The primary focus of the role will be the management of Operational Risk as it relates to:
business aligned technology; and
cyber security.
The role will have a secondary focus supporting the broader Operational Risk team in providing 2 nd line
oversight of other business areas and support functions as required from time to time, although
specialist knowledge of these areas is not a pre-requisite.
The role reports to the CISO & DPO.
Key Responsibilities:
Facilitating Risk and Control Self Assessments (RCSA) by Risk Owners to ensure completeness (e.g.
against industry standard frameworks such as NIST and COBIT) and accuracy. This will include
running risk assessment workshops with various business areas and support functions, and
consolidating the results into operational risk maps
Advise Risk Owners on methods to develop and implement risk identification processes that
incorporate internal and external business environment, integrates key risk indicators, business
process changes and loss experience to effectively monitor risk in accordance with established
operational framework and methodologies
Collecting and analysing operational incidents to ensure that relevant lessons are learnt; agreed
action plans monitoring and escalating the issues to the management attention when necessary
Providing independent 2 nd line assurance of the effectiveness of the control environment through
thematic reviews and key controls testing) and advising on likely effective control approaches and
mitigation activities
Building strong relationships with relevant business areas to be aware of business developments and
their impact on the operational risk profile
Building strong relationships to work with Op Risk colleagues in other locations
Monitoring and reporting on risk status and changes to the control environment