DCO – Risk & Control Assessment ( RCA ) – AVP

Job Description

Divisional Control Office (DCO) team ensures that the division operates with high levels of integrity. It is responsible for supporting the business by developing, implementing and maintaining a risk culture to ensure a strong and sustainable business control environment whilst minimizing risk arising from non-financial risk factors. DCO strategy includes improving the risk management information and strengthening the governance and risk culture. The Corporate Bank (CB) DCO has functional responsibility for providing a central point of oversight over the CB Risk & Control Assessments (RCA). This includes supporting the business by driving Risk & Control Assessment specifically focusing on Information Security (IS) / Information Technology (IT) risks in line with NFRM guidelines. RCA is a key component of the bank's non-financial risk management toolkit, to enable the effective profiling, monitoring and management of operational risks. Your Key Responsibilities Collaborate with businesses and support them in conducting Risk & Control Assessments as per NFRM guidelines specifically focusing on Information Security (IS) / Information Technology (IT) risks Analyze contextual data and relevant data triggers and determine or update risk profile, inherent risk, control environment and residual risk ratings along with supporting rationale, liaising with Risk Types SMEs in their business Participate in 1LoD-led RCA meetings for business to drive the risk discussions, focusing on key or emerging risks that may impact the business Coordinate with businesses/2LoD and assist in 2LoD challenges Prepare RCA reports and obtain business sign-offs Document risk mitigation decisions, if required, with consideration of risk appetite Deliver high quality Global Governance decks and reporting trends to support senior management Your Skills & Qualifications: CISA/CRISC or relevant security qualifications with experience of Risk & Controls and/or Internal Audit in banking industry covering Information Security (IS) / Information Technology (IT) risks Experience in SOX/ ISO27001 control framework Knowledge related to risk management (including conducting Risk & Control Assessments) and corporate banking products, processes and systems preferred, specifically focusing on Information Security (IS) / Information Technology (IT) risks Ability to assess impact of control environment on inherent risk along with documentation of qualitative assessment Strong quantitative and analytical skills required to critically evaluate information for key risk assessments Familiarity with DB organization a plus, but not mandatory Strong project management skills and a proactive team partner Influencing, negotiation skills and stakeholder management expertise Strong verbal and written communication skills Proficiency with automating tasks in Excel to improve efficiency a plus, but not mandatory.