Northern Arc Capital - Enterprise Risk Role (8-12 yrs)

JOB OBJECTIVE:

To oversee and facilitate the Risk Control Self-Assessment (RCSA) process for designated functions within Northern Arc Capital and group companies, ensuring the identification, assessment, and mitigation of operational risks. This includes collaborating with Business Operational Risk Managers (Risk Champions) and Risk Owners to assess risks, evaluate controls, and ensure alignment with Northern Arc Capital's risk appetite. Additionally, the role involves maintaining the Risk Register, tracking operational risk events (RCAPs), and ensuring timely review and updates of SOPs, policies, and product notes. The individual is to assist in day-to-day Operational Risk Management (ORM) activities, including risk identification, assessment, reporting, and application of appropriate mitigation strategies.

KEY ACCOUNTABILITIES:

Facilitate Risk Control Self-Assessment (RCSA) on all processes/activities/systems for designated business segments assigned within Northern Arc Capital and group concerns. The RCSAs are to be conducted on a quarterly basis. Work closely with the Business Operational Risk Managers (Risk Champions) and Risk Owners across the designated functions. The activities involved in RCSA process is provided below:

- Review the SOPs, audit report, operational risk event dataset (RCAPs) before conducting the RCSA for the functions involved in assigned business segments.

- Isolate and Focus on the critical activities within the function

- Reason the criticality of all the activities performed within the critical functions within each business segment. Isolate and focus only on the critical activities.

- Determine the interconnections and interdependences between critical activities within functions to ensure operational resilience within each business segment.

- Identify material inherent risks that can materialize if key controls are missing or failing for each key activity.

- Assess the controls in place or to be put in place to reduce these risk exposures to residual levels.

- Determine the likelihood and impact of the risk materializing after controls are put in place.

- Ascertain whether the risk exposure after controls are in place are within thresholds specified in Risk Appetite framework.

- Determine further mitigating action plans for the residual risk sitting above risk appetite. This is the central outcome of an RCSA to determine whether more needs to be done.

- Maintain the Risk Register in system and the Operational Risk Event Dataset (RCAP) register to provide a meaningful overall effectiveness of controls and help facilitate oversight by Senior Management. To track loss data/losses if incurred in the past for risk events highlighted in the Risk Register and RCAP register.

- Maintain a central record of the SOPs, products and services, policies including third party arrangements for the designated functions to facilitate monitoring of them and any changes thereof.

- Ensure SOPs, Product Notes, Policies for designated functions are reviewed within timelines.

PERFORMANCE INDICATORS:

Risk Control Self-Assessment (RCSA) Execution:

- Timeliness of RCSA completion: Percentage of RCSA processes completed for the Business segment within the designated quarterly timeline.

- Accuracy and Quality of Analysis: Percentage of identified risks and controls reviewed and assessed correctly.

- Critical Activity Identification: Number of critical activities accurately isolated and assessed.

- Stakeholder Engagement: Frequency and quality of collaboration with Risk Champions and Risk Owners across designated functions.

Risk Mitigation and Control Effectiveness:

- Data Accuracy: Percentage of operational risks accurately recorded and updated in the Risk Register in a timely manner.

- Event Tracking: Frequency and completeness of tracking past risk events, losses, and mitigations within the Risk Register on Nimbus system and RCAP register.

- Control Gaps Identified (RCAPs): Number of control gaps identified during the RCSA process and subsequent appropriate actions taken.

SOPs, Policies, and Document Management:

- SOP and Policy Review Compliance: SOPs, policies, and product notes reviewed within the required timelines.

- Record Maintenance: Accuracy and completeness of maintaining a central record for SOPs, products, services, and third-party arrangements.

Cross-Functional Collaboration and Stakeholder Communication:

- Collaboration with Risk Owners: Frequency and effectiveness of collaboration with key stakeholders, such as Risk Owners and Business Operational Risk Managers (Risk Champions).

- Reporting of Findings: Timeliness and clarity of communicating RCSA findings, RCAP updates, to relevant teams and senior management.

QUALIFICATIONS, EXPERIENCE & SKILLS:

Minimum Educational Qualifications:

- Bachelor's degree in business, Finance, Risk Management, or a related field.

- Master's Required in Finance or equivalent.

Work Experience:

- 8 years of experience in risk management, operational risk, ERM risk.

- Experience with RCSA processes and risk assessments preferred.

Technical Skills:

- Proficiency in risk management software is preferred.

- Strong skills in Microsoft Excel and data analysis using power bi.

Soft Skills:

- Strong analytical and problem-solving abilities.

- Effective communication and collaboration skills.

- Excellent organizational and time management skills.