Specialist SME role which traverses across domains, taking accountability where responsibility is shared, and strong thought management required to deliver against the Technology Risk Management Framework and agenda. Able to design/architect, develop and implement Technology Risk Framework foundational components across all levels of maturity requiring problem solving skills. Robust challenge role, requiring the ability to form independent views on current and future operational activities such as risk assessments.
A key responsibility is supporting the T&I Risk and Control (R&C) teams through the delivery of T&I Risk Management control and RSCA design pattens to support R&C domain teams in the execution of the Bank's operational and ICS risk frameworks. Responsible for providing support, best practice, and guidance, as well as 'hands on' support on risk management areas and operating as the interface with T&I and wider Bank stakeholders across all three lines of defence to manage framework and new risk initiatives which T&I are required to adopt. Will drive the adoption of risk and information management processes and encourage teams to raise and mitigate risks as an outcome. Overall establishment and implementation of a controls standard and design practice to support R&C and T&I stakeholders, covering the complete risk and control lifecycle.
Organization Efficiency and Effectiveness
- Operate as a risk and control senior SME for R&C, managing the design of risk/control activities and supporting R&C domain teams in implementation.
- Design process universe RCSA activities and support assessments to ensure that the RSCA model for the Tech Process Universe is aligned to ORTF and consistently applied to all processes within the TPU.
- Own and deliver the T&I controls library in line with appliable internal standards.
- Own and deliver the T&I regulatory obligations baseline.
- Support delivery of T&I IT standards and provide review and sign off on behalf of R&C.
- Manage and drive process coverage and alignment to Bank standards and policies to ensure the process universe has demonstratable compliance.
- Own the end-to-end design and establishment of the T&I process universe (in relation to Technology Risk) as part of T&I obligations to the Enterprise Risk Management Framework.
- Ensure consistency and standardisation across lines of responsibility
- Support the delivery of the creation and review of Governance Committee papers for those owned and presented by T&I.
- Support Global Head Tech Risk in their capacity where they operate as a committee/forum secretary, and manage inputs and formal actions from any committees owned by R&C.
- Identify and instigate Technology Risk governance forums as necessary
- Independent review function, taking a broad and holistic view across activities to ensure consistency and best practice
- The role faces off to the 1LoD Technology Risk teams, 2LoD functions such as Operational & Technology Risk, Information & Cyber Security and Compliance as well as 3LoD Group Internal Audit to provide consistency across activities performed and ensuring that key regulatory aspects are met.
- Responsible for the strategic roadmap of all processes within the Technology Process Universe as it pertains to Technology Risk. Ensuring that a forward horizon is identified and managed in partnership with the Governance function.
People and Talent
- Lead a team of risk and control professionals and develop their skills to ensure they are at the forefront of Bank and external risk requirements.
- Coach T&I risk managers to upskill on risk and control knowledge.
People leadership responsibilities include:
- Lead through example and build the appropriate culture and values.
Set appropriate tone and expectations from wider teams and coach them when required.
- Ensure the provision of ongoing training and development of people and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
- Develops others through coaching, feedback, exposure, and stretch assignments.
- Employ, engage and retain high quality people, with succession planning for critical roles.
- Ensure the team members have a clear Job description and understand their role and responsibilities.
In addition to building talent and developing the direct team, role requires driving SME knowledge across Technology Risk roles within the bank to meet future needs.
- Responsible for the T&I Technology Risk tooling eco-system, addressing design issues and gaps.
- Establish a strategic approach to controls design and implementation which covers an 'end to end' model for control and risk lifecycles.
- Support the R&C control testing and assurance model with alignment to RSCA and control library models.
- Create and own the R&C risk taxonomy to provide greater risk insight and alignment across the T&I process universe and control reporting.
- Strong intra-action engagement across the three lines of defence and ensure that process engagements are simple and clear, including design related discussions. Challenging where required to ensure best outcome for the Bank
Regulatory & Business Conduct
- Display exemplary conduct and live by the Group's Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines, and the Group Code of Conduct.
- Drive the team to achieve the outcomes set out in the Bank's Conduct Principles: The Right Environment.
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Communication and Engagement
- Communicate risk initiatives and activities to the wider R&C function, as well as T&I process owners and control operators.
- Communicate best practice and risk information to R&C teams.
- Support the development of a wider risk management skills tree and training and awareness as a risk management SME.
- Develop and maintain business and professional networks. Engage and manage external vendors, where applicable
- Facilitate collaboration, networking and alignment within and across teams. Build alliances and reach consensus across senior stakeholders. Deepen business/function's stakeholder relationships, including (but not limited to): T&I MT; Finance, HR, Supply Chain Management
- Represent Risk and Control function, at the relevant committees / working groups / MT meetings, as required.
- Group CISO and COO, Trust, Data & Resilience
- Group Chief Information Security Risk Officer
- CRO, Functions, Technology & Innovation
- Global Head, Risk and Control, Technology
- Global Head, T&I Governance & Change, COO
- Global Head, ISRO
- Trust, Data & Resilience Management Team
- Technology & Innovation Management Team
- Perform other responsibilities assigned under Group, Country or Functional policies and procedures
Our Ideal Candidate
- This role requires 15+ years of relevant experience in either a 1LoD or 2LoD risk management or risk consulting role.
- Demonstrated experience of operational risk management at a senior level, with experience of engaging and including senior and C-Suite leaders.
- The candidate must be an established risk management professional and able to demonstrate though leadership and direction in the areas of risk management frameworks and control function.
- Technical IT domain and control knowledge is required.
- Senior level involvement in the roll out of a risk management framework in a multinational organisation is preferred.
- Professional risk management qualifications expected.
- Effective communication, presentation, and influencing skills are required.
- Able to articulate problem statement, conceptualize solutions and getting a buy-in are essential skills needed