Key Areas of Responsibilities
- Identification of operational loss events through analysis of company data; escalation of these events or patterns of events within the ORM team and to CRO
- Assist in Business Continuity Planning, Disaster Recovery and Crisis Management activities for the CLSA group
- Assisting in preparing key risk indicator reports to be distributed to management using a wide variety of company data sources (ranging from business operational data sources to technology data sources).
- Assisting in annual organizational risk & control self-assessment program (CSOX); working with all business units to identify business risks; identify controls to manage those risk; develop test cases to ensure controls are operating effectively; work with the business units to implement action plans to address control deficiencies; and to report progress to management
- Assisting in the investigation of significant operational and technology risk events (including events with financial impact, reputational impact, or regulatory impact)
- Assisting in the management of policy exceptions approval/renewal process
- Assisting in coordinating technology risk assessment, planning, coordination and communication with key IT stakeholders.
- Assisting in review of key risks and controls, track mitigation plan, ensure follow up and closure of action items
- Assisting in various reporting and liaison with CITICS Operational Risk Management team
- Advising first line of defense in operational and technology risk related matters
- Assisting in governance and oversight of End User Computing tools used across the group
As the role develops, the candidate will have the opportunity to be involved in the following:
- Review of key organizational products and projects across CLSA, to ensure a robust control framework is maintained; and
- Review of ORM and TRM policies and training
- Implement ORM and TRM framework to newly established/joined departments and offices
- Represent ORM and TRM in governance meetings and working groups
Requirements
- At least 5 years experience working in an Operational Risk role with 2 - 3 years experience in Technology Risk Assessment / control testing role
- Previous work experience in Operational/Technology Risk consulting (Big 4 audit - PWC, KPMG, Deloitte, E&Y) or in financial services institutions (ideal)
- CISA CRISC preferable but not mandatory
- Good interpersonal and stakeholder management skills, ability to liaise with different counterparties including senior management
- Good project planning and time management skills, proactive, diligent and detail minded
- Excellent written and spoken English and competent in written Chinese and spoken Mandarin preferred
- Master Degree holder in Finance, Business or related discipline
- Proficient in Excel / Macro /SQL / Python etc. will be a definitely advantage.