Operation Risk Management with It Risk

Experience: 2-4 years of relevant experience in risk identification and management, Enterprise Risk Management (ERM), Operational Risk Management (ORM), incident governance, compliance and/or audit.

• Candidate should have worked extensively on maturing the risk culture through diligent initiatives
• Ideal candidate having experience in the financial services industry and a working knowledge of regulatory requirements
• Profound knowledge of Risk Management (regulatory requirements, industry leading practices & trends in ORM and ERM)
• Ability to articulate complex concepts and information in a clear, concise and structured manner
• Strong strategic, analytical, and decision-making skills
• Proven relationship management skills and ability to influence a large and diverse group of stakeholders (often without organizational structure) through persuasion, intellect, experience, strong interpersonal skills etc.
• Stay abreast of current industry standards, regulations and external environment
• Develop and maintain knowledge of systems and data to ensure optimal use of technology

Attitude:

• Fast paced and prompt
• Energetic and Enthusiastic
• Self-motivated
• Be a self-starter and display a proactive approach

Job Responsibilities:

• Risk & Control Self-Assessment (RCSA):
• Assist in the execution of RCSA exercises by working with business units to identify inherent risks within processes, systems, and activities.
• Carry out detailed walkthroughs and process mapping to identify significant risks and controls
• Document and maintain risk and control matrices for various functions, ensuring completeness and accuracy of data.
• Help evaluate the design and operating effectiveness of controls identified during RCSA to highlight gaps or weaknesses.
• Support periodic updates and reviews of RCSA results to keep risk assessments aligned with evolving business environments.
• Key Risk Indicator (KRI) Monitoring:
• Collect, analyze, and report on KRIs across different operational areas to monitor risk exposures and trigger early warning signals.
• Collaborate with relevant departments to ensure KRI data integrity and timeliness.
• Generate KRI trend reports and escalate any threshold breaches or emerging risks to senior risk management.
• Operational Loss Tracking and Reporting:
• Maintain a comprehensive operational loss database, ensuring all loss events are recorded accurately with appropriate details.
• Assist in root cause analysis of operational losses to identify risk factors and control failures.
• Facilitate trend analysis and lessons-learned exercises stemming from operational loss data.
• Operational Incident Review:
• Participate in the review and analysis of operational risk incidents, including security breaches, system failures, fraud events, and process breakdowns.
• Document risks and controls pertaining to incident investigation findings and corrective plans.
• Control Testing and Validation:
• Assist in planning and execution of control testing activities to verify that risk mitigation measures are functioning as intended.
• Collect evidence, perform control walkthroughs, and document findings to support control effectiveness assessments.
• Communicate test results to control owners and follow up on remediation actions for any identified deficiencies.
• Maintain records of control testing results to support audit and compliance requirements.
• Risk Awareness and Training Support:
• Support the development and rollout of risk awareness programs, workshops, and communications to enhance understanding across the organization.
• Assist in preparing materials, such as newsletters, presentations, and e-learning content related to operational risk.
• Foster a culture of proactive risk management by engaging with teams to promote compliance with risk policies and procedures.
• Others:
• Review new product / process documentation and be able to identify the impact of the same on the Operational risk profile and ensure that adequate mitigation measures / controls are in place
• Monitor, review, and communicate the impact to the risk profile of future initiatives, including new product / process assessments, targeted risk reviews, major business changes, changes in regulations and changes in the operating environment.
• Work together with other organizational line of defense (i.e. Compliance, Internal Audit, etc.).
• Managing and building relationship with ORM vendors.
• Manage and coordinate various audits for Operational Risk Management (ORM), including Internal, ISO, Infosec, Regulatory, and other audits, to ensure compliance and effective risk management framework is in place.