Head Risk & Control - Service Compliance role is responsible for embedding Group Operational Risk Framework and its associated procedures for management and governance. The role is responsible to ensure evaluation of the functions overall risk profile, maintain an active view, and report on the actual, mitigated and residual risk in the function. The role is responsible to manage the operational delivery of the risk managers & risk controllers in the function.
This includes overall governance of the audit process and be an integral point of contact for the domain to the auditors (internal / external).
This operations role ensures a constant state of preparation, readiness and continuous improvement across process, risk management, audit success, process documentation and reporting.
- Responsible for the strategic leadership of Technology Risk Management for the function (Service Compliance)
- Advise and assist the Functional Head in driving and directing effective compliance with the prescribed operational risk management framework
- Manage function wide risk governance process, audit readiness practices and regulatory compliance (as within the scope of TS) deliverables
- Implement effective and efficient controls to minimise / mitigate operational impact
- Ensure proper management of risk and timely resolution of issues
- Promote understanding, practice and culture of Operational Risk within the Function.
- Ensure increased audit readiness of the function
Key Roles and Responsibilities
- Scope and plan thematic risk / control reviews aligning with the function's key objectives, Group Internal Audit themes and key risk areas (may include suppliers where appropriate within scope of TS)
- Scope and plan risk / control reviews of risk remediation initiatives
- Provide guidance to Risk Managers on execution of risk / control reviews
- Monitor material actions and risks arising from the reviews (Unit forums/TeRF/ TORC/GFORC)
- Provide support and guidance on control design to their Risk team and Process Owner. Review and approve proposed addition of or change in controls
- Review and agree changes and / or new Control indicators (KCI, KRI, KCSA, CST etc) within TS
- Represent the Function as the Single Point of Contact (SPoC) on escalations to internal audits and ensure appropriate governance of the audit working practices
- Manage the audit readiness of the domains in Service Compliance to be audited
- Review adequacy of management response to audit findings
- Monitor progress and timely closure of audit findings & handle escalations
- Share thematic risk & audit findings across functions and units.
- Ensure that all risk committee / forum meetings within the function operate within the approved Terms of Reference (ToR), including membership, agenda, frequency, etc.
- Facilitation of and pack production for the functional risk committee meetings. Provide challenge to ensure robust Risk Management practice
- Provide governance support to the Risk Managers at the unit risk committee meetings
- Submission of risk and control related details to Technology Services Risk Forum (TeRF) & committees above it, within schedule and at the required quality
- Ensure that management (and any other stakeholder as required) is kept aware of the risk, control & audit profile of the function through periodical reporting
- Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action
- Ensure integrity of source and the processing of data to deliver accurate representation in management information
Validation of Controls: (KCI, KRI, CST, KCSA)
- Review trend analysis of exceptions and identify systemic failures
- Identify material exceptions and escalate
Risk Management (records in Phoenix & Riskwise)
- Review and endorse new and changed records (including treatment plans and risk ratings)
- Oversight of completeness and integrity of data.
- Manage both the functional delivery as well as people management (employee engagement, remuneration, development..etc) aspects of Portfolio Leads & Snr. Risk Managers in the team
Drive implementation and adoption of agreed initiatives across the function including training, communication and awareness.
- Function Heads and Process Owners within and outside of the function in the management of controls
- Peer functional risk heads in other functions in managing cross functional risks and sharing of best practices (including GIS, SD - if any)
- ITO R&C who manage risks across ITO in managing cross functional risks and sharing of best practices
- 2 nd line (GTO Operational Risk and Risk & Control) for advice and guidance and steering with regards to group initiatives
- Group Operational Risk (GOR) for interpretation and effective implementation of its Policy and Procedures
- Legal & Compliance for interpretation of and consultations on regulatory requirements
- Process Governance team for process and control metrics
- Group Internal Audit auditors on audit and reviews.
- Effectiveness of the controls and monitoring of operational risks and controls at the Functional level
- Satisfactory results on audits undertaken by Group Internal Audit, FSA, regulators and external auditors
- Timely reporting and escalation of all operational risk exposures and control failures
- Timely communication of changes to Policies, control environment and regulatory environment from Legal & Compliance and GOR
- Monitoring and adherence to timelines on Risk & Control or Group initiatives
- Cross team collaboration and leadership skills - proactive engagement with stakeholders
- Succession planning for Risk Manager & Risk Controllers roles
- Free access to Function Head, Line Managers, peer Risk Heads/ Risk Managers and Process Governance team
- Free access to all documents and records within the purview of the Function Head and for area of responsibility, with the exception of information governed by specific policies, e.g. Chinese Walls
- Free access to all meetings under jurisdiction
- Recommend and implement actions and solutions to mitigate operational risks and enhance compliance at the Functional level
Qualifications and Skills
Experience and Skills
- Experience in Operational risk in technology.
- An in-depth understanding of controls required to manage Technology Risk and preferable experience with tools that have been used in the industry to do so
- An understanding of Technology Infrastructure / Tech Ops & CnC / Project Lifecycle and the associated controls required through project delivery to manage and mitigate risk
- Knowledge of approaches, tools, techniques for recognising, anticipating, and resolving operational or process problems
- Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment
- Ability and confidence to operate across a wide range of seniority levels, functional divides, locations and businesses
- Be able to create and tailor clear and concise verbal and written communications to different audiences, fluent written and spoken English language skills
- Possess a pro-active posture and committed to continuous improvement
- Good presentation skills
- Demonstrable analytical thinking ;Data analysis and reporting skills
- A team player who enjoys working with people on all levels as well as being able to work independently and under pressure to meet tight deadlines.
- Practical experience in engaging / managing technology audit engagement or being a member of a technology audit team
- Ability to manage a direct team of approx. 20
- Ability to design risk framework / operating model & embed the same
- Ability to work under highly pressured environment with tight timelines
- Experience in implementing ITIL or COBIT
- Organizational Change Management experience. Plan for and overcome the issues encountered with change, deliver sustainable change
- Project management experience / background, ideally with distributed teams
- Experience working in an financial institution industry & regulators
- Tertiary qualifications in IT, Business Administration or Commerce
- ITIL Foundation , COBIT certified
- Certification in CRISC (Certified in Risk and Information Systems Control certification), Certification in CISA (Certified Information System Auditor)
- Any other related qualification would be beneficial
How To Apply
You can search and view current opportunities across our organisation and apply immediately by visiting www.standardchartered.com and selecting Careers. To help speed up your application, please note the following:
- You will need to log in (or register if you are visiting our careers site for the first time) before you can apply for a specific role
- Some roles may require you to undertake an online talent assessment in addition to completing the application form (to facilitate this process it is preferable that you provide us with an email address as part of your contact information)
- We will ask you about your education, career history and skills and experience, it may be helpful to have this information at hand when completing your application
It usually takes 15 - 20 minutes to complete the application form; you can save your application at any time and return to complete it at your convenience.
Diversity and Inclusion
Standard Chartered is committed to diversity and inclusion. We believe that a work environment which embraces diversity will enable us to get the best out of the broadest spectrum of people to sustain strong business performance and competitive advantage. By building an inclusive culture, each employee can develop a sense of belonging, and have the opportunity to maximise their personal potential.