Contribute to the design and execution of a risk-based review and challenge work program to monitor the business lines' and corporate functions fulfillment of its first line of defense operational risk management responsibilities. The work programs are intended to align to the framework requirements and:
provide input as to whether the business lines and corporate functions are utilizing all of the tools of the operational risk management framework (e.g. internal and external loss data, RCSA, Business Environment factors and Scenario Analysis), in an integrated manner, and in accordance with second line of defense policies and standards.
provide a mechanism for the second line of defense to review and validate or challenge that the coverage of the business unit processes and associated risks are complete (e.g. across MUFG legal entities and operational risk sub-types) and risk ratings are appropriate.
provide a mechanism to evaluate whether the integrated operational risk management framework is effectively used in the management of the business.
Oversee the development and production of quarterly operational risk scorecards and reports that provide executive management a consolidated view of the assigned business lines' adherence to the operational risk framework in effectively managing risk as the bank's first line of defense and the second line of defense ORM’s view of the area’s operational risk profile and trend.
Lead or participate in structured Business Unit Review and 'business as usual' working meetings to foster a deep understanding of the business and changes that impact its operational risk profile. This participation forms a component of the Director's role in monitoring the operational risk profile of the Businesses.
As part of the ongoing monitoring of the business lines and corporate functions, the Director is expected to:
Review the results of internal audits and examinations
Review the business lines monthly business review and financialreports, as available (focusing on potential areas of increased risk)
Review and challenge new or expanded products or services risk assessments implemented by the business
Review key technology or business process changes or projects in process, along with associated business line policy and procedure modifications
Review changes to the organizational structure within the business, including turnover and key vacancies
Review progress in action plans to address issues (identified from all sources), as well as new management self-identified issues.
Stay abreast of key external industry issues impacting our businesses (e.g regulatory, competitive landscape, key challenges, etc.)
Based on the above monitoring, changes to the scope of review and challenge activities should be addressed accordingly.
Lead periodic review and challenge sessions with Business Unit Risk and Control Officers and Business Unit executives to discuss the output of executed review and challenge activities (e.g. RCSA, MRA remediation), as well as areas of concern.
Ensure the results of all work performed is documented in accordance with pre-defined standards and is ready for third party review upon request.
Coordinate with internal Operational Risk stakeholders to ensure that program expectations are well understood and incorporated into the business line review and challenge program, and are consulted when differences in view of program requirements arise with the business line. Provide input on program requirements based on lessons learned from review and challenge activities (evidencing the risk management feedback process)
Develop strong professional relationships with the Business line Risk and Control teams, Line of Business leaders and other Operational Risk Partners (e.g. subject matter experts in compliance, information risk, model risk management) to ensure trust and transparency amongst the lines of defense.
Lead team members assigned to the execution of the review and challenge program for assigned business lines and corporate function. Ensure team members are trained and enabled in executing program requirements.
Support initiatives periodically assigned by the Head of the Business Operational Risk Assessment team.
Strong interpersonal skills to manage relationships with Business Unit Risk and Control Managers, Line of Business Executives and other Operational Risk SMEs
Strong oral / written communication skills.
Able to build relationships with people at all levels. Able to influence and galvanize support of others. Builds rapport and trust among stakeholders
Ability to promote cooperation and good working relationships among team members and peers.
Experience in working with regulators and auditors.
Broad view of the financial services industry.
Strong knowledge of wholesale, markets and institutional broke-dealer risks and controls.
Intermediate to strong knowledge of IT processes, risks and controls
Expertise in control testing techniques and documentation
Strong understanding of operational risk management programs and practices, including third party risk
Exceptional organizational skills.