Senior Manager, IT Operational Risk
As the second line of defense for businesses in the United States, Operational Risk provides independent oversight and challenge as well as assists in the development of the methodologies, policies, process, and tools to support the Operational Risk Management Framework.
- Champion the U.S. IT Risk Management Framework and best practices within the Bank while acting as a center of excellence for IT Risk in the U.S.
- Develop IT Risk Management standards that align to industry best practices and ensure effective processes are in place to identify measure, manage, monitor and report on IT risks.
- Promote the IT risk agenda and activities in the region through U.S. Wide communications, IT risk awareness training, and partnering with the businesses on cultural change.
- Provide clear and comprehensive reporting to the U.S. Head of Operational Risk, U.S. Committees, Senior Management and Regulators (as required) to adequately present the bank’s IT Risk Profile inclusive of trending, recommendations, and mitigating factors.
- Collaborate with the lines of business by acting in a consultative capacity to advise on IT risks that influence their business and ability to meet established strategic objectives, while maintaining oversight and objective challenge.
- Challenge the output of the first line in the IT Risk & Control Assessment process for the U.S., covering Legal Entities, Processes and Business Lines.
- Challenge investigation of IT Incidents to define root causes, and provide input into remediation actions.
- Perform Deep Dives and scenario analysis to assess the effectiveness of controls surrounding key processes and to identify remediation for gaps to actively and demonstrably mitigate IT risks.
- Collaborate with Global Wholesale Technology to establish, monitor and report on Key Risk Indicators.
- Coordinate with Global IT Risk Management and other control counterparts to share best practices and methodologies intended to improve the control environment.
- Stay informed on the bank’s Data Leakage Prevention programs, review breaches for the U.S. and identify methods to reduce the potential for data leakage.
- Play a pivotal role in challenging Logical Access management in the region, that system access for all employees corresponds to their job function, recertification of access is performed in a timely manner within the bank’s global program, a robust process is in place for joiners, leavers, transfers, and risk gaps, such as excessive access or toxic combinations, are escalated.
- Monitor Cyber Security risks and the controls in place within the bank, and the understanding of the risks by U.S. senior management.
- Design, Implement and Promote Risk Reduction Tools.
- Oversee the effectiveness of the Third Party / Vendor Management Program within the U.S. in relation to IT Risk, inclusive of due diligence, reporting and compliance with regulatory expectations.
- Support the U.S. Operational Risk Management team with Non-IT Risk deliverables.
- Manage IT Risk related Interactions with Regulators and Auditors.
- Experience of investment banking in a financial institution and exposure to multiple products.
- Strong expertise in IT Risk Management (e.g. Cyber Security, Logical Access, Data Leakage).
- Industry certifications desirable (e.g. ISACA).
- Proficiency in VBA for Excel desired.
- Expertise in Operational Risk Management.