About Standard Chartered We are a leading international bank focused on helping people and companies prosper across Asia, Africa and the Middle East.
To us, good performance is about much more than turning a profit. It's about showing how you embody our valued behaviours - do the right thing, better together and never settle - as well as our brand promise, Here for good.
We're committed to promoting equality in the workplace and creating an inclusive and flexible culture - one where everyone can realise their full potential and make a positive contribution to our organisation. This in turn helps us to provide better support to our broad client base.
The Role Responsibilities
Align the in-country operational risk management approach to the ORTF and oversee its effective application.
Ensure that the Country Functional Head of Technology and Functions as well as relevant staff understand and accept their operational risk management responsibilities.
Represent the country OR in the Technology and Functions Functional Risk Forum (FRF).
Support training initiatives from the group OR, wherever required.
Ensure the Technology and Functions UORM are effective in identifying, monitoring, managing, remediating, and escalating risks and issues.
Maintain an open and cooperative relationship in dealing with the regulators in-country.
Review and challenge the country strategy where it is not aligned with the country risk appetite.
Maintain operational risk capability and a control environment which is in line with the ORTF.
Assess periodically the operational risk profile for Technology and Functions.
Risk Control Ownership of Operational Risk
Provide a central contact point and oversight over all controls required to effectively manage operational risks within Technology and Functions that arises from the end to end processes.
Challenge the completeness of risk identification, monitoring and assessment of the corresponding control activities required within the end to end processes to identify and follow through the remediation by the 1 st line Technology and Functions of any significant deficiencies.
Ensure compliance with the ORTF.
W here the 1 st line Technology and Functions redesign controls locally in response to internal and external factors validate such redesign.
Risk identification and Assessment
Validate and challenge the 1 st line Technology and Functions risk identification and assessment of gross and residual risks arising within the end to end processes.
Assess the control environment including, but not limited to, control design, control execution, control testing and control history.
Recom m end changes to the control environment or to business practice where necessary to reduce the level of operational risk exposure to within the agreed appetite. Ensure such changes are agreed with the global process owners and the global OR officers for that function prior to in-country implementation.
Review the design of effective process controls by the 1 st line Technology and Functions to manage all material risks linked to the process control failure.
Identify local process & control gaps and deviations from the group standard processes - regularly assess all key controls against the country risk profile to monitor exceptions and identify gaps.
Provide a balanced and informed assessment of all operational risks arising from acquisitions or major change initiatives or projects within the country.
Review risk record templates for acceptance of medium, high and very high country level risks.
Challenge the Technology and Functions risk management activities where risks are not aligned with the control requirements or risk appetite.
Sign off on new products from the OR Technology perspective.
Ensure residual risk assessments are performed at appropriate frequency by the 1 st line Technology and Functions and reviewed and approved by the 2 nd line SORO. This includes ensuring completeness, accuracy, and timeliness.
Periodically review operational risk assessments to ensure these appropriately reflect changes environment, mitigating controls and the progress of treatment plans.
S y stematicall y m onitor process control effectiveness where there are material risks of process control failure.
Conduct periodic assurance over process, control and risk metrics for completeness, accuracy, and timeliness, of KRIs and KCIs. Ensure any issues identified are remediated in a timely manner
Review and update annual ke y control testing plans.
Identify root cause of control defects highlighted during control testing and ensure there are appropriate plans in place owned by the 1 st line Technology and Functions to remediate.
Ensure that effective management response plans are in place to respond to extreme but plausible scenarios.
Risk & Loss Reporting
Ensure that the risks requiring acceptance as escalated as per the policy for operational risk assessment and acceptance.
Approve the classification and accurate reporting of operational risk losses.
Report and escalate significant operational risk events (SORE).
Ensure the 1 st line Technology and Functions provides Root Cause Analysis (RCA) / Root Cause Review (RCR) reports for relevant risk events.
Provide risk information / updates to the Executive Risk Committee (ERC).
Participate in a stress test and scenario programme for operational risk [ as part of ICAAP ], review the results and assess their implications.
Ensure that operational losses, near misses and audit fails are escalated to the group function in a timely fashion.
Contribute the relevant scenarios to perform stress testing relevant to the business/function, review the results and assess their implications.
Support the preparation and ensure the delivery of RCA for unsatisfactory operational risk as per the procedure.
Strategy & Planning
Inform the development of in-country business plans, exercising appropriate focus on the implementation of robust operating environments, within risk appetite, to support business aspirations.
Regulatory & Business conduct
Display exemplary conduct and live by the Group's Values and Code of Conduct.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Contribute to the Hong Kong Operational Risk function to achieve the outcomes set out in the Bank's Conduct Principles: Fair Outcomes for Clients; Effective Operation of Markets; Financial Crime Prevention; The Right Environment.
Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Our Ideal Candidate
Operational risk management experience
An in-depth understanding of the technology risk/control environment
A clear understanding of the Bank's approach to the management of operational risk, or equivalent experience gained in other organisations.
Ability to leverage resources across the organisation to complete deliverables.
Sound judgement and courage necessary to perform a control role and maintain effective working relationships.
The following Professional Level certificates are recognized under the ECF-C, HKMA.
CSX Specialist Certificate (CSX-S)
CSX Expert Certificate (CSX-E)
ISACA Certified Information Systems Auditor (CISA)
ISACA Certified Information Security Manager (CISM)
ISACA Certified in Risk and Information Systems Control (CRISC)
ISACA Certified in the Governance of Enterprise IT (CGEIT)
ISC² Certified Information Systems Security Professional (CISSP)
ISC² Certified Cloud Security Professional (CCSP) professional (CCSP)
Apply now to join the Bank for those with big career ambitions.