Job Description

The Role Responsibilities

The Operation Risk Manager role is responsible for and has oversight responsibility over technology risk management, compliance assurance, audit management and remediation across the function. This role is key and responsible for making continual improvements in the function's approach to risk identification, risk assessment, risk response and mitigation, risk monitoring and reporting, regulatory and audit engagement support and remediation within the relevant risk, compliance, security and assurance framework, policy, standards or processes of the Bank, as well as regulatory requirements and mandates.

This risk and control role ensures that a constant state of compliance, readiness and continuous improvement across process and systems are established for the domain. The role primarily focusses on risk management and risk mitigation, compliance, documentation and reporting.

Key responsibilities include:

• Represent the Domain as the Single Point of Contact (SPOC) on regulatory, internal and external audit engagements and as representation to Subject Matter Expert (SME) on those engagement meetings or calls
• Scope and plan thematic risk assessments / conduct Control Self-Assessment Reviews for the applications within the domain and proactively identify and log risks and actions.
• Track compliance to Technology and Operations process non-compliances.
• Provide guidance to stakeholders on execution of risk / control reviews
• Review progress and timely closure of Technology Risks and Audit Findings
• Review the adequacy of management response to audit findings
• Build and maintain strong and positive working relationships and effective means of communication with other risk associates, including the ET Risk Management, Operational Risk Management, etc.,
• Conduct control sample testing (CST) as applicable to the domain on the key controls. Attest the control operating effectiveness (COE). Review trend analysis of exceptions and identify systemic failures. Identify material exceptions and escalate.
• Provide required inputs for the monthly domain risk forums in line with the agreed Terms of Reference (risk objectives, domain management attendance, agenda and frequency).

Strategy

• Build effective relationships with leaders to facilitate:
• Effective risk management and monitoring for Data Technologies domain and its application services
• The provision of timely, expert advice on risk and control and
• Partnerships with other functions to provide professional advice on risk management

Processes

• Stay aware of information security policies, standards, business continuity, data management and other Technology and Operations Policy, Processes and Standards.
• Identify potential failures and operational risks within the process - advise and support risk treatment / mitigation through RCSA reviews.
• Review the adequacy and effectiveness of policies, standards, guidelines, process. Identify any material gaps, advice on control improvement

People and Talent

• Strong interpersonal skills and the ability to develop effective trustworthy relationships with the stakeholders
• Lead through example and tone and help to build the appropriate culture and values within the team and across the wider organisation, communicating vision and building commitment and energy to focus on key priorities

Risk Management

• Ensure all activity adheres to the Risk Management Framework, with a specific focus on ensuring an effective framework for the management of Operational Risks within the team as they pertain to the role.
• Participate actively in the various Risk Forums with the domain and senior stakeholders.
• Support the R&C control testing and assurance model with alignment to RSCA and control library models.
• Adopt an anticipatory approach to risk assessment through stakeholder engagement and monitoring of the external environment.
• Work with other domain risk team to drive efficiency, effectiveness and reduce duplication.
• Provide robust challenge and escalation to senior management to ensure activities achieve risk reduction

Governance

• Support and participate in risk identification workshops and control adequacy review to identify risk, non-compliance, control gaps, vulnerabilities and advise remediation, preventive, corrective controls to Service Head
• Ensure that the Domain (and units within) are sufficiently prepared for upcoming audits
• Provide timely and accurate reporting to appropriate committees
• Ensure appropriate oversight and facilitate resolution of high impact risk and issues

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group's Values and Code of Conduct.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Contribute to the ET Data Technologies Services Risk Management and help the domain to achieve the outcomes
• Adhere to Bank's Conduct Principles
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
• Provide timely and accurate risk & control information to support regulatory meetings and RFIs

Management Information

• Ensure that management (and any other stakeholder as required) is kept aware of the risk, control & audit profile of the function through periodical reporting.
• Prepare and provide management report on risk, compliance, audit or remediation to management team (MT), risk committee and related forums.
• Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action.
• Ensure integrity of source and the processing of data to deliver accurate representation in management information.

Remediation

• Facilitate or manage the risk remediation to provide timely update on progress in remediation and timely completion.
• Review remediation to ensure risk impact is significantly brought down
• Manage remediation as committed by ET Data Technologies service owners
• Review remediation artefact to verify findings are remediated in full
• Regularly publish audit and remediation performance metrics and status dashboards to management

Other Responsibilities

• SPOC for the function on any Risk, Control or Audit change initiatives from Group or Technology Governance
• Drive implementation and adoption of agreed initiatives across the function including training, communication and awareness.

Key Stakeholders

• Technology & Innovation Management Team
• Risk & Control Leads for various domains
• Global Head, Data Technologies.
• Data Technologies Management Team
• Chief Data Officers
• Head of Information Cyber Security
• Technology Process Owners and Process Managers
• Compliance Leads
• Group Operational Risk

Our Ideal Candidate

• Master's or Bachelor's Degree preferably in computer science / Information Technology, Engineering or equivalent
• 10+ years of relevant experience in a Technology cum Operational Risk Management roles
• Will require a reasonable understanding of Data Technology Platforms, Hadoop framework, Big Data, BI tools, CI/CD technologies, Technology standards, Security controls & Governance Framework.
• Knowledge of DevOps, Micro Services architecture, APIs, will be added advantage
• Requires thorough understanding of strategic direction of the function, combined with a solid conceptual/practical grounding in both the function and operational and technology risks.
• CRISC, CISA, CISM, CISSP or equivalent risk certification preferred
• Possess good knowledge of IT process, governance and change.
• Senior level involvement in the roll out of large applications in a multinational organisation is preferred.
• Excellent communication skills required in order to negotiate internally, often at a senior level.
• Responsible for providing support, best practice and guidance, as well as 'hands on' on Risk Management (operational and technology risks) operating as the interface with T&I and wider Bank stakeholders across all three lines of defence to manage framework.
• Able to articulate problem statement, conceptualize solutions and getting a buy-in are essential skills needed
• Good presentation skills with senior stakeholders is an added advantage.

Role Specific Technical Skills And Competencies

• Operational Risk Management
• Data Technology - Big Data - Hadoop
• Cloud Technology - Azure / AWS
• Information Security
• Data Compliance, Privacy, Secrecy etc.,
• DevOps CI/CD
• Software Development Lifecycle, Agile Methodology
• Audit Management
• ITIL Foundations

About Standard Chartered
We're an international bank, nimble enough to act, big enough for impact. For more than 160 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents. And we can't wait to see the talents you can bring us.
Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion. Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do.
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well.
• Be better together, we can be ourselves, be inclusive, see more good in others and work collectively to build for the long term.

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual, parental/maternity (20 weeks), sabbatical (12 weeks maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits.
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Recruitment assessments - some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website