About Standard Chartered
We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.The Role Responsibilities
The Operation Risk Manager role is responsible for and has oversight responsibility over technology risk management, compliance assurance, audit management and remediation across the functions that have been assigned to the role. This role is key and responsible for continuing improvements in the function&rsquos approach to risk identification, risk assessment, risk response and mitigation, risk monitoring and reporting, regulatory and audit engagement support and remediation within the relevant risk, compliance, security and assurance framework, policy, standards or processes of the Bank, as well as regulatory requirements and mandates
This risk and assurance role ensures a constant state of compliance, readiness and continuous improvement across process and systems, risk management and risk reduction, compliance, documentation and reporting.Key responsibilities include:
- Scope and plan domain or thematic risk and control reviews aligning with the function&rsquos key performance objectives, audit themes and key risk areas (may include suppliers where appropriate)
- Scope and plan risk / control reviews of significant new projects
- Provide guidance to stakeholders on execution of risk / control reviews
- Track material actions and risks arising from the reviews
- Provide support and guidance on control design to Risk Controller and Process Owner. Review and approve proposed addition of or change in controls
- Review and agree changes and / or new KCI and KRI with PO / UORM
- Represent the Domain as the Single Point of Contact (SPoC) on regulatory, internal and external audit engagements and as representation to Subject Matter Expert (SME) on these engagement meetings or calls
- Review adequacy of management response to audit findings
- Review progress and timely closure of audit findings
- Share thematic risk & audit findings across functions and units
- Stay current of regulatory requirements, threats and leading industry practice and advise Technology Service Head in risk management and control design
- Identify potential failure in process, advise and support risk treatment / mitigation
- Provide support and guidance on control design to Process Owner, Domain or Unit Heads. Review and approve proposed addition of or change in controls
- Review and agree changes and /or new KCI and KRI with PO /UORM
Advise on the design of KCI and KRI. Monitor and report on KCI and KRI as per metric defined
- Conduct control sample testing (CST) on key control to attest the control operating effectiveness (COE). Review trend analysis of exceptions and identify systemic failures. Identify material exceptions and escalate
- Review the adequacy and effectiveness of policies, standards, guidelines, process. Identify any material gaps, advice on control improvement
- Conduct domain risk forum monthly. Ensure Risk Forum is run as per Terms of Reference (risk objectives, domain management attendance, agenda and frequency). Drive risk management discipline and commitments
- Build effective relationships with leaders to facilitate:
- Effective risk management and monitoring for ITSM processes
- The provision of timely, expert advice and assurance and
- Partnerships with other functions to provide professional advice and assurance
- Drive the continuous improvement of risk and control processes, aligning to and avoiding duplication.
- Participate actively in the various Risk Forum.
- Participate actively in performing RCR, RCA, RCSA and ERR.
- Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
- Work with other domain risk team to drive efficiency, effectiveness and reduce duplication.
- Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction
Regulatory & Business Conduct
- Plan, drive and/or perform risk identification workshop and control adequacy review to identify risk, non-compliance, control gap, vulnerabilities and advise remediation, preventive, corrective controls to Service Head
- Ensure that the Domain (and units within) are sufficiently prepared for upcoming audits
- Provide timely and accurate reporting to appropriate committees
- Ensure appropriate oversight and facilitate resolution of high impact risk and issues
- Display exemplary conduct and live by the Group&rsquos Values and Code of Conduct.
- Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
- Lead the ITSM Service Operation to achieve the outcomes set out in the Bank&rsquos Conduct Principles
- Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
- Provide timely and accurate risk & control information to support regulatory meetings and RFIs
- Risk & Control Leads for various domains
- ITSM MT
- Tech Process Owners
- Tech Process Managers
- Legal and compliance
- GOR and GIA
- Facilitate or manage the risk remediation to provide timely update on progress in remediation and timely completion.
- Review remediation to ensure risks are significantly drawn down
- Manage remediation as committed by ITSM service owners
- Review remediation artefact to verify findings are remediated in full
- Constantly publish audit and remediation performance metrics and status dashboards to management
- Ensure that management (and any other stakeholder as required) is kept aware of the risk, control & audit profile of the function through periodical reporting
- Prepare and provide management report on risk, compliance audit or remediation to management team (MT), risk committee, forum
- Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action
- Ensure integrity of source and the processing of data to deliver accurate representation in management information
Our Ideal Candidate
- SPoC for the function on any Risk, Control or Audit change initiatives from Group or Technology Governance
- Drive implementation and adoption of agreed initiatives across the function including training, communication and awareness.
- Bachelor Degree in Computer Science / Information Technology, Engineering, Finance or equivalent
- CRISC, CISA, CISM, CISSP or equivalent risk certification is definite advantage
- ITIL Certification - Foundation minimum, Intermediate would be an advantage
Apply now to join the Bank for those with big career ambitions.
To view information on our benefits including our flexible working please visit our . We welcome conversations on flexible working.