Senior Manager -Risk and Controls, CIB & CB Operations

Key Roles and Responsibilities
To ensure the CIB & CB Operations teams in the Country operate in full compliance with all Country and Group policies as well as local regulatory requirements, through
Ensuring business strategies, standards and roadmap abide by T&O operating principles, policies and procedures of Country and Group Risk Management Framework (“RMF”)
Ensuring that the execution of T&O functions are fully compliant with statutory regulations, laws, guidelines and industry practises as a Corporate body (met and satisfied) for Operations, Technology, Vendor Management, Data Management (including Security and Protection)
Support CIO in the overall effective and proactive management of all T&O risks and controls
Strategy
Overall responsible for the preparation, communication, implementation, delivery and expansion of T&O OR plans, working in close cooperation with country (CIO, Legal & Compliance, local/regional Management Groups/ Committees) and global (GSSC, Group T&O Governance & Controls, and Group Operational Risk).
Support the CIO as the Risk Control Owner (“RCO”) of Technology, Vendor Management, and Data Protection and Data Security in accordance with the Risk Management Framework
In collaboration with L&C, identify, communicate and expedite changes to comply with new and amended regulation across T&O
Process – Technology and Operations Service Delivery Through the CIO and key stakeholders, ensure T&O platforms, services and processes are in line with Global and local OR and Data standards and requirements to support the business
Handle requirements from country/regional stakeholders and provide constructive feedback and into GTO Governance & Controls teams, and relevant parties
Ensure that material risk exposures for the country thresholds are reported to CORC, and risk exposures rated Medium and above based on Group materiality to Regional or Group GTO within an appropriate timeframe
Risk Governance and Management Support and implement the global standards of risk and control; escalating risks rated medium and above based on Group materiality thresholds to the relevant risks committees
Ensure there is effective governance and risk management mechanism in place to manage and mitigate risks in SSC Nairobi.
Create and maintain staff awareness of operational risk management through training (e.g. mandatory e-Learning) or accreditation.
Maintain effective systems and controls to ensure proper supervision of GTO operations in conjunction with CIOs, Technology and Operations Heads
Proactive in seeing regular assurance that areas of responsibility are performing to an acceptable risk and control standard – maintain a level of independence from day to day processing
Approve on behalf of the CIO, RCO related requests coming through risk management systems (Phoenix/ Knox) or emails on behalf of the CIO.
Balance business performance delivery and cost management with risk and control matters to ensure that it does not materially threaten the Group remaining within risk appetite
Ensure adherence to regulations, and coordinate country regulatory reviews. Ensure all findings are closed and communicated to the Regulator in full consultation, discussion and agreement with Country Compliance, and all open issues communicated to GTO Group. The country should adhere to GTO best practice standards in regulatory planning and execution.
Risk identification and Assessment Validate and challenge the first line risk identification and assessment of gross and residual risks arising from its end to end processes and identify any gaps.
Assess the control environment including, but not limited to, control design, control execution, control testing and control history.
Recommend changes to the control environment or to business practice where necessary to reduce the level of operational risk exposure to within the agreed appetite.
Assist in the design of effective process controls where there are material risks of process control failure
Validate Business / Functions Controls – Regularly assess implementation of Business/functions Key Control Standards (“KCS”) to ensure cost effectiveness, efficiency and relevance.
Identify Local Control Gaps – Regularly assess all key controls to monitor exceptions and identify gaps.
Optimise portfolio of local controls – Regularly assess existing Local Key Control Standards, key risk indicators (“KRIs”) and key control indicators (“KCIs”) to ensure cost effectiveness, efficiency and relevance.
Provide balanced, independent and informed assessment of operational risks arising from acquisitions and major change initiatives or country projects.
Risk Monitoring Ascertain and confirm that country/Group T&O risk registers, KRIs, KCIs, and control sample testing are effectively implemented
Periodically review operational risk assessments to ensure these appropriately reflect changes in environment, mitigating controls and the progress of treatment plans.
Systematically monitor process control effectiveness where there are material risks of process control failure.
Review and approve first line risk treatment plans, in phoenix.
Monitor treatment plans to ensure they are implemented accordingly.
Work with local business representatives to receive control and risk metrics in order to monitor KRIs and KCIs.
Identify and escalate any thematic risks in T&O beyond the reporting unit/function
Review and update annual key control testing plans
Risk & Loss Reporting Approve the classification and accurate reporting of operational risk losses, in phoenix.
Report and escalate significant operational risk events (SORE).
Deliver Root Cause Analysis (RCA) reports for relevant events.
Provide risk information/updates to Country Operational Risk Committee (CORC) as appropriate.
Ensure use of all Group risk and regulatory systems
Strategy & Planning Inform the development of business plans, exercising appropriate focus on the implementation of robust operating environments, within risk appetite, to support business aspirations.
Corporate Governance and Compliance Provide timely and relevant information to the CIO and Country GTO Management Group on significant and material OR issues, business developments with OR-related impacts, etc
Ensure T&O function in adherence according to the highest standards of regulatory and compliance practises, in full compliance with all regulations and controls as set by the Bank and external authorities; which includes compliance with local banking laws and anti-money laundering regulations and guidelines
Embed the OR policies and procedures as well as Group RMF in GTO country to ensure that adherence with the highest standards of ethics, and compliance with relevant policies, processes and regulations among employees form part of the culture
Support the CIO in the execution of a Country Data Management Committee to ensure data quality governance
Support the CIO through sharing of best practises from across OR network and review across country T&O
People and Talent Develop and embed a high performance culture and organisational mindset to effectively embed and communicate T&O policies and procedures in-country/region
Develop ongoing training, communications and development programs for Technology and Operations personnel to ensure minimum standards in OR awareness and embedment of OR responsibilities in respective areas of work and adherence with the highest standards of ethics, and compliance with relevant policies, processes and regulations among employees form part of the culture
Ensure that the relevant staff understand and accept their responsibilities in relation to risks, governance and controls
Qualifications and Skills
Good level of understanding of operations and technology
Results driven with strategic qualities
Visionary leader able to engage and motivate performance in others
High degree of independence, responsibility and integrity
Strong project management skills with demonstrable track record in a dynamic environment
Knowledge of quality tools, procurement, and logistics planning
Tertiary education
Relevant managerial experience
Excellent communication capability – good command of written English
Ability to work within a multi-function, multi-discipline team environment with strong influencing and stakeholder management skills
Change agent
Compliance and/or Operational Risk background preferred but not a must