Job Description
Global Resilience Risk Specialist
Technology Risk Lead
Global Operational and Resilience Risk (ORR) is a sub function of Group Risk. Its purpose is to make sure the bank understands, and is in control of its non-financial risk position.
In addition, the function provides resilience risk stewardship to global businesses, functions and entities we operate in.
This is achieved through:
1. Completing analytical assessments and opining on the control environment of the First Line of Defence (1LOD) within Businesses
2. Constructive challenge to the global businesses and functions on their control environment and assessment of risk
3. Oversight of emerging risks, strategic business initiatives and local change activity and new/ materially changed products
4. Analysis of risk exposure across all bank operations and territories to inform capital management and stress testing requirements
5. Completing thematic reviews and aggregated reporting of the Non-Financial Risk profile of the bank
6. Responsibility for the implementation of a Risk Management Framework (RMF) that sets out governance, policies and practices to proactively identify, assess, measure and report on, mitigate and control operational risk exposures associated with the businesses and operations at all levels of the organization.
7. The role holder will maintain close working relationships with the wider ORR team, locally, globally and globally
Key Accountabilities:
The role holder will have global responsibility for:
8. Leading the deployment of deep subject matter expertise around technology risk globally
9. Providing issues, event and incident oversight, including specialist oversight of technical controls globally
10. Supporting country and global ORR Managers with all technology risk related queries
11. Providing advice, guidance and challenge to senior businesses, functions and entity management, ensuring robust opinion is provided through global governance
12. Recommending risk appetite thresholds for technology risk, and oversee risk appetite monitoring
13. Providing guidance and support with policy writing, owning and monitoring compliance with a comprehensive set of clear and concise policies that outline the key principles and minimum requirements applicable to the management of technology risk
14. Engaging with risk owners, control owners and risk stewards to ensure technology risks are managed in accordance to policy
15. Overseeing compliance, for example, through the Risk and Control Assessment process, Top Risk Assessments and Incident Management process
16. Promoting and developing technology risk awareness and risk management culture in order to ensure that the material risks are both evident and effectively managed
17. Identifying any concerning trends and challenging the business to address these
18. Leading on defining the risk and control library, including minimum control standards, with input from Risk Owners, Business Service and Control Owners, specifying key risks and key controls
19. Recommending RCA scoping for technology risk controls and challenge where this is not appropriately applied in the RCA
20. Driving appropriate governance for technology risk across key stakeholders and senior control owners
21. Reporting on risk and control profile, including impacts of external environment changes, emerging risks and changes to the business strategy
22. Monitoring the local external environment to get early sight of emerging risks and provide detailed guidance on controls required to mitigate against them
23. Providing technical guidance to support development and completion of ORR and regulatory reporting obligations (e.g. RAS, top & emerging risks, risk profile reporting, RMM, Board reporting where relevant, etc.)
24. Ensuring any concerns with key controls and material change programmes, relevant to technology risk, are understood and escalated as required
25. Leading regulator and audit engagement pertaining to technology risk; ensure regulatory compliance for technology risk and timely completion of audit actions and findings
26. Support training and capability uplift across ORR to ensure robust understanding of Technology risk.
Requirements:
27. Strong leader with the ability to influence at the senior levels of the organisation
28. Expert level of technology risk management knowledge and relevant deep experience in this field
29. Comprehensive knowledge of the internal control environment
30. Ability to communicate effectively, building strong relationships and influence senior internal and external stakeholders
31. Comprehensive knowledge of the external environment (threat, regulatory, geopolitical, competitor, technological landscapes)
32. A change agent who challenges the status quo constructively and positively, leading relevant strategies that enable safe growth of the bank
33. An advanced degree preferable in relevant discipline (e.g. Masters, Doctorate etc.)
Location: Kraków
The Client will consider candidates from France, Germany UK etc... to work remotely whilst we are in a Pandemic and probably 2 days a week in Krakow after that point.
Salary will be in the range of Euros 75K - Euros 95K.
Do send your CV to us in Word format along with your monthly salary either in Euros or PLZ.