Operational Risks and Permanent Control Senior Expert
Context and missions
The Operational Risk and Permanent Control team assists the entity's Chief Risk Officer (CRO) with developing and implementing a comprehensive and effective permanent control framework at the company, excluding the Cyber related topics, with a specific focus on managing risks within the board's risk appetite.
Scope of risks oversight: The Operational risks, are defined in the Risk Governance Framework and specified in the team organization based on the domain of expertise.
After having familiarized yourself with the Operational Risk and Permanent Control documentation, the technical and organizational environment of Clearing activities, and the operational risk information system, the staff member missions are:
Permanent control Framing
- Contribute to developing and maintaining a comprehensive permanent control framework for the company, mainly supported by the Permanent control procedure
- Contribute to develop and maintain policy framework (and applicable standards) for Operational Risks in accordance with the companies Risk appetite ensuring that framework is fit for purpose and Business is in compliance with the policies and the regulatory requirements (mainly ACPR arrété du 3 nov 2014, AMF, DORA, CFTC, Reg SCI, ANSSI)
- Crisis coordination framework: contribute to the definition and maintenance of the Crisis management framework
Permanent Control framework consistent implementation and coordination for the team:
- Ensuring that the controls of 1st and 2nd levels are correctly recorded in the operational risk information system.
- Ensure that resilience risk issues are recorded (including external/internal Audit) and follow up on creation/ closure/ extension.
- Contribute to maintaining and improve the operational risk information system
- Coordinate permanent control framework and report on a regular basis to the manager, including providing visibility on hot topics and raise alert when relevant
Independent controls on applicable operational risks
- Define and perform 2nd line of defence control plan, ie ensure an adequate framework of permanent controls is well established and perform control assurance, control testing, deep dive as defined in the Permanent Control Procedure.
- Testing the design and operational effectiveness of these controls.
- Liaising and challenging the relevant teams and/or the operational risk correspondents to define proper action plans in case of insufficient results and or any anomalies detected.
Communicating the results of these checks by:
- Formalizing a report/statement of progress to the internal risk governance and to Group one if any.
- Creating a dedicated KRI /KCI and doing its follow-up to the internal risk governance
Risk assessment and remediation challenge:
- Support the 1st Line of Defence (LoD) operational risk correspondents in the monitoring of their risks (e.g. training, methodology to comply with, etc.)
- Participating in the follow-up of the incidents (e.g. meeting, the challenge of operational risk assessment and losses, etc.)
- Challenge the first line of defence on the risks associated with their BAU (RCSA/RCA) and Change activities that may impact the risk profile of the CCP (ORA/DORA, issue creation/extension/ closure)
- Challenge the operational resilience of processes and mitigation measures defined and implemented by the first line of defence; eg ensure recovery time from incidents is compliant with regulatory requirements, data centres & disaster recovery plans, as well as recovery strategies & business recovery plans, are fit for purpose.
Tool & Reporting:
- Maintain the risk system
- Ensure internal/external reporting are produced on time and consistently to provide an overview of the companies risk profile
Crisis coordination mission:
- Support the CCP to minimise the impact to financial markets, customers and other stakeholders arising from any event which causes disruption, as well as to protect the welfare of staff during such an event.
- The crisis coordinator will be activated in case of a major incident/disruption that will lead to a crisis, being default or ops risk related.
Experience and skills required
- 7 years + of experience in the financial industry in Internal Control function and risk management
- Fluent in English & French (working language)
- Excellent communication skills (staff, peers, Group, etc...)
- Organizational skills
- Delivery-oriented, problem-solving mindset
- High capability to analyse and to summarise
- Good knowledge of Data Management (Excel, VBA,...)
- Ability to interact with senior management and multiple stakeholders, including regulators