Director - Operational Risk Management

About The Position

Requirements

• Solid understanding of operational risk concepts, risk and control frameworks, and the Three Lines of Defense model
• Experience assessing control design and operating effectiveness
• Familiarity with GRC tools, risk systems, or structured risk documentation processes is a plus
• Strong attention to detail and documentation discipline
• Clear written and verbal communication skills, with the ability to challenge constructively
• Ability to manage multiple workstreams and meet deadlines
• Collaborative mindset with the confidence to engage with senior stakeholders
• Demonstrated experience leading RCSAs, control assessments, incident management, and 2LOD oversight activities
• Strong regulatory awareness and experience engaging with auditors, regulators, and senior governance bodies
• Bachelor’s degree in Risk Management, Finance, Accounting, Business, Economics, or a related discipline
• 10+ years’ experience in operational risk, enterprise risk, compliance, internal audit, or a related control function within a regulated financial services environment
• Practical experience supporting RCSAs, control assessments, incident management, or 2LOD oversight

Responsibilities

• Own and oversee the firm’s Operational Risk Management framework, including policies, standards, methodologies, and governance processes.
• Ensure consistent execution of core ORM activities, including Risk and Control Self-Assessments (RCSAs), control design and operating effectiveness assessments, operational incident and loss event management, and issue remediation tracking.
• Maintain alignment with enterprise risk frameworks (e.g., COSO ERM, ISO 31000) and applicable regulatory standards.
• Support the definition, monitoring, and ongoing refinement of the operational risk appetite and tolerance statements.
• Provide independent review and challenge of 1LOD risk assessments, control evaluations, and remediation plans.
• Escalate material risk issues, control weaknesses, or emerging themes to senior management and risk governance forums in a timely and transparent manner.
• Lead thematic reviews and deep-dive risk assessments on key operational risk areas (e.g., technology, third-party risk, client assets, business continuity, fraud, or model/process risk).
• Oversee the operational incident and loss event management process, including event intake, classification, root cause analysis, and impact assessment.
• Monitor remediation actions and ensure timely and effective closure of risk issues and control gaps.
• Perform trend and root cause analysis to identify systemic issues and inform risk mitigation strategies.
• Develop and deliver high-quality operational risk reporting, dashboards, and materials for executive management, risk committees, and the Board.
• Translate complex risk information into clear, actionable insights to support decision-making.
• Serve as a key point of contact for Internal Audit, Compliance, and other risk functions on operational risk matters.
• Support regulatory examinations, supervisory engagements, and internal/external audits by providing ORM documentation, analysis, and management responses.
• Monitor regulatory developments related to operational risk and assess impacts to the firm’s ORM framework and practices.
• Assist in remediation of audit and regulatory findings related to operational risk and internal controls.
• Lead, mentor, and develop ORM team members, fostering strong technical capability and professional judgment.
• Drive continuous improvement of ORM tools, data, and risk analytics, including GRC systems and reporting capabilities.
• Promote a strong, sustainable risk culture through training, guidance, and ongoing engagement with the business.