Operational Risk Manager

Reporting directly to the Head of Operational Risk, this is a Second Line of Defence role under the Risk Management function. The OR Manager is responsible to drive and oversee the effective implementation of Operational Risk framework and agenda while aligning them to the Bank’s overall digital strategy.

Job Responsibilities:

- Assist with developing and implementing Operational Risk Framework and all associated policies and procedures and ensure they are effectively embedded into the Bank’s control environments.
- Act as the central point of contact for operational risks for all Technology Risk matters, challenging business activities/ processes that are not aligned with the established risk appetite, controls that are not adequately designed or dispensation/ residual risk acceptance that have not been approved by the appropriate authority.
- Collaborate extensively with the stakeholders (e.g. Technology, Information Security, Cyber Security teams) during the "build" phase to ensure systems/processes are built with robustness and clear accountability.
- Assess key business initiatives/ programs particularly Key Automated Controls and well versed in consumer banking systems and technology processes. Able to leverage on these knowledge to provide advice and work with stakeholders to drive forward looking risk management effectively.
- Keep abreast of the regulatory landscape in Technology Risk matters and ensure regulatory requirements are embedded in the relevant processes.
- Monitor all risk events against the Bank's established Risk Appetite, Limits & Thresholds and to work with Issue Owner/ Risk Owner in taking proactive measures to prevent any breaches; which may include challenging the effectiveness of the treatment plan to fix root causes/ prevent recurrence.
- Implement the risk incident management process including registration of risk events, reporting of remedial action statuses and delivering risk incident reports/ MIS for senior management and regulators.
- Assess the impact analysis & remedial action plans submitted by 1st Line of Defence for material operational risk events (OREs), near misses (NMs) and Root Cause Analysis (RCAs). Ensure stop gap measures are implemented timely and final approvals are obtained to ensure full resolution.
- Conduct Ops Risk Assessment (ORA) for potential change delivery risks arising from new product/ system roll-out to ensure no unresolved material defects before go-live for High-Impact projects.
- Lead discussions with stakeholders to understand business priorities/problems and translate them into data analytic initiatives (rule-based/ ML) to enhance the risk management cycle in terms of identification, analysis, solutioning and monitoring of operational risks (inherent/ emerging/ recurring/ residual risks).
- Lead the design of the Control Self-Testing (CST) Process, KCIs/ KRIs establishment and guide Business (where necessary) in identifying and developing key control testings, which may entail challenging key CST steps against minimum control standards to ensure robustness/ effectiveness.
- Conduct any independent or thematic review as required.
- Conduct training activities to Business & Functions to promote the understanding of Operational risk requirements and risk/ control awareness. This entails maintaining active engagement with Business/ Function Heads so that they understand and accept their operational risk management responsibilities.
- ORM system: Constantly develop and maintain risk tools and systems. Assist to maintain good quality of OR risk information/ data.
- With minimum 10 years of experience in Technology, Operational Risk Management, Internal Audit within financial institutions, and/or highly regulated technology dependent industries.
- Able to demonstrate previous experience in technology risk roles (1st, 2nd or 3rd line of defence) and/or practical hands-on experience in delivering technology solutions or technology support.
- Bachelor's degree or higher from a globally recognized university. Related certifications (CISA, CISSP, CIA, CPA, ACA, CFA or similar) are a plus.
- Professional Certifications related to technology risk (e.g. ISACA CRISC, CGEIT, CISA) an advantage.
- Good understanding of technology and retail products in the digital banking space. Familiar with modern and emerging technology techniques and an interest to stay abreast of industry developments (e.g. DevOps, Cloud, APIs, service-oriented architectures etc).
- Familiar with risk management concepts and tools. Specific wide span of end-to-end experience across functions such as (but not limited to) Product Design & Development, Fraud Risk Management, Outsourcing/Eco-system Management & Business Continuity Management.
- Good knowledge of technology and consumer banking related regulations. Prior regulatory exposure is a plus and familiar with related MAS regulations such as Guidelines on Risk Management Practices, Business Continuity Management & Outsourcing.