Accountability: Resilience Risk Policy and Standard Oversight & ownership (at BU level)

• Providing clear direction to the business units on the Resilience Risk role, strategic plan and key focus areas.
• Provide relevant coaching, guidance and training to the businesses on the implementation and maintenance of the Operational and Resilience Risk framework components (including Risk and Control Self-Assessment, Risk indicators, Events, Strategic Risk Assessments, and Key Risk.
• Assess the level of compliance of business for the relevant risk frameworks, policies and standards.
• Keep up to date and remain relevant with the Operational and Resilience Risk framework, policies, standards, procedures and relevant legislation/regulations.
• Act as the specialist in business for all elements relevant to the Resilience Risk types, including the ownership of related initiatives and support.

Accountability: Strategy Development & Formulation

• Provide input into the 2nd line strategy for managing resilience risk across business area
• Second line monitoring, checking and challenging first line in the setting and execution of the Resilience Risk strategy, leveraging off 1st line Governance and Control resources in each business area for execution, where applicable.
• Provide thought leadership and drive consistency in the second line approach to Resilience risk across the BU.
• Monitor Combined assurance strategy and actively participate in the combined assurance forum.
• Ensure that each business areas have measures in place to monitor and manage all of the Resilience Risk type profiles.
• Drive the development and implementation of standards, where applicable.
• Establish risk appetite in conjunction with the business, to ensure that business maintains exposure in line with this appetite based on a balanced risk/reward decision.
• Drive the embedment of the Group ORRMF, promoting the integration of resilience risk considerations, into all risk reward decisions and general business management.
• Actively play a senior role in the Management Committees of the product/service area assigned to, as well as in the Operational risk 2nd line Manco.

Accountability: Resilience Risk Management Oversight Planning

• Assess, challenge and monitor the current and forward-looking exposure (financial and non-financial) to Resilience Risk (i.e. considering all framework elements, strategic planning, business expansions/ contractions and other major change programmes, including new product approval).
• Act in an advisory capacity to support the scoping and definition of related Operational and Resilience Risk deliverables and plans, ensuring that these are aligned to the Group Operational and Resilience Risk calendar.
• Assist in ensuring Business readiness for assurance reviews and deep dives and play an active role in the discussion of issues to be reported from assurance reviews, ensuring that issues are valid and factually accurate, and actions are well defined and timed appropriately

Accountability: Resilience Risk Evaluation

• Assess the relevance and performance of the Resilience Risk indicators and thresholds.
• Review the key risk assessments related to the business units for completeness, with appropriate challenge.
• Check and challenge the end-to-end Resilience Risk profile of the business unit, including emerging risks
• Consider all framework elements, strategic planning, business expansions/contractions and other major change programmes / new product approval.
• Partner with the first line of defence to provide guidance on issue/action documentation, tracking, escalation and remediation.
• Perform conformance reviews.
• Oversee deep dive- and lessons learnt exercises for material risks, including the review, challenge and tracking/escalation of findings.
• Review major remediation plans for adequacy, completeness and progress
• Oversee monthly loss event reconciliations and related attestations to ensure that all (above threshold) risk events and losses have been captured on the Operational Risk system.
• Leverage internal central engagement channels/resources, as appropriate.
• Oversee the effective oversight and management of all resilience risk types within the ORRMF.
• Assess the key risk framework for appropriateness.
• Assess the relevance and performance of key risk indicators and thresholds.
• Review and challenge the overall key risk assessments. Provide input to the Group Policy and Standards; and Contribute to the Operational and Resilience Risk Committees and forums

Accountability: Resilience Risk Governance and Reporting

• Validate data and information in relevant reports provided by first line of defence, as appropriate.
• Provide independent challenge on, and insight, interpretation and analytics from relevant reports to senior management.
• Ensure appropriate reporting and escalation at the various BU Governance Forums.
• Provide input into the appropriate current and forecasted Operational and Resilience Risk profile reporting for the business units as agreed.
• Review and Challenge first line of defense reporting on the risk profile.
• Compile and/or review reporting to senior forums and Regulators on behalf of the BU, where required.
• Represent the BU in reporting forums across the Bank and with external parties where required
• Check and challenge Resilience Risk governance followed by first line of defense
• Check and challenge governance where 3rd Party vendors offer services to BU.
• Own and manage second line governance, where applicable.

Accountability: Combined Assurance

• Participation on BU assurance activities, in line with the combined assurance model and ensuring that are undertaken to independently assess the effective implementation and embedment of the ORRMF, its associated policies and standards and management of the underlying risks across the organisation and will include risk based approach
• Assist in ensuring Business readiness for assurance reviews and deep dives. Play an active role in the discussion of issues to be reported from assurance reviews, ensuring that issues are valid and factually accurate, and actions are well defined and timed appropriately.
• Develop and execute, in collaboration with Internal Audit, Group Risk, Group Operational and Resilience Risk, Functions and Compliance, an effective and efficient methodology/working model for combined assurance (assurance and conformance assessment) of operational and resilience risk practices against the framework, policies and standards.
• To achieve the required 2LoD assurance responsibilities, perform conformance reviews to provide assurance that Resilience risk frameworks, policies and standards are effectively implemented and embedded within the BU, and perform discretionary control testing, in accordance with the Assurance Standard.

Accountability: Behavioural Competencies

• Personal accountability.
• Independent in practice and in thought.
• Engaged with a visible level of presence.
• Drive the right risk culture in the business.
• Appropriate level of curiosity.
• Confident to responsibly challenge, even if based on gut feel and not on data or facts.
• Ability to manage conflicts.
• Influential.
• Crisp and clear communicator, verbally and in writing.
• See the big picture, however, can get into the detail where necessary.
• Focused without adopting a silo mentality.

Education and Experience (Required)

• B. Degree in Information Technology (IT); Information Systems; Risk Management or other IT Risk focused subject matter
• Minimum 7 yrs. core Resilience / IT Risk Management experience
• IT Risk Management experience essential, including knowledge of associated ISO and relevant industry standards
• Change management and Business Continuity Management experience advantageous
• IT Audit experience advantageous
• Exposure to Resilience / IT Risk Governance and Senior level Committees and Forums
• Experience with Risk Framework elements specifically Resilience/IT Risk management
• Experience in dealing with multiple and diverse stakeholders
• Knowledge of IT risk regulation and industry standards

Competencies

• Structured problem-solver
• Innovative way of solving problems
• Creative thinking
• Future thinking
• Open minded
• Resilient
• Adhering to principles and values
• Relating and networking
• Persuading and influencing
• Presenting and communicating
• Applying expertise and technology
• High levels of agility to adapt and respond to change

Knowledge and Skills

• Knowledge of Banking Legislation
• Knowledge of the risk environment and Risk management
• Knowledge of risk regulation and industry standards

Education

Bachelor`s Degrees and Advanced Diplomas: Business, Commerce and Management Studies (Required)