Operational Risk Supervisor M/F-VIE London - Corporate and Investment Banking London - Great Britain
Description of the Business Line
The Risk Management (RISQ) Division in the UK. Independent from the Business Lines, RISQ Division's mission is to contribute to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring.
The mission of the Operational Risk Second Line of Defence department (RISQ OPE) is to provide independent, objective and leading operational risk management challenge and oversight services to assist the firm in maintaining an effective system of operational risk management.
RISQ OPE conducts the oversight of the governance, risk and control frameworks and tolerances of Operational Risk.
RISQ OPE provides proactive advice to help management identify and measure key risks, and to evaluate controls in existing and expanding businesses. An objective is to accompany the employees and raise awareness on the importance of operational risk management which is based on the principle that "everyone is an operational risk manager".
RISQ OPE organises and/or tests the soundness and efficiency of the operational risk framework, especially on governance, risk identification and mitigation as well as permanent controls. Summary of the key purposes of the role
In this role, the Operational Risk Supervisor needs to assess the First Line of Defence (1 LOD) framework in the identification and management of its operational risks, defining and implementing the right remediation plan and challenge, if required, the risk acceptance taken by the business line (through the governance such as (operational risk committees) or normal day to day interaction on incidents...). This role applies to existing business as well as key projects or by conducting analysis and providing an opinion in new product committees.
The Operational Risk Supervisor should also make sure that the first level of control framework (on operational risk) is adapted and efficient.
The Operational Risk Supervisor needs to ensure that the processes and governance around operational risk (Incident Collection/Reporting, RCSA, Permanent Supervision, etc...) respect the group policies and norms. The incumbent will challenge and may conduct investigations/post mortems and follow-up on red flags and corrective action items.
In case of major risk identification or a risk that is not appropriately managed by the department in charge (or lacking of department in charge) the Operational Risk Supervisor has the duty to escalate the information through the appropriate channel starting with his/her management.
In the context of the Leadership model, the Operational Risk Supervisor will invest its time and skills towards team work, act ethically and with courage, propose new ideas and contribute to change management, and finally lead as an example and by its support to colleagues or other teams. All these actions and values will contribute to the development of client positive impact (client being internal or external). Summary of responsibilities
Primary Responsibilities as a member of RISQ/OPE
• Participate in LOD1 committees such as IT Risk, Information Security and Cyber Security, understand their operational and cyber resilience exposure for the SGLB products, services and processes.
• Evaluate the scope of the information security management organization and determine whether essential security functions are being addressed effectively for the following:
o Implementation of information security architecture, policies and procedures.
o Alignment of information security strategies within business and functional units.
• Provide independent opinion, analysis and expert judgement to RISQ/OPE management with an assessment of the effectiveness of the information systems and security management processes. The processes are:
o Data management lifecycle and protection management.
o Security in project lifecycle which includes applications and IT infrastructure.
o Access control and user identity management.
o Configuration management of other security tools such as intrusion detection and penetration testing systems and antimalware.
o Information security incident management and security forensics.
• Review management of information security technologies within the SGLB UK, formally challenge governance of information security processes, enforcement of policies and monitoring.
• Provide advice on proposal or decision made by business lines related to processes, tools or solutions related to operational risk management.
• Perform independent analysis of the LOD1 reports to provide expert judgement for the areas specific to IT / Cyber incidents, non-compliant information systems, data leakage/breach and non-compliant to the Group's information security policies.
• Assess the robustness and sustainability of the Business Continuity Management (BCM) framework and governance of the associated processes embedded with SGLB business and functional units. Review adequacy of the BCP test plan and challenge the test results assuring effectiveness of the Business Continuity arrangements.
• Develop knowledge (e.g. participate or engage industrial working group/forum) and advise on (market) best practices related on risk management
• Produce and animate the necessary operational reporting and governance for the executive committee in line with the local risk teams.
• Participate or coordinate with other second line teams and third line exercises as well as regulator requests on operational risk Profile Required
Graduate with a Master degree from Business/Engineering school or University, majoring in Finance. Competencies
Operational Risk knowledge
• Basic understanding of Operational Risk and how it may manifest itself in a Financial Services environment
• Basic understanding of the various Business and Support Units operating in a Financial Institution
• Good understanding of Information Technology, gained through study at university
• Would be a plus to have some basic knowledge on Information Security
• Strong analytical skills with high attention to details and accuracy
• Ability to articulate complex concepts in a clear manner
• Excellent verbal, written, and interpersonal communication skills
• Able to organize time, multitask, and define priorities (autonomy)
• Able to interact with all level of the organization from operators to executive management members
• Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines
• Ability to be flexible and agile (priorities may change and escalation need to be adapted)
• Demonstrated ability to lead change through influencing skills, be a positive change agent
• Good knowledge of MS Office (PowerPoint, Word, Excel)
• English required, French would be a plus The VIE assignment in a nutshell
This VIE in London is to begin as soon as possible but you need to plan 3 months between your application date and the beginning of your VIE assignment. It will last 12 months.
The VIE is a specific contract, under Business France's eligibility criteria, opened to candidates under 28 and from the member states of the European Economic Space. For further information, please see www.civiweb.com . Why Join Us
To facilitate the examination of your application by our English-speaking managers, we thank you for applying in English. Business Insight
At Société Générale, you will be joining the Risk department. Its job is to contribute to the development of Société Générale's business and profitability by defining the Group's appetite for risk, in liaison with the Finance department and the core businesses. The Risk department is also responsible for implementing the system used to control and monitor risks.
All our positions are open to people with disabilities
Job code: 19000FCP
Business unit: SG CIB
Starting date: Immediate
Date of publication: 13/09/2019