Senior Operational Risk Officer CRO Tech Risk

  • Job category
    Banking and Finance, Information Technology, Risk Management
  • Job level
    Senior Management
  • Contract type
    Permanent, Full Time
  • Location
  • Salary
    S$16000 - S$32000

Job Description

About Standard Chartered

We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.

To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and Never settle - as well as our brand promise, Here for good.

We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.

Job Purpose

The purpose of this Senior Operational Risk Officer (SORO) role is a single point of contact (‘SPOC’) within Group Operational Risk Function for all Technology Risk matters concerning Technology & Innovation Group-led Processes. It reports directly to the Chief Risk Officer for Technology & Innovation, Group Operational & Technology Risk (GOTR). The role works closely with another B4 grade Group Operational Risk SORO for Technology Risk matters who also reports to the Chief Risk Officer for Technology & Innovation .

This role is a Second Line of Defence “challenge” role under the Group Operational Risk umbrella of non-financial risk-types, responsible for monitoring and ensuring that the Technology & Innovation Function meets their obligations under the Group Technology Policy using a risk management approach consistent with the Operational & Technology Risk Type Framework and Standard.

The Role Responsibilities

Take ownership of Second-Line Operational Risk responsibilities for activities performed under the Operational Risk Type Framework and Standard as they related to Technology & Innovation function. Work in partnership with the other B4 SORO in the oversight and challenge of business wide technology risk matters as required against the Operational Risk Type Framework: Activities include but not limited to:

Risk Appetite – Provide support for monitoring risk outcomes remain within Technology Risk appetite and challenge the appropriateness of treatment actions. Provide subject matter expertise in improving risk information in support of Risk Appetite.

Scenario Analysis - Provide support for selecting appropriate scenarios, help drive workshop outcomes with other members of an expert panel and challenge appropriateness of the analysis outcomes in support of the OR-led ICAAP.

Risk & Control Self-Assessments (RCSA) – Challenge key RCSA steps including Risk Assessments, Control Designs against Standards, Treatment Plans, Annual Reviews and Top Down Reviews for Group T&I Processes. Ensure assessments are completed timely and final approvals are obtained within the required approval authorities for Elevated Risks and Treatment Plans.

Response Framework – Challenge the 1st Line of Defence assessment of impact and treatment actions for materialised operational risk events (OREs) related to Technology failures.

Committee Reporting – Provide support to the CRO T&I for risk themes and actionable insights into Technology Risk matters that would benefit from escalation to the Technology Non-Financial Risk Committee.

Regulatory – Keep informed of regulatory developments in Technology Risk matters. Provide support for information requests on an as-needed basis and in the continued development of the Technology Policy.

Change Risk Assessments – Challenge the Technology function’s assessment of change delivery risks and the appropriateness of go-live readiness checks for prioritised projects.

Second Line Monitoring – Perform thematic and targeted assurance reviews for prioritised areas within the T&I function process universe.

Policy and Risk-Type Effectiveness Reviews – Provide support in monitoring effectiveness activities, including any independent reviews as required, for the Technology Policy and Technology Risk risk-type.

Horizon Risk – Contribute to horizon risk scanning activities performed by Group Operational Risk and support if needed the 1st Line of Defence equivalent activities.

Provide support or act as an advocate for the wider Group Operational Risk activities:

OR Systems and Infrastructure – Help to ensure the data quality of risk information held in the OR supporting systems(s).

Training & Awareness – Help promote the wider training available via the Group Operational Risk function and contribute as required to development of materials. Get involved as needed in developing or running training for Technology Risk.

AskOR – Support AskOR colleagues in resolving any queries directed to the Technology Risk OR sub-risk or Technology Policy.

Event Accountability (Behavioural Feedback Surveys) – Provide support to lead on an as-needed Event Reviews (i.e. Conduct accountability) for Materialised Risk Events and Behavioural Feedback for Material Risk Takers.

Key Stakeholders

Senior Operational Risk Officer, Technology Risk

Technology & Innovation Process Owners and Teams

Technology & Innovation Risk & Control Teams

Technology & Innovation CIO Domain Teams

Group Operational Teams, including other Operational Risk Officers aligned to the business.

Country Operational Risk Teams

Risk Framework Owners and SME delegates for risk types relevant to Technology Risk (Compliance, Information & Cyber Security, Operational Risk Sub-Types – Vendor Service, Change Management, Client Service Resilience).

Our Ideal Candidate

Comfortable leading a small/medium team and challenging risk-decisions made by more senior staff.

Able to demonstrate a risk-based approach to focus attention on the key risks and sound judgement on matters that can be dealt with autonomously versus matters that require escalation.

Comfortable looking beyond a purely task-driven approach and able to take ownership of the wider objective, while seeking support when required.

Passionate about keeping abreast of industry developments in technology risk and keen to advance their own subject matter expertise by seeking personal growth opportunities.

Able to demonstrate Advanced level of competency in Critical Thinking, Non-Financial Risk Management including Operational Risk, Managing Change and Stakeholder Management.

Able to demonstrate previous experience in technology risk roles (1st, 2nd or 3rd line of defence) and/or practical hands-on experience in delivering technology solutions or technology support with a view to make a career move into a risk role.

15+ years’ experience in financial institutions and/or highly regulated technology dependent industries.

Experience in advisory, audit, or consulting roles that require strong stakeholder management an advantage.

Professional Certifications related to technology risk (e.g. ISACA CRISC, CGEIT, CISA) an advantage.

Profession Certifications related to project management, software delivery lifecycles, technology processes (e.g. ITIL) an advantage or equivalent practical “on the job” experience.

Familiarity with modern and emerging technology techniques and an interest to stay abreast of industry developments (e.g. Agile development, DevOps, Cloud, APIs, Crypto, service-orientated architectures etc).

Apply now to join the Bank for those with big career ambitions.

Closing on 03 Nov 2021

orview more job listings from this company