Job Opening at Standard Bank Group

Risk Management: understanding all risks – from the economic to the political – that could affect our global business, and offering guidance to all parts of the bank

Job Purpose

To support the Head of Risk in the effective and proactive management of operational risks at an integrated level including Information Risk and Risk Governance within the Bank, aligned to the business strategy, operating model and Group Risk policies. In addition as Head, Integrated Operational Risk, partner with Financial Crime unit to ensure adequate tools are in place to counter financial crime risk.

The role calls for partnership with head office and in-country business and risk stakeholders to ensure that the processes for identifying, measuring, controlling and reporting of operational risk is aligned to the intergrated operational risk framework. In addition, the role entails:

• Leading and directing the Integrated Operational Risk function, as a partner to the business, supporting growth aspirations whilst retaining the appropriate operational risk management discipline to achieve strategic goals. Implementation and monitoring of operational risk management frameworks and processes within the business;
• The provision, management and implementation of Information Risk Management and Business Resilience strategies in order to ensure effective risk mitigation and business resilience in line with in-country and head office information risk and business resilience strategies;
• Monitor and validate the quality and consistency of operational risk processes across the business;
• Continuously improve the operational risk processes with the intention of adding value to business whilst introducing practices that are fit for purpose in line with business strategy whilst at the same time mitigating risk.
• Ensure full implementation of the Risk governance framework across all risk types (Credit, Market and Operational Risk).
• Ensure effective operationalisation of regulatory requirements;
• Build an effective assurance process as second line of defence (including but not limited to Information and Cyber Risks) through targeted deep dives and back testing exercises.
• Provide expert advice, share best-practice/risk mitigation techniques with management to enable them pro-actively manage the risk within their units;
• Ensure that the business management are fully appraised of the operational risk status;
• Ensure that training and development on Risk Management is offered to staff on a regular basis; Influencing and when necessary, challenging material risk decisions.
• Active participation on Governance committees of the bank – Risk Management Committee, Credit Risk Management Committee, Board Risk Committee, NPC, EXCO, BU Manco’s etc. highlighting risks and proposing risk mitigating actions.
• Drive and support the enablement of a strong risk culture within the Kenya franchise.

Key Responsibilities/Accountabilities

Key responsibilities

• Operational Risk management
• Facilitate the alignment of the operational risk management process with Group Policies and appropriate regulatory framework; Communicate the operational risk framework, standards and other risk principles effectively to the business i.e. Risk and Control Self Assessments (RCSA’s), Key Risk Indicators (KRI’s), Business Continuity Management (BCM), Information Risk, and Risk Assurance; Promote compliance to operational risk policies. Encourage a high level of awareness of operational risk in the business; Provide a central point of reference and expertise in operational risk matters to the business; Facilitate RCSA’s and KRI’s workshops with business; Assist in the analysis of information and reports to establish trends and consider initiatives to reduce risk; Identify major operational risks affecting the business and take necessary steps to measure, monitor and control accordingly; Review and evaluate internal controls and propose appropriate recommendations for any changes and/or enhancements; Ensure that agreed remedial actions adequately address internal control deficiencies and thereafter ensure regular follow up to ascertain execution and effectiveness; Maintain a culture within the routine fulfillment and loss control areas that emphasises and demonstrates to all the importance of internal controls; Monitor the bank’s insurance cover by way of review of the insurance return to ensure that assets are adequately protected against losses. Monitor the bank’s external party/outsourcing arrangements in an effort to minimizing risks associated with outsourcing; Participate in the bank’s business processes, initiatives, forums, committee, etc. to ensure that operational risk requirements are appropriately considered, executed and reported.
• Information Risk
• Ensure pro-active management of information risks/threats to the business. Deliver information risk assessments and guide business managers on the appropriate risk control strategies, whilst aligning information risk strategies with business objectives. Manage the development, provisioning and successful execution of a proportionate information risk treatment program (e.g. mitigate, accept, transfer and avoid). Manages risks to banks information assets and assists businesses by specifying adequacy of control(s) required and validating the effectiveness of controls implemented in conjunction with business risk appetite. Manage and track information risk control efforts and escalation to Head, Risk where inadequate mitigation is evident. Ensure appropriate activities are in place to create information risk awareness within the organization, including awareness of information risk related regulatory issues that have a potential impact to the environment in alignment with group wide awareness activities. Coordinates and serve as a facilitator and liaison with stakeholders for the successful remediation of information risks. Promote compliance to information risk governance standards and policies. Provide assurance on the management of relationships with vendors and suppliers to ensure full information risk value of the contracts entered is realised to the bank. Create risk metrics and reports for tabling at risk governance committees at required frequencies including but not limited to Risk Management Committee and Board Risk Committee, the right management structures and drive remediation of said risks. Provide a holistic view of Information and Cyber risks through comprehensive reporting on the bank’s information assets introduced by personnel, processes, technology and external events.
• Business Resilience BCM Governance – Policy Enforcement and Programme Administration Business Impact Assessment & Risk Assessment Business Continuity Strategy Business Continuity Planning Exercising and Testing Maintenance and Review Training and Awareness Monitors, Promote and maintains an understanding of current/future business continuity trends and threats.
• Risk Governance
• Ensure full implementation of in-country Risk governance framework, including the administration of Risk governance documents (i.e. policies, procedures, mandates) across all risk types – Credit, Market and Operational Risk. Implement assurance function cutting across all risk types in conjunction with Operational Risk and Operations Control. Champion consolidated risk reporting with a view to standardizing risk reports for the different governance forums and establishment of a single point of information and data.
• Financial Crime Control
• Work closely with FCC to ensure adequate preventative, detection and responsive tools and measures are in place to effectively frustrate fraud. Review FCC investigation reports to evaluate internal control lapses and initiate appropriate action for any changes or and/or enhancements; Follow up and monitor for effective closure FCC recommendations with stakeholders.

Key performance measures

• The quality and improvement in Internal Audit and Risk Assurance reports; Improved quality of Operational Risk tools – Incident Reports, RCSAs and KRIs – in risk identification;
• BCM documentation maintained and Integrated BCM/ITDR testing – delivering against BCM Programme of Work;
• Delivering against Information Risk Programme of Work – information including Cyber Risk and IT risk introduced and maintained;
• Loss control – effective root cause analysis, escalation process effective, data quality in place and control environment improved through analysis on incidents;
• Quality of risk assurance support on change initiatives being rolled out Quality of participation in NPC process and NPC governance
• Effective root – cause analysis for losses (also, deal with behavioral causes).
• Effective implementation of Risk Governance across the risk types;
• All risk policies/standards have been approved by the Board and implemented in country
• Self assessment to policies and actions to close any areas of non-compliance;
• Completion of high quality assurance reports in a timely manner – value adding;
• Demonstration of existence of framework, tools and metrics for consolidation of risk exposure
• Attendance and effective participation at the Bank’s Governance committees;
• Reports to stakeholders on risk status on a regular basis;
• Quality of assurance reports;
• Evidence of risk awareness campaigns, policies and procedures in place across all businesses & escalation of risk issues by front line staff;
• Timely escalation of Operational Risk Matters/concerns.

Key dimensions of the job

• Ability to identify and understand business needs and strategies with a key focus on assisting / supporting them in terms of integrated operational risk management;
• Requires an in-depth knowledge and understanding of the banks business both CIB and PBB including systems and products;
• Requires an in-depth understanding of the group’s integrated operational risk management policies, frameworks, tools and processes;
• Effective standards and internal controls are in place including policies and procedures, systems and a risk management framework that supports business sustainability ensuring compliance with policies and regulations;
• Anticipate and proactively ensure management of all potential and emerging risks and initiate actions to pre-empt systemic risks;
• Orientation towards swift accomplishments, meeting deadlines, providing information and working under pressure;

Important relationships

The need to maintain a wide network with key stakeholders (both business and risk), Head Office Integrated Operational Risk to ensure operational effectiveness and enhanced customer service.

Preferred Qualification and Experience

Experience

10 years banking experience in risk, and operations roles (at senior management level) with working knowledge of Bank’s systems and procedures.

Knowledge/Technical Skills/Expertise

• Graduate or post-graduate qualification in Banking, Commerce, Economics or Finance;
• General knowledge of risks related to the business;
• Understanding of the interface between frontline service, responsive sales and support functions;
• Working knowledge of transaction processes relevant to products and services offered to customers e.g. within the corporate and investment banking and /or retail banking space;
• A working knowledge of the banking operating systems and controls;
• Highly analytical, team worker, good communication skills, and passion for risk.
• Problem solving The ability to identify and understand the business needs and strategies and then to interpret and convert these into operational risk strategies; The need to identify the long term operational needs to support the business effort; Handle authority expediently, be orientated towards immediate accomplishments and to be a firm decision-maker; Has a practical comprehension of the impact of the service provided and relationship to staff and customer; Has a sound recall of processes and previous experience in order to assist with problems raised.
• Planning The ability to meet tight deadlines and to satisfy customer service requirements in an environment laced with a wide variety of problems and unexpected challenges; Required to interpret, analyse, evaluate and formulate plans based on information from a number of sources. Typically, there is no right answer and a relatively indeterminate amount of risk; Take a short to medium term perspective with regard to business planning; Build in the provision for adjustment in planning and ensures plans are practical and in line with business objectives.
• Results orientation Delivering Results – Effectively manage your time and resources to ensure that objectives are achieved and projects are delivered on time. Serving Our Clients – Provide clients with the products, services and solutions to suit their changing needs while ensuring that they are based on sound business principles.
• Enabling Change Encourage others to seek novel and innovative approaches to addressing problems and opportunities. Facilitate the implementation and acceptance of change within the workplace.
• Decision making Handle authority expediently, be orientated towards immediate accomplishments and to be a firm decision-maker; Consider all the facts, options and possible outcomes prior to making decisions; Quick to act upon potential opportunities and take the initiative within limits of authority.