Qualifications: - Understanding of and ability to apply risk management and control frameworks and industry best practices. - Understanding of risk impact on key objectives and critical processes - Knowledge of risk management programs, practices and processes inclusive of risk identification, analysis, response, communication, monitoring and escalation. - Ability to link risk management programs and initiatives to inform critical business strategies and processes - Excellent analytical and quantitative skills and demonstrated ability to assimilate new information, understand complex topics, and arrive and sound analysis and judgment. - Strong communications (verbal, written, and presentation) skills. - Strong interpersonal and customer service skills; ability to negotiate, influence, and build collaborative cross-organization relationships, even in difficult situations. - High degree of initiative and ability to self-start and self-prioritize assignments, and make timely and effective decisions. - Demonstrated ability to manage multiple/ simultaneous complex projects independently, ensuring all deadlines and objectives are met. - Strong organizational skills and some management skills with ability to collaborate the day-to-day operations in a large diverse team - Ability to thrive under pressure and juggle multiple tasks and quickly adapt to changing priorities - Ability to accept changing roles, responsibilities, work processes, assignments, etc. - A high level of proficiency with MS Office and Applications - Bachelor`s or Master's degree, preferably in finance, accounting, business administration - Relevant risk management /audit certifications (CFA, CPA, CIA, CISA, CRMA, CAMS, FRM, PRM) or credentials preferred Responsibilities: 1. Group's risk and control self-assessments, evaluate and implement related controls (e.g., operational, technology, information security, business continuity, vendor management, compliance (ethics and conduct, fraud, sensitive information management), financial statement reporting, etc.), including first line review, challenge, and quality assurance, and analyze information (e.g., risk assessments, risk events, root cause analysis, audit findings, KRIs/KPIs, etc.) to identify: risks, process and control improvement opportunities, and effective mitigation strategies. 2. The design and implementation of the Group`s annual SOX program, and control validation or testing, including oversight and completion of in-scope process documentation (e.g., narratives, flow charts, risk and control matrices, etc.) and testing of key controls to support Group objectives. 3. Advise the Group`s business areas on the design, implementation, and monitoring of controls; the identification of vulnerabilities; and the development of remediation plans to enhance the overall resiliency posture, including identifying, monitoring, and responding to program/project risks (e.g., risk registers, mitigation plans, etc.), other change management initiatives, or internal or external audit engagements. 4. Advise the Group`s business areas on the design, implementation, and monitoring of risk tolerances and risk indicators; the management of strategic risk, reputational risk, emerging risks, and risks associated with new activities; 5. Analyze and prepare reports (risk profile, risk package, metric dashboard) on business risks to identify themes or trends, and promote effective information dissemination and transparency of existing and emerging material risks and control issues. 6. Identify, measure, monitor, report on risks within the Group`s information technology domain, and assess the adequacy of controls including information security, cyber security, SDLC, and project management. 7. Lead ad hoc assignments, special projects, or initiatives. Participate in forums, training sessions, or work groups within the Group or with the Bank`s central risk and control areas to develop solutions that improve the Group or Bank's risk management capabilities. 8. Contribute to national program related initiatives, change management, transition assessments and initiatives. 9. Contribute to Business Continuity and Cyber Resiliency activities across the Group by updating the BC Plan, assisting in annual tabletop exercise and assisting in Business Resumption Testing (as needed). 10. Identification, evaluation and management of risks associated with vendors and other third-parties who provide products or services supporting key business activities.
