Job Description
Role Summary and purpose
This role supports the development and delivery of a risk-based operational risk management program, working across business units to identify, assess, and mitigate risk. It involves maintaining risk registers, supporting control testing, and contributing to risk reporting and trend analysis for senior management. The role assists business stakeholders with incident reporting, corrective action planning, and the management of business and systems changes. It also supports risk-related training delivery and the coordination of certification initiatives such as ISO 27001 and SOC 2.
Job Duties and Responsibilities
Primary (what they do 80% of the time)
- Support the development, implementation, oversight and monitoring a risk-based program to identify, assess and mitigate any operational risk.
- Work with assigned business units to provide operational risk support and subject matter input for projects and initiatives.
- Provide support to senior risk management team members, as required
- Support the maintenance of operational risk registers, risk assessment tools, templates, and documentation repositories.
- Support control testing activities to evaluate the adequacy and effectiveness of policies, procedures, processes, systems and internal controls.
- Support the analysis of business and/or systems changes to determine operational risk impact.
- Identify and assess operational risk issues and support the assignment of risk ratings in line with established policy standards.
- Support the preparation and reporting of findings, and draft recommendations for business line management to mitigate identified operational risks.
- Support business stakeholders to report incidents and to develop corrective action plans and assist in managing change.
- Support the development of risk related training materials and deliver new joiner induction and periodic refresher training.
- Support the coordination and production of periodic operational risk performance reports for senior management, including trend analysis and recommended strategies.
- Support planning, execution, and coordination activities for certification initiatives such as ISO 27001, SOC 2, and other relevant certifications including certification audits
- Support multiple risk management initiatives, contributing to risk assessment, mitigation, and reporting activities as required.
Secondary responsibilities
- Support senior operational risk management team members in ad hoc risk assessments, analysis, reporting, and stakeholder coordination activities.
- Contribute to continuous improvement initiatives by identifying process gaps, control enhancement opportunities, and efficiency improvements.
- Stay informed on relevant operational risks, information security, and compliance developments and support knowledge sharing within the team.
