Senior Associate – Operational Risk

JOB PURPOSE

To identify and resolve governance gaps and risk areas in OIA’s business support functions, especially the finance and Information Management functions and institutionalize the operational risk management framework covering Risk Control Self-Assessments (RCSA), Key Risk Indicators (KRIs), Loss Data Management (LDM) and Incident Management (IM) in order to apply effective risk management that is based on industry best practices across OIA and minimize incident impact.

ROLES AND RESPONSIBILITIES

• Map the governance and risk environments for operational functions within OIA and create a framework of policies and practices to allow compliance with regulation and mitigate risk.

• Support in the development of the Risk Appetite Framework to be used for business and support units to assist in raising the units’ risk awareness.

• Design and implement the end-to-end Information Technology risk management program.

• Identify and assign Risk Champions across business units and support them in the process of conducting Risk Control Self Assessments (RCSA) and provide advice or direction in terms of mainlining the control framework and associated risk register to ensure risk processes are maintained throughout OIA.

• Assess OIA’s operational governance frameworks and requirements to identify gaps and rectify them based on OIA’s standards.

• Design and implement the operational governance model to ensure improved operational clarity, visibility, and coordination.

• Support in compiling of quarterly risk reports that cover summaries from RCSA sessions, KRIs, LDM and IM to ensure OIA Executives, the Audit and Risk Committee and the Board of Directors are knowledgeable of OIA’s risk undertaking.

• Design and implement the end-to-end information technology risk management program.

• Build and maintain a strong relationship with Information Management and Information Security Teams to control IT related risks while focusing on OIA goals.

• Undertake risk reviews of the IT Control Framework.

• Design and implement project management risk assessment to mitigate project related risks.

• Comfortable in leading complex discussions across technology and business with subject matter experts, pushing towards clear and documented solutions.

• Current knowledge of best practices IT controls, risk management techniques and familiarity with GRC tools.

• Develop and monitor policies and standards applicable for data protection.

• Develop specific business support function models and embed risk processes in line with existing processes to ensure proper risk management is applied in the different business support functions.

• Identify operational risks at OIA’s top level that might have considerable risk and incident exposure to OIA’s operations to provide clarity on OIA’s operational risks.

• Develop and implement the Incident Reporting framework within OIA and OIA Entities to ensure a reporting channel is available to employees.

• Identify and categorize incidents that occur in OIA’s operations to ensure no aspect of an incident is overlooked.

• Investigate the type, cause, and possible solutions for an incident to respond to incidents efficiently.

• Provide the solutions for eliminating threats or root causes to ensure systems resumption to full functioning.

• Support in undertaking the Business Impact Analysis and the development of business continuity strategies for emergency responses, crisis management, and disaster recovery to mitigate operational risk and exposure to financial and reputational losses.

• Communicate with business support functions’ managers and directors about embedding risk management frameworks and provide recommendations on best practices to ensure operational efficiency and business continuity.

• Guide business support employees towards proper risk management and provide advice to ensure risk management is effectively adopted.

• Comply with the implementation of Governance, Risk & Compliance Directorate policies and procedures to ensure that all relevant procedural and legislative requirements are fulfilled.

• Comply with all relevant health, safety, and quality requirements in order to guarantee employee safety and legislative compliance.

• Contribute to the identification of opportunities for continuous improvement of systems, processes and practices taking into account ‘leading best practices’, improvement of business processes, cost reduction and productivity improvement.

Educational Qualifications

• Bachelor’s degree in Finance, Information Technology or Computer Science or other relevant fields

8 to 10 years of relevant work experience

Professional Qualifications

• FRM, PRM, CISA, CISM, ACCA, COSO or ISO 31000 certification is desirable.