Director - Operational, Technology and Cyber Risk (OTCR)

The Operational, Technology and Cyber Risk (OTCR) department within the Risk function, is the second line-of-defence (2LoD) and provides independent challenge, guidance, and oversight of first line-of-defence (1LoD) risk management. OTCR is led by the Global Head, Operational, Technology and Cyber Risk, who has delegated authority from the Group Chief Risk Officer. OTCR comprises OTCR Business / Function Coverage Leads and OTCR SMEs who support the Global Head, OTCR. OTCR sets the methodology managing Information and Cyber Security (ICS) and Technology Risks across the Group. Risk Management authorities for ICS and Technology Risks are executed in line with the Bank's risk management activities i.e., Risk Acceptance and Treatment Plan Escalation, Approval and Closure Authorities. This OTCR T&O Country Coverage Lead, Americas position spans two roles; OTCR ICS & Tech Risk SME and Technology and Operations (T&O) Coverage. It is a permanent role, requiring strong business acumen and familiarity with the Americas (North and South America) regulatory landscape, deep knowledge and experience in the ICS and Technology risk field. For the OTCR T&O Coverage role, the person will be responsible for: Review, challenge and (where relevant) approval on core ICS and Technology Risk matters that are not aligned to a specific business or function. ICS and Technology Risk management and stakeholder engagement / escalation. Approvals / veto on risk decisions within ICS and Technology Risk. End-to-end oversight of risk performance for ICS controls and core Technology. Interfacing with 1LoD (i.e. Principle Point of Contact) for ICS and core Technology. For the OTCR ICS and Tech Risk SME role, the person will help, guide, and support informed decision making and risk management with specialist knowledge and expertise. The role will be delivered through consultation, stakeholder engagement and SME insights. It does not involve approval responsibilities. Key Responsibilities The successful candidate will have a strong understanding of operating in a second line ICS and Tech Risk capacity and strong experience working with Americas regulators. They should be able to respond flexibly and collaboratively to evolving business, regulatory and threat requirements. The role reports directly to the Head, OTCR, Strategic & Emerging Risks, with a matrix management Cluster Head, OTCR, Americas & Country Head, US. The role will provide oversight and challenge of ICS and Technology risk management as a risk partner to country leadership as defined in the Bank's ICS and Operational & Technology Risk Type Frameworks and under delegation from the Group OTCR. The primary purpose of this position to ensure that the management of ICS and Technology Risk is operating effectively and efficiently, providing assurance that the risks are appropriately managed. In addition, given the rapidly evolving ICS and Technology regulatory environment, the successful candidate will have a strong acumen for working with regulators and understanding relevant policies with an ability to articulate new requirements to be included in the ICS and Technology risk management process. Work closely with the rest of OTCR to address ICS and Technology Risk and support its integration into the Bank's overall Enterprise Risk Management. The role will be expected to focus on the following key risk activities: Regulatory Engagement o Regulatory obligations to be implemented at a local/country-level may emanate from both Extraterritorial Regulation (ETRs) and local regulatory authorities. The Country RFO is the Country Operational, Technology and Cyber Risk Head, (Country OTCR Head). o ICS and Tech Risk SME role is responsible for presenting and providing opinions on ICS and Technology risk to regulators. o T&O Coverage is consulted on risk opinions for ICS & Tech risk, to be shared with the regulator.