The position serves as the liaison between the line of business and Internal Audit, External Audit, regulatory agencies and corporate risk and compliance management programs. The position may not be an expert in any one of the programs, but will manage each of the governance processes below with and on behalf of the representatives from the line of business in the implementation, training, monitoring, and reporting of the following programs that apply to the line of business:
- Operational Risk Management, for understanding and maintaining the inventory of business processes, facilitating and/or conducting risk and control assessments of processes, products, and projects, and identifying and reporting operational risk events and losses;
- Third Party Risk Management, for understanding and maintaining the inventory of third party relationships, participating in due diligence reviews of new and existing third parties with the relationship owners, and monitoring service level agreements;
- Corporate Compliance, for understanding and maintaining the inventory of all laws, regulations, and guidelines that apply to the line of business, understanding compliance procedures and controls within the line of business, assisting management with customer complaint analysis, and understanding the results of ongoing compliance monitoring;
- Model Risk Management, for understanding and maintaining the inventory of models, tools, and user-developed applications, and assisting model owners with documentation and monitoring model performance;
- Conducting risk assessments of new products and services, participating in implementation status meetings; and understanding project management methodologies of the Project Management Office;
- Office of General Counsel, for understanding the legal risks in the line of business and mitigation strategies as outlined by Counsel;
- Bank Secrecy Act (‘BSA’) Administration, for understanding procedures and controls associated with the Bank’s BSA, anti-money laundering, and Office of Foreign Assets Control programs, their applicability to the line of business, and the state of those controls;
- Information Security, for recommending system access requirements and security controls, and the results of ongoing information security monitoring;
- Business Continuity Planning, for participating in the business impact analysis, updating business continuity plans and technology recovery plans, observing, participating in, and/or reviewing results of tests of business continuity and technology recovery plans, and supporting crisis management activities as needed;
- Corporate Security, for assisting with internal and external fraud events and understanding the physical security controls and related matters within the line of business;
- Enterprise Risk Management, for development of risk appetite statements, monitoring key risk indicators, and identifying current and emerging risks;
- Finance, for understanding the line of business processes, controls, and procedures associated with Sarbanes-Oxley Act (‘SOX’) compliance;
- Internal Audit, for gathering requested documentation and participating in audits of the line of business, as well as assisting in the preparation of responses to findings;
- Examination Management, for gathering requested documentation and participating in federal and state exams of the line of business, as well as assisting in the preparation of responses to findings; and
- Issues Management, providing support in root cause analysis, solution identification, remediation, tracking and validating management’s corrective action(s) identified by corporate risk management monitoring activities, Internal Audit, Regulatory Examiners.
- Participates in the development of business plans, participates in project status meetings, process and control design sessions, third party selections, system conversions, mergers and acquisition due diligence, and other line of business matters in which risks are determined or discussed.
- Communicates and escalates matters of significant risk to executives, senior leaders and business unit managers.
- Assists the line of business with policy and procedure development, maintenance, and reviews, and offers effective challenge where necessary.
- Maintains the Line of Business, risk management documentation within the GRC and other Bank-wide reporting tools.
- Supports the Board, executives, senior leaders, managers, Internal Audit, and regulators with risk information, analyses, and insights into the line of business.
- Delivers, or assists in the delivery of, risk education to the line of business.
- Performs other risk management duties as required.
- Obeys all applicable federal laws, rules, and regulations relating to Anti-Money Laundering (AML) including the Bank Secrecy Act (BSA)
Knowledge, Skills & Abilities:
- Ability to prepare high quality, Board-level written deliverables and presentations.
- Proficient in Microsoft Excel, Word, and PowerPoint.
- Strong interpersonal, communication, and analytical skills.
- Creativity, critical thinking, initiative, and problem-solving skills.
- Ability to accurately prepare policies, procedures, and training material, and identify and describe risks and related internal controls.
- Ability to operate and work collaboratively
- Ability to manage multiple work streams and deliverables, and coordinate across functional initiatives.
- Ability to effectively partner with multiple business units, corporate functions, internal auditors, independent public accountants, and regulators.
- Ability to extend influence within the line of business to achieve Bank and Corporate Risk Management objectives.
- Subject matter expertise in the business line including processes, products, services, projects, third parties, applications/systems, models, regulations, policies, procedures, and the associated risks and control environment.