Technology Risk Officer / Senior Risk Manager
- Guangzhou, Guangdong Sheng, China
- Permanent, Full time
- Bank of Montreal Asia
- 15 Aug 17
Accountable for the development, documentation, maintenance and oversight of operations governance risk models, risk control frameworks and programs for large-size Technology and Operations (T&O) or enterprise-wide portfolios of high risk and/or complexity to ensure that operational risks are appropriately identified, measured, reported and managed so that business partner objectives are achieved within the organization’s tolerances for risk and in compliance with laws, regulations and internal policies and standards. Act as primary contact for executives and senior management and as a subject matter expert (SME), providing guidance and advice in assigned area of operational risk management and change management.
KEY AREAS OF ACCOUNTABILITY
A. Risk & Control
B. Change Management
C. Business Performance Management
A. Risk and Control
Risk Program Management and Governance
• Develop operational risk programs and frameworks that ensure T&O business unit compliance with internal and external guidelines, policies and regulations; interpret implications, requirements and potential issues for appropriate executive and senior management decision-making.
• Act as SME in role as Technology Risk Corporate Support Area (CSA) and relationship manager to T&O business units, and as coordinator of contact points between external regulators and or T&O groups, providing leadership, advice, guidance, consultation and direction in the area of expertise to executives and senior management to ensure operational risk management processes are in accordance with internal and external standards and guidelines.
• Act in an independent oversight capacity, monitoring operational risk management and mitigation, and regulatory compliance adherence in the area of expertise.
• Provide guidance and counsel to business unit senior management and executives to ensure effective risk and control processes and practices that are in compliance with Bank and regulatory requirements.
• Integrate appropriate information obtained from a variety of internal and external sources (e.g., Corporate Audit, Corporate Compliance, Shareholder Auditors, Corporate Support Areas [CSA]), regulatory reports and governance frameworks), ensuring compliance with terms and conditions, and maintenance of risk within acceptable levels; analyze and produce timely reports for executives, senior management and key stakeholders. Provide guidance as needed.
• Obtain sufficient information from impacted group(s) when potential significant deficiencies or material weaknesses or non-compliance are identified to ensure appropriate investigative groups are engaged (e.g., CSAs); ensure remedial activities are appropriately documented to satisfy external review.
• Create and maintain risk management documentation and procedures in the area of expertise.
• Develop and maintain tools and templates for operational risk programs (e.g., Risk Control Self-Assessment (RCSA), Sarbanes-Oxley (SOX) or regulatory compliance, record retention, business managed applications), as required.
• Advise and support executives and senior management in preparing for internal and/or external reviews through facilitation, planning, briefing, consolidation, review, interpretation, documenting and auditing of reports and materials; liaise with internal and external groups as they audit and assess business unit compliance with regulatory and policy standards.
• Represent T&O interests and risk status in Corporate forums, as assigned, and influence Corporate policy related to area(s) of expertise; represent and review Corporate policy on behalf of T&O, consolidating responses and providing feedback and advice.
• Identify the need for and monitor training and education, as SME, in program area(s).
• Ensure adherence to all aspects of FirstPrinciples, Our Code of Business Conduct and Ethics Corporate Policy, as well as all applicable legislation, regulatory rules and requirements, and Bank standards, P&Ps for such things as potential conflicts of interest, safeguarding of customer information, trading in securities, anti-money laundering, privacy and disclosure of outside business activities.
• Ensure strict confidentiality is maintained for both customer and Bank information to protect the customer and the Bank and to ensure compliance with Bank P&Ps.
• Follow security and safeguarding procedures and apply appropriate due diligence in accordance with Bank policy for the prevention of loss due to such things as fraud or defalcation.
• Manage risk and minimize losses through monitoring and controlling various reports and taking appropriate action, ensuring compliance requirements, audits and verifications are completed in accordance with Bank P&Ps.
• Design and implement a reporting monitoring systems that is sufficient to demonstrate T&O state of compliance, satisfy Corporate governance and external testing requirements by such bodies as Shareholders’ Auditors and Regulators, and ensure effective due diligence in support of required attestations.
• Analyze, produce and distribute timely key risk reporting within area of expertise for executives and senior management within T&O and/or at the enterprise level including BMO Board reporting which are used to make strategic decisions on meeting business objectives and to provide governance on the overall risk framework.
• Monitor and report on impacts of deficiencies related to operational risk programs and requirements and overall effectiveness of controls; recommend mitigating solutions and actions.
Risk Knowledge Management
• Identify, create, distribute and enable the adoption of risk knowledge (e.g., regulation, best practices, case studies, risk events, professional associations and consultant practices used) to facilitate a high degree of risk awareness that drives improved performance and knowledge transfer/ exchange, and is a key component of a risk governance framework.
• Contribute to knowledge repositories (e.g., libraries, documentation and support materials) ensuring completeness, accuracy, timeliness and security/integrity of information to support the advancement of risk management capability and proficiency.
• Ensure high quality, accessible information for staff, managers and executives.
• Identify and recommend business improvement opportunities related to area(s) of expertise.
• Advise and counsel executives and senior management on risk reporting, exposures, programs and plans.
B. Change Management
• Consult to the development and maintenance of programs to ensure that new initiatives and and/or significant changes to business conduct/ operations are governed in accordance with the Bank’s Initiative Decisioning Process (IDP)/ Investment Spend Optimization (ISO) and new standards and policies.
• Monitor changes in Corporate programs/ policies and regulatory changes to ensure compliance and that T&O is fully up to date; advise and provide guidance to appropriate business units, as required.
• Anticipate and/or interpret the impacts of business changes and/or regulatory changes on controls and effective operational risk management; recommend mitigating actions, as necessary.
• Lead and/or represent T&O, as SME, on key risk projects, deep dives and game plans to drive continuous improvement in operational risk management. This involves analyzing problems and generating creative solutions by collaborating with the team, providing leadership, as well as managing projects, as required.
• Represent area of expertise on large scale, enterprise projects and initiatives to provide context, information and analysis on proposed changes. Initiatives may include the development and implementation of new/ revised products, new systems or enhancements, new/ revised processes in support of internal efficiencies and industry regulatory changes.
• Represent the operational risk discipline during change impact analysis and assessment, technology and business requirements-gathering, business case development, solution development, review and sign-off, implementation planning and support, issue escalation and management, sustainment and change acceptance, leadership updates and recommendations, using advanced knowledge of operational risk function and processes.
C. Business Performance Management
• Monitor and analyze opportunities for risk management improvement; recommend solutions.
• Act as SME to translate laws, regulations, standards and policies into practical methodologies and approaches that can be implemented for multiple and/or larger initiatives/ projects of a more complex nature and/or the introduction of new/revised processes and systems, including process redesign to compliment the change management/ product support strategy for the business unit, adhering to and maintaining established standards and practices.
• Provide coaching and/or training sessions to executives and senior management in area(s) of expertise, and provide feedback on gaps and opportunities.
• Build and maintain relationships with industry contacts (internal and external), regulatory officials and external consultants for the purpose of enhancing business effectiveness within the scope of accountability.
• Support the delivery of exceptional customer service that builds trust through responsive, accurate, consistent, knowledgeable and available services and support.
• Align individual performance goals to team and organizational goals.
• Demonstrate behaviours that are consistent with “Our Way” model and aligned with BMO values.
KNOWLEDGE AND SKILLS
• University degree/college diploma or equivalent
• 10+ years experience in risk with either an operations and or technology background within the financial services industry
• Knowledge and understanding of BMO Initiative Approval & Assessment Process (IAAP) and COIE
• Solid knowledge of standard desktop applications used by the business unit
• Expert knowledge and understanding of the business unit’s key products and services, processes, controls and organization
• Expert understanding of operational risk and related control frameworks and practices
• Expert understanding of the business unit’s risk and regulatory requirements
• Advanced understanding of industry practices and risk reporting fundamentals
• Solid knowledge of departmental systems and applications
• Solid understanding and knowledge of the business planning process, reporting cycles and requirements, protocols for sign-offs and information sharing, and key business metrics
• Solid understanding of system design, databases and business intelligence techniques
• Expert understanding of risks inherent in areas of expertise.
• Advanced PC skills
• Programming skills in SharePoint and Access database
• Strong logic and data integration skills
• Expert analytical and problem-solving skills, with expert ability to analyze a risk exposures
• Conceptual skills, with an ability to quickly understand concepts and translate them into meaningful information
• Advanced change management skills
• Advanced prioritization skills
• Strong attention to detail and organizational skills
• Advanced planning skills (re finance, resource, strategy, business)
• Expert risk management skills
• Advanced influencing skills
• Advanced stakeholder relationship management skills
• Advanced facilitation/ presentation skills
• Advanced conflict management/ resolution skills
• Strong teamwork skills
• Advanced report-writing skills, with ability to create and organize varying forms of business information while developing it into cohesive, meaningful, professional reports and presentations
• Advanced written and oral communication skills, with the capability to present and articulate complex concepts