Full-time Stanbic IBTC Bank: Manager, Operational Risk Recruitment
Stanbic IBTC Bank is a leading African banking group focused on emerging markets globally. It has been a mainstay of South Africa’s financial system for 150 years, and now spans 16 countries across the African continent.
The Job : Manager, Operational Risk
Job Status: Full Time Job,Graduate/Exp
Job ID: 35800
Location: Lagos Island
Job Sector: Governance
- Risk Management: understanding all risks – from the economic to the political – that could affect our global business, and offering guidance to all parts of the bank
- To enable Business management in discharging their responsibility for managing Governance Standards, Risks and Operational Controls.
Manage Governance and Control across the Business:
- Ensure the overall operational risk management, governance and control across the business in conjunction with wider Risk Management teams.
- Ensure that the Business is supported by a robust framework of policies and standards with appropriate approval authorities.
- Facilitate the development of standards and ensure the documentation, implementation and assessment on a regular basis thereof.
- Facilitate the development of a common process across Business for self-attestation of compliance to control Policies and Business operational standards.
- Provide assurance to management that all policy requirements are addressed including Procurement, HR, BCM/DR, Health and Safety measures, Access Management, General Controls, Material Outsourcing etc. plus any other Regulatory / Management requirements.
- Provide information in an appropriate way for different audiences, e.g. business leadership so they understand the most significant risks, to governance committees (i.e. Mancos, Operational Risk and Compliance Committee (ORCC), Risk Oversight Committee (ROC) etc. to ensure they are aware of risks relevant to their parts of the business, and to relevant individuals within Business and to understand their accountability for individual risks.
- Provide education and training of staff to build risk capability/ raise policy awareness within the organization.
- Implement relevant as aspects of BCM programme of work as well as relevant oversight across business units
- Provide risk input with regard to assessments for change initiatives /process reviews and ensure material operational risks are duly mitigated
- Promote track and report on continuous improvement Initiatives to ensure Business compliance with relevant regulatory, risk as well as control standards.
- Support Group Risk Management response to the Bank’s Digital Strategy
Monitor Risk and Compliance for the Business:
- Ensure controls are in place for accurate and realistic information provided to the ORCC, ROC e.t.c.
- Provide quality oversight for Business self-assessments with regular audits of conformance including reviews of evidence provided, liaison with internal and external auditors.
- Ensure that all records in business unit risk registers, classified as High Risk are assigned action plan immediately. (Note: Items classified as Medium and Low “should” also have action plans defined).
- Ensure controls are in place to manage the of open Audit findings
- Ensure that all audit findings are closed before the due date and do not go into overdue status.
- Provide oversight and support the implementation of country’s programme of work to BCM / DR / Contingency planning, Access Management, Policies e.g. ensure processes such as purchasing insurance, implementing health and safety measures and making business continuity plans to limit risks and prepare for if things go wrong.
- Ensure that all mandatory compliance training is done across by direct reports in the operational risk team
- Ensure that information risk management process is robust and appropriate governance process is in place.
- Provide oversight for the management of all entries as well as data related to RCSA, KRIs, Incidents and losses uploaded on the Accelus Risk Manager (ARM05).
- Implementation, validation and monitoring of operational risk management processes within the business
- Continuously improve the operational risk processes with the intention of adding value to business whilst introducing practices that are fit for purpose in line with leading global practices
- Ensure that the business management are fully appraised of the operational risk status
- Provide operational risk tools training support to the business
- Validate reported operational incidents and exceptions, perform root cause analyses, identify potential opportunities for improvements to upstream processes/systems. Provide adequate operational risk review and evaluation of new product releases, and emerging risks due to changes to products and service offerings within the business
- Collaborate with head office and in-country business and other stakeholders (e.g. Operations, Legal, Compliance, FCC, PBB ,GRES, Physical Security and other risk type functions, and IT)
- Ensure that in-country and head office operational risk deliverables and strategies are met
- Perform sample-based back-testing analysis on specific operationally vulnerable areas to pre-empt the development of standards, procedures and process maps where operational gaps exist across businesses
- Facilitate RCSA’s , KRI’s, Scenario Analysis workshops with business; and monthly collation and validation of Key Risk Indicators, and other relevant risk metrics
- Assist in development of a cross departmental communications program on cross cutting operational risk issues, including those relating to shared enablement functions such as Finance, Operations, IT, HR and Risk divisions
- Pro-actively identify control deficiencies from Internal Audit, Internal Control assessments, Forensic investigations, BCM, incident management and external assessments (those outside of immediate environment) and through gap analysis to ensure ‘fit for purpose remediation by business of any risk exposures.
- To pro-actively manage business continuity risks/threats to the business.
- Support and Assist business entities in defining suitable and cost effective recovery strategies/plans in accordance with policies, standards and framework best suited to their environment and aligned to the culture, complexity and risk appetite.
- Works with Business Continuity stakeholders/ representatives in business to conduct, document and signed Business Impact Analysis in-line with business resilience standards
- Assist the business with Business Continuity readiness by conducting Desktop Work- through Exercise, simulation exercises, call trees etc. with them
- Coordinate the establishment and implementation of work area recovery site plan, document, maintain, rehearse and conduct recovery strategies exercises at WAR sites.
- Ensure third party recovery plans are validated in accordance to our recovery priority agreement.
- Manage and conduct business resilience exercises designed to ensure that all business functions and crisis teams are regularly tested in accordance to their criticality, capabilities and risk profile.
- Ensure BCM and IT DR are aligned with business risk appetite and recovery priorities, documented, tested and reported to create business awareness.
- Manage, train and administers the appropriate BCM tools ensuring they are up to date, functional and fit for purpose
- Provide monthly dashboard and POW update report
- Create staff education and awareness training to promote BCM awareness and culture using mechanism such as intranet, E-Learning, Emails, Presentations, periodic workshops and Email communications.
- Ensuring that the following business documents are up to date and ready for execution to recover their, people, business process, technology and facilities in the event of an emergency, crisis or disaster:
- Ensure wardens, Evac chairs training is conducted.
- Schedule and conduct call tree exercise in accordance with BCM standards
- Attend BCM related training workshops and provide thought manager-ship on BCM related matters.
- Monitors, Promote and maintains an understanding of current/future business continuity trends and threattest.
Assess and Monitor the Business:
- Collaborate with other members of the Risk Community to ensure that actions on the Business Top Risks are accurately and appropriately defined and tracked to ensure successful remediation and mitigation of high risk issues.
- Ensure that all Logical Access Management (LAM) procedures are in place, and attested to in terms of systems and staff role-based access requirements. This includes the appropriate monthly reporting and validation.
- Monitor the IT “vulnerability” landscape and ensure that all defined actions are implemented timeously and that the risks are satisfactorily reduced. This includes all mandatory patch management requirements and timelines.
- Facilitate the BCM process and testing of requirements across the Business landscape in accordance with the Group BCM policy. This includes all Crises Management Team (CMT) documentation and Alternate Recovery Site (ARS) plans.
- Coordinate, advise and report on actions required to resolve non-compliance issues
Manage People Development:
- Support the development of analysts in the team through interventions in areas relating to technical knowledge, report writing , hands-on supervisory support in managing key operational risk management tools, systems e.t.c
- Provide support for analysts around change in processes, projects and take responsibility for implementation.
- Ensure continuous improvement in the quality of assessment report, adhoc tasks e.t.c.
- Ensure that turnaround times and deliverables are met
- Manage Governance and Control across the Business
Preferred Qualification and Experience
- B.Sc Economics
- M.Sc or MBA
- Professional Qualification in Risk Management
- 7-8 years experience in Risk and Technology in a large global corporate environment.
- Good understanding of all aspects of Operational Risk Management.
- High degree of understanding of all aspects of risk within a technology environment
- Good understanding of the Operations function and business processes relating to Wholesale and Retail banking transactions. This includes Branch and Head Office operations management.
- Written Communication
- Evaluation of Internal Controls
- Remedial Action Development
- Risk Acceptance Risk Response Strategy
- Evaluating Risk Management Effectiveness
- Technology Orientation
- Risk Awareness
- Risk Management
How To Apply