Operational Risk Manager/Technology, BCM and Data Mgt. Risk - Risks - New York, New York, United States

Société Générale-posted 13 days ago
Full-time • Mid Level
Hybrid • New York, NY
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

This role is responsible for proactively identifying, assessing, mitigating, and reporting technology, business continuity and resiliency, and data management risks across the organization, with a strong emphasis on influencing stakeholders at all levels. This position requires the ability to effectively engage with senior and mid-level leadership to drive strategic decisions while also collaborating with teams across the organization to foster a risk-aware culture. Deep expertise in technology, business continuity and data management, regulatory compliance, and risk governance is essential to ensure robust protection and alignment with industry standards. Exceptional communication and leadership skills are critical to building trust, driving alignment, and ensuring the successful implementation of technology, business continuity and data management risk practices. Key areas of risk coverage in technology, business continuity, and data management include core technology operational processes and controls such as IT production incidents, change management, problem management, cloud computing, job scheduling, backup and recovery, business continuity and disaster recovery, operational resiliency, and the data management lifecycle including data quality risks. The Operational Risk Manager will be responsible for assessing and evaluating the overall risks in these domains, maintaining an active oversight, and reporting on intrinsic, mitigations, and residual risks across the organization. Additionally, this role will contribute to the enhancement of second line of defense practices in technology, business continuity and data management risk, which encompasses assessments, lifecycle practices, operational incident response, service delivery, disaster recovery and business continuity planning (BCP), and the management of Algo Model Operational Control Risk, Public Cloud Governance, and Laws, Rules, and Regulations. Day to day responsibilities include but not limited to: As part of second line of defense, providing independent review and challenge of first line of defense's assessments e.g. RCSA, IT Risk Assessment. As part of second line of defense, gather relevant loss data and other evidence to use during its challenge function and prepares periodic reports on internal operational risk events for the operational risk governing committees. As part of second line of defense, define, manage, and challenge the first line of defense execution of the KRI Program. Working with SG Americas Enterprise Risk Management to assist in setting, reviewing, and maintaining the operational risk appetite or tolerances. Analyzing and reporting the operational risk exposure in SGAMER, including summary information on loss events, risk assessments, and emerging risks. Establishing and setting strategic direction for policies and standards of SG AMER operational risk management framework (keeping in line with global policies) and assessing adherence. Implementing and executing the infrastructure (key components) that facilitates identification, measurement, monitoring, mitigation, reporting and escalation of operational risk. Modifying the framework components in response to the changing (business and regulatory) environment and lessons learned. Defining Operational Risk Management decision and escalation paths for breaches, information, and approvals. Directing and coordinating with 1LOD operational risk managers to ensure consistent, sustainable implementation of the Framework. Reinforcing and directing Operational Risk Management culture set by senior management and the SGUS Executive Management Committee. Providing subject matter guidance on training development/content including identification of suggested Operational Risk training. Providing oversight of operational risk management processes and governance, so they are functioning as designed, objectives are met, and appropriate actions are taken to address and remediate gaps. Performing 2LOD Targeted Reviews on a continuing basis in line with current SGAMER requirements. Performing the Review and Challenge of risk issues and their corresponding action plans including but not limited to Self-Identified Issues, Compliance Identified Issues, RISQ Identified Issues, Audit Identified Issues and Regulator Identified Issues. Review and Challenge of the Algo Model Operational Control Documents for any new Algo's as a pre-condition as they are presented at the relevant committees for approval. Review and Challenge of the Algo Model Operational Control Inventory on an annual basis. Review and Challenge of the Algo Model Operational Control Documents on an annual basis. Review and Challenge 1LoD on their compliance with Laws, Rules and Regulations. Review and Challenge the Public Cloud migration and Key Projects for respective risks.

  • As part of second line of defense, providing independent review and challenge of first line of defense's assessments e.g. RCSA, IT Risk Assessment.
  • As part of second line of defense, gather relevant loss data and other evidence to use during its challenge function and prepares periodic reports on internal operational risk events for the operational risk governing committees.
  • As part of second line of defense, define, manage, and challenge the first line of defense execution of the KRI Program.
  • Working with SG Americas Enterprise Risk Management to assist in setting, reviewing, and maintaining the operational risk appetite or tolerances.
  • Analyzing and reporting the operational risk exposure in SGAMER, including summary information on loss events, risk assessments, and emerging risks.
  • Establishing and setting strategic direction for policies and standards of SG AMER operational risk management framework (keeping in line with global policies) and assessing adherence.
  • Implementing and executing the infrastructure (key components) that facilitates identification, measurement, monitoring, mitigation, reporting and escalation of operational risk.
  • Modifying the framework components in response to the changing (business and regulatory) environment and lessons learned.
  • Defining Operational Risk Management decision and escalation paths for breaches, information, and approvals.
  • Directing and coordinating with 1LOD operational risk managers to ensure consistent, sustainable implementation of the Framework.
  • Reinforcing and directing Operational Risk Management culture set by senior management and the SGUS Executive Management Committee.
  • Providing subject matter guidance on training development/content including identification of suggested Operational Risk training.
  • Providing oversight of operational risk management processes and governance, so they are functioning as designed, objectives are met, and appropriate actions are taken to address and remediate gaps.
  • Performing 2LOD Targeted Reviews on a continuing basis in line with current SGAMER requirements.
  • Performing the Review and Challenge of risk issues and their corresponding action plans including but not limited to Self-Identified Issues, Compliance Identified Issues, RISQ Identified Issues, Audit Identified Issues and Regulator Identified Issues.
  • Review and Challenge of the Algo Model Operational Control Documents for any new Algo's as a pre-condition as they are presented at the relevant committees for approval.
  • Review and Challenge of the Algo Model Operational Control Inventory on an annual basis.
  • Review and Challenge of the Algo Model Operational Control Documents on an annual basis.
  • Review and Challenge 1LoD on their compliance with Laws, Rules and Regulations.
  • Review and Challenge the Public Cloud migration and Key Projects for respective risks.
  • Proficient understanding of financial services, particularly in risk and regulatory domains.
  • This role requires a comprehensive understanding of technical concepts, coupled with familiarity with related technologies, infrastructure, and a strong conceptual knowledge of enterprise IT system operations, business continuity and data management lifecycle management.
  • It also demands experience in evaluating the design and operational effectiveness of IT Risk, business continuity and data management processes, controls, and the associated risks to ensure robust security measures are in place.
  • Extensive knowledge of emerging technology and data risks in the areas of Artificial Intelligence, Machine Learning, and Quantum Computing.
  • This role requires a highly meticulous and detail-oriented individual who can effectively manage multiple tasks simultaneously.
  • The ideal candidate demonstrates a high degree of initiative, dependability, and the ability to work independently with minimal supervision.
  • Strong leadership skills, including the ability to lead through influence, are essential for driving collaboration and achieving organizational goals.
  • Experience in assessing design and operating effectiveness of technology controls.
  • Data architectures including reference/master data, transactions/messaging, and unstructured content.
  • Operational risk framework components including loss data collection, RCSA, process/risk/controls.
  • Experience leveraging IT risk frameworks such as: COBIT5, COSO, ISO27001, NIST and/or data management frameworks i.e., DCAM/CMM-DMM
  • Expertise in financial regulations (BCBS 239, SR 11-7, Volcker Rule)
  • Hands-on experience with GRC tools (i.e., Archer)
  • Ability to analyze root causes of issues and documenting remediation
  • Strong leadership skills with ability to lead by influence
  • Diligence and persistence in the face of organizational crosswinds
  • Strong technology experience in implementation of data architecture and building data quality controls.
  • Extensive technical skills and expertise in business continuity, and data management include core technology operational processes and controls such as IT production incidents, change management, problem management, cloud computing, job scheduling, backup and recovery, business continuity and disaster recovery, operational resiliency, information security, and the data management lifecycle including data quality risks.
  • Familiarity with data management lifecycle processes, concepts, controls, and tools; SAS, Collibra, Informatica, Hadoop, relational databases etc. would be desirable.
  • Familiarity with risk technology and assessment tools
  • Hands-on application development life-cycle practices
  • Experienced in integrating vulnerability and patch management tools with IT/IS risk programs, as well as prioritizing and communicating vulnerability remediation efforts.
  • Skilled in performing root cause analysis for technology incidents.
  • Experienced in developing or defining requirements for GRC (Governance, Risk, and Compliance) management tools.
  • Proficient in Microsoft Office Suite, including Excel, Word, Access, PowerPoint, Outlook, and SharePoint.
  • Strong written and verbal communication skills.
  • Worked in Infrastructure and/or Security Operations - 1LOD.
  • Preferably worked in Financial Services/ Banking industry.
  • Preferably also worked in a 2LOD Cyber Security Risk function.
  • Demonstrated effective communication at Senior Management level.
  • Bachelor and or master's degree in computer science, Engineering or relevant technical field.
  • Strong background in control evaluation, life-cycle management, and technology
  • Background in GRC tool development, implementation and governance
  • Background in SR11-7 Compliance
  • Experience in software development of transactional and analysis/reporting
  • Provide mentorship to junior team members and provide coaching, performance feedback, and technical guidance across the coverage domains of technology and data risks.
  • IT Risk management or governance certifications (CGEIT, CRISC, CISA)
  • Previous work within Risk and/or Finance
  • Experience in leading regulatory remediation efforts
  • IT Risk management or governance certifications (CGEIT, CRISC, CISA)
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service