Risk Controller

Kayzen Group
  • Chennai
  • Confidential
  • 3-8 years
  • 10 Apr 2015

  • IT/ Information Technology, Audit and Assurance

  • IT/ Technology - Software/ Services
Job Description

Job Overview
The Risk Controller role is responsible for and has oversight over Operational Risk management, control management and audit management across the unit that has been assigned to the role. This role is key and responsible for applying the functions approach to risk identification and mitigation, control management and audit engagement within the framework set out by the relevant authorities.
This operations role ensures a constant state of preparation, readiness and continuous improvement across process, risk management and reduction, audit success, documentation, MIS systems and reporting.

Job Title : Risk Controller (RC)
Reports to Direct Risk Manager (RM)
Job Purpose - Assist the RM in coordinating, driving and directing effective
Key Responsibilities

Matrix None

compliance with the prescribed operational risk management framework
Coordinate the implementation of effective controls to minimise / mitigate operational impact
- Continuous monitoring for effectiveness and efficiency of key controls leading to effective management of Operational Risk.
- Coordinate, facilitate and promote understanding and practice of Operational Risk within the Unit
- Coordinate management of risk and timely resolution of issues.

Risk Reviews

- Execute risk / control reviews as per plans and in consultation with the RM
- Track to closure, all actions and risks arising from the reviews
- In conjunction with Process Owners, design and propose control enhancements to RM for consideration
- Responsible to the RM as the Single Point of Contact (SPoC) for the Unit on internal and external audits
- Ensure that the affected unit are sufficiently prepared for upcoming audits
- Review and advice RM on the adequacy of management response to audit findings for the Unit
- Monitor and track progress and timely closure of audit findings
- Share thematic risk & audit findings across units.

Process Risk Analysis (PRA)
- Execute PRAs as initiated by RM, to support efforts in reviewing process and control effectiveness and risk identification
- Track to closure, all actions arising from PRAs

Key Relationships
- In conjunction with Process Owners, design and propose control enhancements to RM for consideration
Risk Committee Meetings
- Ensure that all risk committee meetings within the unit operates within the approved Terms of Reference (ToR), including membership, agenda, frequency.etc
- Facilitation of and pack production for the unit risk committee meetings. Provide challenge to ensure robust Risk Management practice
- Submission of risk and control related details to functional risk forum within schedule and at the required quality

Management Information
- Ensure that management (and any other stakeholder as required) is kept aware of the risk, control & audit profile of the unit through periodical reporting
- Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action
- Ensure integrity of source and the processing of data to deliver accurate representation in management information Validation of Controls: Key Control Self Assessments (KCSA) / Key

Risk Indicators (KRI)
- Continuous monitoring of key controls. Validate sampling techniques, results and exceptions arising thereof
- Obtain, agree and track to closure of treatment plan from responsible parties
- Provide RM periodical view of status and progress Issue Management (records in Phoenix)
- Investigate, document and report risk events and treatment plans on Phoenix in conjunction with with Unit Managers.

Change Management
- SPoC for the unit on any Risk, Control or Audit change initiatives from Group or Technology Governance
Drive implementation and adoption of agreed initiatives across the unit including training, communication and awareness.
- Unit Line Managers and Process Owners within and outside of the unit in the management of controls
- Peer Risk Managers / Controllers in other units in managing cross

Key Measurables
Authorities - Free access to Unit Head, Line Managers, peer Risk Controllers /
Experience and Skills functional risks and sharing of best practices
- 2nd line (GTO Operational Risk and Risk & Control) for advice and guidance and steering with regards to group initiatives
- Group Operational Risk (GOR) for interpretation and effective implementation of its Policy and Procedures
- GTO Operational Risk functions in-country, GSSCs, WB Operations and CB Operations on relevant technology risk and controls
- Legal & Compliance for interpretation of and consultations on regulatory requirements.
- Process Governance team for process and control metrics
- Group Internal Audit and external auditors on audit and reviews.
- Effectiveness of the controls and monitoring of operational risks and controls at the Unit level
- Zero overdue actions arising from PRAs, Risk Reviews, Control exceptions, audit findings..etc
- Satisfactory results on audits undertaken by Group Internal Audit, FSA, regulators and external auditors (relating to the unit)
- Timely reporting and escalation of all operational risk exposures and control failures
Timely communication of changes to Policies, control environment and regulatory environment from Legal & Compliance and GOR.
- Monitoring and adherence to timelines on Risk & Control or Group initiatives.
- Cross team collaboration proactive engagement with stakeholders Risk Managers and Process Governance team
- Free access to all documents and records within the purview of the Unit Head and for area of responsibility, with the exception of information governed by specific policies, e.g. Chinese Walls
- Free access to all meetings under jurisdiction
- Recommend and implement actions and solutions to mitigate operational risks and enhance compliance at the Unit level.
- At least 1 years experience in Operational Risk within technology
- At least 3 years experience in any (combination of) technology discipline
- A good understanding of controls required to manage Technology Risk
- An understanding of technology Project Lifecycle and the associated controls required through project delivery to manage and mitigate risk
- Be able to create and tailor clear and concise verbal and written communications. Fluent written and spoken English language skills
- Possess a pro-active posture and committed to continuous improvement
- Good presentation skills
- Demonstrable analytical thinking
- Data analysis and reporting skills
- A team player who enjoys working with people on all levels as well as being able to work independently and under pressure to meet tight deadlines.
The following skills are not a pre-requisites, but will be advantageous:
- Practical experience in technology audit engagement
- Experience in any other risk management discipline (Credit, Market..etc)
- Experience working in an financial institution industry Qualifications - Tertiary qualifications in IT, Business Administration or Commerce
- ITIL Foundation certified
- Certification in CRISC (Certified in Risk and Information Systems Control certification), Certification in CISA (Certified Information System Auditor) or any other related qualification would be beneficial
- Any Cobit related certification would be beneficial

Competencies/Skill sets for this job

Operational Risk Risk Management Internal Audit Audit Management

Job Posted By

About Organisation

Kayzen Group