The Role Responsibilities
Strategy
Support the Head of OR in fully embedding Third Party Risk (TPR) as an integrated risk type, fulfilling the requirements of second line oversight and challenge for all regulatory & group commitments.
Work closely with the Principal Risk Type teams and Subject Matter Experts (SME) to ensure delivery of the embedding of Third Party Risk management into the Group’s relevant Principal Risk Types.
Proactively engage with risk teams and the first line on a continuous basis to ensure that Third Party Risk is holistically managed.
Business
Conduct reviews and risk deep dives into Third Party types covering Outsourcing, Vendor, Non-Vendor and intragroup arrangements, engaging with relevant risk teams and the business.
Conduct deep dives, including risk analysis and monitoring, into material Third Parties.
Communicate confidently and clearly with senior stakeholders, taking a lead in working groups and other meetings.
Processes
As part of the risk deep dives and analysis, evaluate relevant existing controls and recommend new control requirements, where applicable.
Recommend enhancements to the policies and standards, where applicable, as a result of key gaps and issues identified.
Risk Management
Review and challenge of overall risk control environment for Third Party Risk.
Recommend enhancements to risk appetite metrics and thresholds for Third Party Risk, ensuring they are embedded within the respective principal risk types, as applicable
Act quickly and decisively when any risk and control weaknesses become apparent, and ensure they are addressed within an appropriate timeframe and escalated through the Group Third Party Risk Management Committee.
Provide guidance to 1 Line Of Defence as Integrated Risk Framework Owner (IRFO)
Governance
Attend the Country/Cluster Third Party Risk Management Committee/Forum meeting and present papers
Review Country/Cluster TPRM Forum/Committee Terms of Reference (TOR) to incorporate local regulatory requirements
Responsible for effectiveness of the Third Party Risk Management Committee/Forum
Regulatory & Business Conduct
Complete gap analysis between Group Policy/ Standard and local regulatory requirements
Assess and capture in obligations register, the applicability of the regulations and assign individual Line Owners
Disseminate the individual lines of regulation to the applicable RFOs/ SMEs
Create or update Country Addendums to the Group Policy and Standards, as applicable, to align to regulatory requirements
Track overall progress of implementation of the requirements set out in the Policy, Standard or Addendum
Confirm compliance to regulatory line items with supporting evidence. Update obligations register
Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
Key Stakeholders
Country CROs
Regional/Cluster/Country Heads of OR
Executive Director, Third Party Risk Management
Regional/Country Head of Supply Chain Management
Business Process Owners
Policy Owners and Standard Owners for Principal Risk types
Group Internal Audit
Country and Cluster CFO
Our Ideal Candidate
Business Strategy and Model: Sharp business acumen (including ability to assess risk and appropriate levels of return), strong leadership qualities, excellent interpersonal skills and multi-cultural awareness and sensitivity.
Risk Management and Governance: Demonstrated track record of experience in governance and Third Party Risk
Regulatory Framework and Requirements: Awareness and understanding of the regulatory framework, in which the firm operates
Non-technical Skills: Significant relationship management experience – with internal and external stakeholders at the most senior levels, including regulators and rating agencies.
A clear understanding of the Bank’s approach to the management of non-financial risks, or equivalent experience gained in other organisations
Role Specific Competencies
Manage Conduct
Manage Risk
Data preparation and review skills
Ownership and accountability for deliverables / action oriented.
Apply via :
scb.taleo.net