Responsible for developing, implementing and monitoring risk-based programs to identify, assess and mitigate any operational risk that arises from inadequate or failed internal processes, people, systems or external events, while maintaining a balance between risk mitigation and operational efficiency.
May provide oversight to an operational risk program.
Works with complex business units and provides operational risk expertise and consulting for projects and initiatives with high risk. May provide systems security consulting on complex issues.
Designs and develops testing strategies, methodologies and analyses; evaluates the adequacy and effectiveness of policies, procedures, processes, systems and internal controls; analyzes business and/or system changes to determine impact, identifies and assesses operational risk issues and assigns risk ratings consistent with established policy standards.
Consults with business to develop corrective action plans and effectively manages change. Identifies training opportunities; designs/coordinates the development of training materials delivers or coordinates training delivery.
Reports findings and develops business cases to influence senior management on the need for controls to mitigate risk. Manages and/or coordinates production of periodic operational risk performance reports for senior management, including trend analysis and recommended strategies. Manages project teams and may provide guidance to less experienced consultants. May directly manage 1-2 specialists/consultants.
Responsible for implementing and monitoring a risk-based program (Control Testing & Risk Assessments) in TRMO to identify and mitigate any operational risk that arises from inadequate or failed internal processes, people, systems or external events or may provide oversight of an operational risk program.
Responsible for performing the control testing program Test of Design (TOD) and Test of Effectiveness (TOE) of key technology controls with the focus on TOD
Partner, support and liaise closely with the WFs Risk Program Support team to validate whether all key operational risk components are implemented in the Technology area. The operational risk components include Information Security, Business Continuity, Records Management, Vendor Management, Regulatory Compliance and Control Environment Review.
Provide credible challenge to the 1st line of defense in managing Technology risks. Review and provide feedback on the inventory of key Technology controls & business processes.
Participates in and provides consulting and support for projects and initiatives with moderate risk to identify and mitigate operational risk in business activities.
Implements testing strategies and methodologies; evaluates the adequacy and effectiveness of policies, procedures, processes, initiatives, products and internal controls; identifies operational risk issues; advises management on risk ratings and evaluates ratings against established policy standards.
May assist in drafting corrective action plans and in managing change. Identifies training opportunities; may provide input to the
development of training materials and delivers training.
Drafts reports of findings and recommendations to mitigate risk for operational risk management. Coordinates production of periodic operational risk performance reports for senior management, including trend analysis and recommendations.