Job closed
Ref: HP048-1329
Job description / Role
Job Description
Assist the Country Head, Risk & Control / CIO/ Business / Function Ops Head / Regional Head, Risk & Control in coordinating, driving and directing effective compliance with the prescribed operational risk management framework..Facilitate and ensure alignment to SCB policies and procedures within the day to day processing environment of the function. Implement effective controls to minimize operational losses. Ensure management of risk and timely resolution of issues. Perform following activities CST, raising risk, potential loss, actual loss and near misses in EORP
Strategy
1. Validation of Controls (CST/KCI)
Perform CST checks, identify, assess and document exceptions. Validate sampling techniques, results and exceptions arising thereof for peers (cross function review). Review trend analysis of exceptions and identify systemic failures. Identify material exceptions and escalate..Agree on actions arising from the treatment plan.
2. Incident Management (EORP)
Draft, review and raise risk items in EORP and ensure the timelines as per the policy for raising a risk item is not breached. Input and validate Ops Losses / Near Misses reporting in EORP. Oversight of validity and integrity of data in EORP. Support units in root cause analysis and treatment plans.
3. Process Risk Analysis
Perform a risk based review of processes within your area. Conduct at least one process analysis on a monthly basis. Facilitate and ensure alignment to SCB policies and procedures within the day to day processing environment of the function. Process review should also include comparing against the applicable regulations/country addendum -CA/ PPG for appropriateness. Initiate spot checks and surprise reviews where needed to check if the process and control environment is effective. Support CIO/Business/Function Operations Head in review of operational capability as part of ORF/ Policies/GPS/PPG / CA review/roll-out. Ensure that the process changes are accepted and agreed by the relevant stakeholders.
4. IT risk meeting forums
Consolidate and update the IT risk meeting pack and track all risk items and open CST exceptions for closure.
5. DGF meeting
Assist Head R&C in consolidating and updating the DGF meeting pack and track items for closure. Escalate IS/ Cyber and data related issues to be tabled in DGF
6. Risk Reviews
Scope and plan thematic risk / control reviews arising within area of coverage in-country. Carry out, reviews and sign-off findings from Spot Checks and Mystery Shopping. Plan and drive checks/ reviews in partnership with independent parties (where necessary), with senior management's agreement. Support Ops in relaying on the current control environment. Review of progress and timely closure of audit findings. Share thematic risk & audit findings with other units/ lines in and across countries, if applicable.
7 .Business Continuity Plan (BCP) & Impact Analysis (BIA)
Review and ensure availability of updated Business Continuity Plans (BCP) documented and Business Impact Analysis (BIA) for department. Review appropriateness of documented test results and raise through risk forum any gaps arising from such review.
8. Pro-active Risk Management
Engage in periodic peer reviews with a view to be 'ever audit ready'. During process reviews explore the possibilities of automation of workflow along with the Unit Managers.
9. Risk Control
Risk Acceptance/Treatment Plan/Escalation - for all cases where residual risk is medium, high or very high, Monitor progress towards target residual risk.
10. Third Party (Outsourcing, non outsourcing Internal & External) Management
Assist on the central repository of all contracts (GOI) to ensure it is kept up-to-date along with all controls and documents/approvals in place.
11. EUC Management & Assist on the central repository of EUC register to ensure it is kept up-to-date. Also ensure that non MAR applications are regularly reviewed
12. Copman/ eCIO administration for Country
Monitoring/review COPMAN Controls through spot checks and reports available - management of exceptions and feedback to line managers.
13. Information / Cyber Security
Ensure policy awareness is well circulated amongst Bank's businesses, functions. Coordinate ad-hoc awareness activities as required with GIS, Regional Information Security, such as circulars, posters, etc. Lead and participate in Cyber and information security awareness campaigns, organize the Information Security champion's activities Have oversight on CSAFE e learning completion ratio country wide and escalate delays to business units. Support Country CIO in Cyber / Information Security Risk ownership activities. Ensure regulatory reporting is tracked and reported timely to regulators. Coordinate response for any reported incidents, in coordination with Regional information Security and GIS. Follow up with central teams to confirm any incident root-cause are resolved and remediated with action plans. Be part of the GIS reporting on Cyber security such as the CIO / GIS Dashboard and work to improve Information security compliance as directed by GIS. Gather country feedback on GIS initiatives. This will improve the quality of the implementation of the GIS standard processes and tools. Reduce miscommunications that at times result from general GIS broadcasts, and gain wider acceptance of Group-directed information security principles. Inform GIS on any Internal and External Audits. Work with GIS to manage the information flow and responses to the audit reviews with regards to information security. Inform GIS on any regulations that include Cyber and information security mandates. Work with GIS to perform the ratification and implementation of any gaps. Inform GIS on all information security incidents reported by users that affect the local financial industry or SCB. Work with GIS to manage the risk related to the new incident if required. .Coordinate Security initiatives, gap assessment with the regional GIS Information security for GIS policies
Access Management:
Review local application management and migration to GIS GSA. Oversight on Security/Access matrix certification and review for applicable units
Regulatory compliance of Information Security
Be aware and notify GIS/ Regional Information Security of any regulatory instructions, advisories or announcement pertaining Information security please confirm generic email ID or contact person .
Business
Understand the business requirement and ensure that the processes are functioning appropriately and in line with it. Ensure that the risk is within the appetite of business or there is risk acceptance in place. Enhance business knowledge by going through process and product details in order to perform up to the standard
Processes
Understand the applicable ORF processes in your areas and ensure all the controls are in place in order to mitigate the risk
People and Talent
Continuous learning is a requirement for the Risk and Control role in order to ensure regulatory and group requirements are met. Reading and self learning is key activity which is part of performing the role and assisting Unit Managers/ CIO and applicable business stakeholders. It's mandatory to complete all e learning in time.
Risk Management
Responsibilities are to identifying, assessing, monitoring, controlling and mitigating risks to the Group, as well as an awareness and understanding of the main risks facing the Group and play the role in managing them. Should be able to interpret the Group's and regulatory policies in order to ensure that implementation is in accordance. All responsibilities under the Risk Management Framework - both execution and supervisory - should be referenced to the business functions as a support. It is also necessary that the role of risk management is performed up to the required standards without any failures. It is good to perform self reviews and clarify where assistance needed
Governance
Responsibilities are in terms of direction, planning, structure, frameworks (e.g. processes and policies) and oversight on the functions assigned. It is necessary to have consent from Head R&C and Unit Managers for execution if not already in place.
Regulatory & Business Conduct
Display exemplary conduct and live by the Group's Values and Code of Conduct. Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct. Lead the [ITO Bahrain applicable teams to achieve the outcomes set out in the Bank's Conduct Principles: [Fair Outcomes for Clients; Effective Financial Markets; Financial Crime Compliance; The Right Environment.]* Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key Stakeholders
Working in partnership with Country Unit Managers, Operations Head, Country CIO, Global Operations teams and other related functions
EXTERNAL
Auditors, Regulators & Vendors
Other Responsibilities
Any ad hoc additional responsibility besides as mentioned can be assigned by R&C Head or CIO
Recommended Skills and Experiences
* Minimum Graduate, Masters will be preferred.
* An information security certified candidate will have an added advantage
* Good level of understanding of operations and technology
* Results driven with strategic qualities
* Ability to engage and motivate performance in others
* High degree of responsibility and integrity
* Excellent communication capability
* Change agent
How To Apply
You can search and view current opportunities across our organisation and apply immediately by visiting www.standardchartered.com and selecting Careers. To help speed up your application, please note the following:
- You will need to log in (or register if you are visiting our careers site for the first time) before you can apply for a specific role
- Some roles may require you to undertake an online talent assessment in addition to completing the application form (to facilitate this process it is preferable that you provide us with an email address as part of your contact information)
- We will ask you about your education, career history and skills and experience, it may be helpful to have this information at hand when completing your application
It usually takes 15 - 20 minutes to complete the application form; you can save your application at any time and return to complete it at your convenience.
Closing Dates
The closing date for applications is 28/09/2017. Please note all closing dates are given in Hong Kong time (GMT + 8 hours). We aim to respond to successful applicants within four weeks and will keep a record or your application in our database so that we can contact you when suitable vacancies arise in future.
Diversity and Inclusion
Standard Chartered is committed to diversity and inclusion. We believe that a work environment which embraces diversity will enable us to get the best out of the broadest spectrum of people to sustain strong business performance and competitive advantage. By building an inclusive culture, each employee can develop a sense of belonging, and have the opportunity to maximise their personal potential.
Requirements
--
About the Company
Standard Chartered Bank started in 1958 in UAE with its first branch in Sharjah. The Group’s business gradually increased in Dubai with the opening of several branches and today, Dubai is the administrative hub of the Middle East and South Asia Region. In its 43rd year, the Bank enjoys the position of having the most extensive branch network among foreign international banks in UAE with 10 branches emirate-wide.
Standard Chartered is an international bank, focused on the established and emerging markets of Asia, Africa, the Middle East and Latin America with an extensive global network of more than 600 offices in over 50 countries. The three principal business groups are Global Markets, Personal Banking and Corporate and Institutional Banking.
In UAE, we are one of the leading banks, offering an extensive range of products and services for personal customers, local companies, multinational corporate and financial institutions.