WBG Director, Operational Risk

World Bank Group

1d•Onsite

About The Position

Do you want to build a career that is truly worthwhile? The World Bank Group is a unique global partnership of five institutions driven by a bold vision to create a world free of poverty on a livable planet. As one of the largest sources of funding and knowledge for developing countries, we help solve the world’s greatest development challenges. When you join the World Bank Group, you become part of a dynamic, diverse organization with 189 member countries and more than 120 offices worldwide. We work with public and private sector partners, invest in groundbreaking projects, and use data, research, and technology to bring tangible and transformative changes around the globe. For more information, visit www.worldbank.org. VPU Context: The WBG Chief Risk Officer (CRO) Vice Presidency is the core unit responsible for Group-wide institutional risk oversight, including establishment and monitoring adherence to risk policies and guidelines and risk assessment and reporting to the Board and executive management. Its mission is to enable and support the WBG to achieve its goals in a financially sustainable manner. The VPU assists management with identifying and managing Group-wide cross-cutting risks, enhancing risk response decisions, reducing financial and operational surprises and losses, seizing opportunities and improving deployment of capital. The WBG CRO Vice Presidency includes the IBRD/IDA, IFC, and MIGA risk teams and covers a wide range of financial and non-financial risks. Unit Context: In the context of One WBG, the newly unified WBG Operational Risk Department (CROOR), housed within the WBG Chief Risk Officer (WBG CRO), provides independent second line of defense oversight, assessment, and management operational, and business continuity risks across the World Bank Group. The Department strengthens institutional risk governance by ensuring that operational risk-taking activities are consistent with the WBG’s risk appetite, internal control frameworks, and long-term operational resilience objectives. It provides rigorous, consistent oversight, ensuring operational, and business continuity risks are identified, measured, monitored, and managed effectively across all WBG entities. The WBG Operational risk Department is responsible for risk oversight in the following areas: • Operational Risk, which includes the identification, assessment, and monitoring of risks arising from people, processes, systems, or external events. The Department ensures that operational risk management frameworks, policies, and controls remain robust, consistent across WBG entities, and aligned with the institution’s risk appetite. It provides independent oversight of significant incidents, root cause analyses, and remediation actions, while promoting a culture of accountability and continuous improvement in operational resilience. • Business Continuity, which focuses on ensuring WBG’s ability to maintain critical operations and services during and after disruptive events. This includes developing and testing business continuity strategies, recovery plans, and crisis management protocols across entities and geographies. The Department supports business units in identifying critical functions, process and applications, ensuring resource readiness, and coordinating institution-wide responses to operational disruptions. • Scenario Planning, a cross-cutting function embedded within operational risk and business continuity management. It involves developing and testing forward-looking scenarios to assess the WBG’s resilience to severe but plausible disruptions—such as cyber incidents, system outages, pandemics, or geopolitical crises. By integrating scenario analysis into risk assessment, preparedness, and response planning, it strengthens the institution’s ability to anticipate vulnerabilities, maintain critical operations, and support timely decision-making under stress. • Corporate Insurance, which provides strategic oversight and management of the WBG’s corporate insurance programs to mitigate financial exposure from operational incidents, property damage, liability claims, or other unforeseen losses. The function ensures optimal coverage, cost efficiency, and alignment with the WBG’s overall risk appetite, while coordinating with business units to assess exposure and manage claims. • Data Privacy Office, which oversees the governance and protection of personal and sensitive data. The function ensures compliance with applicable privacy standards and internal policies, provides guidance on data-handling practices, and promotes a culture of responsible data stewardship. It collaborates closely with Information Security, Legal, and HR teams to ensure that privacy risks are identified, mitigated, and monitored effectively. • Risk Technology and Data Infrastructure, which provides strategic oversight and implementation of technology platforms, data architecture, and analytical tools supporting operational risk, business continuity management and scenario planning across WBG entities. The function ensures that systems are integrated, reliable, and scalable—enabling consistent capture of operational incidents, control assessments, and emerging risks, as well as robust aggregation and reporting that support timely, risk-informed decision-making by Management and the Board. By maintaining rigorous oversight, independent assessments, and consistent methodologies, the Department provides assurance to senior management, the Board, and external stakeholders that operational risks are effectively managed and that the WBG’s operational integrity and resilience support its development mandate. The Chief Risk Officer Vice Presidency is in search of a WBG Director to lead the Operational Risk Department. The position is based in Washington, DC. It reports to the Vice President and WBG Chief Risk Officer with dotted reporting to Managing Director and WBG Chief Administrative Officer (MDCAO), as well as IFC and MIGA CROs; and the selected candidate will be part of the WBG CRO Management Team.

Requirements

Seasoned manager with typically at least 15 years of relevant experience leading a world class operational risk function within large, complex, or international institutions. Proven ability to lead high-performing teams and deliver strategic results.
Master’s degree with 15 years of experience or equivalent combination of education and experience.
Demonstrated leadership and management qualities, particularly across corporate silos and will be a thought leader in the industry.
Demonstrated strategic judgment and a deep understanding of operational and non-financial risks, including those arising from people, processes, systems, data, and external events, in the context of multilateral or global organizations.
Track record of innovation and transformation, with experience enhancing risk frameworks, systems, and organizational resilience through process improvement, technology, and cultural change.
Strong governance orientation, with experience designing, implementing, and overseeing governance frameworks, committee structures, and escalation mechanisms for operational risk and continuity management.
Excellent communication and influencing skills at all levels of seniority, with the ability to articulate complex risk issues clearly, foster alignment among diverse stakeholders, and will be the external face of the Operational Risk function at the WBG.
Proven collaboration and stakeholder engagement skills, with experience working across functions and entities, and engaging with internal and external stakeholders, including regulators, auditors, and peer institutions.
Experience in scenario planning, crisis management, and business continuity, ensuring organizational preparedness and effective response to operational disruptions.
Personal qualities of integrity, sound judgment, and commitment to the mission and values of the World Bank Group, with a demonstrated ability to uphold the highest ethical and professional standards.

Responsibilities

Oversee identification, assessment, monitoring, and reporting of operational risks across the WBG, ensuring timely escalation of key exposures to senior management and the Board.
Develop and maintain a comprehensive operational loss data framework, including internal loss events, near misses, and relevant external events, to strengthen risk analytics, benchmarking, and control enhancement.
Design and implement hypothetical scenarios to pressure test operational resilience, validate controls, and assess preparedness for severe but plausible events.
Establish and monitor Key Risk Indicators (KRIs) and lead the Risk and Control Self-Assessment (RCSA) Program to provide consistent oversight of risk performance and control effectiveness across business units.
Develop and maintain a robust statistical model for Operational Risk Capital, integrating qualitative and quantitative insights to inform the institution’s risk posture and capital adequacy framework.
Coordinate with business partners to ensure effective management of non-financial risks, highlighting emerging risks and systemic control issues.
Provide independent perspectives to management and the Board on operational resilience and institutional risk posture.
Ensure implementation and periodic testing of the WBG business continuity framework, including crisis management and country office training.
Oversee development and maintenance of resiliency plans and ensure organizational preparedness for major disruptions with the objective of allowing WBG to recover its essential operations promptly in the event of a business interruption.
Integrate scenario planning as a cross-cutting function across operational risk and business continuity.
Design and coordinate scenario analyses and simulations (e.g., cyber incidents, data breaches, infrastructure outages) to pressure check recovery capabilities, assess institutional resilience and crisis response capabilities, implement proactive measures that reduce the likelihood of operational disruptions and minimize their impact when they occur.
Use scenario outcomes to inform governance decisions, resource allocation, and strategic risk appetite discussions.
Manage the corporate insurance portfolio to ensure alignment with the WBG’s operational risk exposures and business continuity needs.
Prepare and present the annual insurance purchase plan for endorsement by the relevant Risk Committee.
Oversee policy renewals, claims management, and continuous alignment of coverage with WBG’s evolving risk profile.
Provide oversight for implementation of the WBG Data Privacy Policy across business units, ensuring compliance with internal and international standards.
Monitor incidents, breaches, and complaints related to data privacy; coordinate institutional responses and lessons learned.
Maintain and update data privacy frameworks, policies, and reporting mechanisms as required.
Lead the design and implementation of a unified operational risk data and technology strategy, supporting enterprise risk, business continuity, internal controls, issue management, and emerging risk identification.
Oversee the development of tools for operational incident management, key risk indicators (KRIs), control assessments, scenario analysis, and concentration/SPOF (single points of failure) monitoring.
Promote data quality, integrity, and governance to support accurate, timely, and comparable operational risk reporting.
Drive innovation through advanced analytics, automation, AI-enabled insights, and digital tools to strengthen risk detection, improve efficiency, and support proactive mitigation.
Serve as Secretariat for operational risk governance committees, ensuring effective coordination, documentation, and follow-up of key decisions and actions.
Oversee preparation and delivery of operational risk reports to senior management and the Boards of the WBG entities, highlighting key exposures, incidents, and mitigation progress.
Maintain and periodically review the governance framework for operational risk, business continuity, and data privacy—ensuring clarity of accountabilities, escalation protocols, and decision-making structures.
Support continuous improvement of governance processes, including the effectiveness of committees, reporting cadence, and risk communication across the WBG.
Provide strategic direction, coaching, and feedback to maintain a high-performing team of risk professionals.
Foster a culture of learning, collaboration, and continuous improvement, leveraging technology and data analytics to enhance efficiency.
Develop and oversee the Department’s business strategy, work program, staffing plan, and budget in alignment with WBG and institutional priorities.
Promote teamwork within the department and across WBG business partners to ensure efficient and effective operations.
Represent CROVP in WBG-wide task forces, committees, and working groups, and engage with external stakeholders including MDBs, IFIs, and regulators.
Provide thought leadership on operational resilience, scenario planning, and data privacy, drawing from emerging industry and best practices.
Share lessons learned, benchmark practices, and integrate external insights to strengthen institutional resilience and performance.
Model exemplary WBG leadership values and managerial behavior and reinforces these qualities in the management team and staff.
Contribute to and implement and monitor compliance with talent management, diversity, and inclusion plans.
Drive and encourage technical excellence within the team by creating an environment of learning and innovation that attracts and develops the best talent reflective of the diversity of our clients.
Coordinate and support the management in developing and implementing appropriate strategies for global staffing, deployment, staff learning and development as well as career progression and talent and performance management.
Manage the department’s budget to support the implementation of the Directorate strategy.
Ensure Management accountability for delivering the agreed-upon work program through cost-effective use of resources (human and budget) within the agreed parameters and in compliance with internal WBG fiduciary and safeguard controls and policies, and ensures timely delivery and overall quality of the region’s outputs.
Ensure implementation of an appropriate risk management framework to meet unit’s objectives.