This role is responsible for proactively identifying, assessing, mitigating, and reporting technology, business continuity and resiliency, and data management risks across the organization, with a strong emphasis on influencing stakeholders at all levels. This position requires the ability to effectively engage with senior and mid-level leadership to drive strategic decisions while also collaborating with teams across the organization to foster a risk-aware culture. Deep expertise in technology, business continuity and data management, regulatory compliance, and risk governance is essential to ensure robust protection and alignment with industry standards. Exceptional communication and leadership skills are critical to building trust, driving alignment, and ensuring the successful implementation of technology, business continuity and data management risk practices.

Key areas of risk coverage in technology, business continuity, and data management include core technology operational processes and controls such as IT production incidents, change management, problem management, cloud computing, job scheduling, backup and recovery, business continuity and disaster recovery, operational resiliency, and the data management lifecycle including data quality risks. The Operational Risk Manager will be responsible for assessing and evaluating the overall risks in these domains, maintaining an active oversight, and reporting on intrinsic, mitigations, and residual risks across the organization.

Additionally, this role will contribute to the enhancement of second line of defense practices in technology, business continuity and data management risk, which encompasses assessments, lifecycle practices, operational incident response, service delivery, disaster recovery and business continuity planning (BCP), and the management of Algo Model Operational Control Risk, Public Cloud Governance, and Laws, Rules, and Regulations.

Day to day responsibilities include but not limited to:

As part of second line of defense, providing independent review and challenge of first line of defense’s assessments e.g. RCSA, IT Risk Assessment.
As part of second line of defense, gather relevant loss data and other evidence to use during its challenge function and prepares periodic reports on internal operational risk events for the operational risk governing committees.
As part of second line of defense, define, manage, and challenge the first line of defense execution of the KRI Program.
Working with SG Americas Enterprise Risk Management to assist in setting, reviewing, and maintaining the operational risk appetite or tolerances.
Analyzing and reporting the operational risk exposure in SGAMER, including summary information on loss events, risk assessments, and emerging risks.
Establishing and setting strategic direction for policies and standards of SG AMER operational risk management framework (keeping in line with global policies) and assessing adherence.
Implementing and executing the infrastructure (key components) that facilitates identification, measurement, monitoring, mitigation, reporting and escalation of operational risk.
Modifying the framework components in response to the changing (business and regulatory) environment and lessons learned.
Defining Operational Risk Management decision and escalation paths for breaches, information, and approvals.
Directing and coordinating with 1LOD operational risk managers to ensure consistent, sustainable implementation of the Framework.
Reinforcing and directing Operational Risk Management culture set by senior management and the SGUS Executive Management Committee.
Providing subject matter guidance on training development/content including identification of suggested Operational Risk training.
Providing oversight of operational risk management processes and governance, so they are functioning as designed, objectives are met, and appropriate actions are taken to address and remediate gaps.
Performing 2LOD Targeted Reviews on a continuing basis in line with current SGAMER requirements.
Performing the Review and Challenge of risk issues and their corresponding action plans including but not limited to Self-Identified Issues, Compliance Identified Issues, RISQ Identified Issues, Audit Identified Issues and Regulator Identified Issues.
Review and Challenge of the Algo Model Operational Control Documents for any new Algo’s as a pre-condition as they are presented at the relevant committees for approval.
Review and Challenge of the Algo Model Operational Control Inventory on an annual basis.
Review and Challenge of the Algo Model Operational Control Documents on an annual basis.
Review and Challenge 1LoD on their compliance with Laws, Rules and Regulations.
Review and Challenge the Public Cloud migration and Key Projects for respective risks.

See more open positions at Societe Generale

Privacy policy Cookie policy

Getro.org is a community-driven initiative to ease the impact of COVID-19 by connecting tech professionals and hiring companies. It's free for job seekers and companies, and curated by a growing list of referral partners.