Location Operational Risk and Resilience Analyst

The Location Operational Risk and Resilience Analyst will hold a pivotal second-line oversight and advisory position, instrumental in proactively developing, enhancing, and maintaining robust frameworks for operational risk, operational resilience, business continuity, and supplier risk management across your designated operational footprint.

This critical role is essential for fortifying the organisation's defences against disruptions and ensuring unwavering adherence to internal policies, industry leading practices, and a dynamic regulatory environment. This role will specifically navigate and ensure compliance with key directives, including the Digital Operational Resilience Act (DORA), European Banking Authority (EBA) guidelines, and all emerging local legislation.

Responsibilities:

Operational Risk Management:

• Serve as a critical second-line advisor, providing expert guidance and constructive challenge to the First Line of Defence (1LOD) across the entire operational risk lifecycle.
• Provide robust second-line oversight of the RCSA (Risk and Control Self-Assessment) process, ensuring the accurate assessment and classification of risks and controls for the designated location.
• Oversee and actively track the execution of operational risk mitigation action plans, driving them to timely completion. This includes validating their effectiveness in achieving satisfactory risk reduction and ensuring stringent alignment with the overarching Operational Risk Management Framework.
• Proactively monitor and analyse the external environment and evolving regulatory landscape, including critical frameworks such as the Digital Operational Resilience Act (DORA) and European Banking Authority (EBA) guidelines.

Operational Resilience & Business Continuity:

• Drive the implementation and ongoing adherence to operational resilience regulations and standards, including DORA, EBA guidelines, NIST frameworks, and local regulatory requirements.
• Champion location-wide understanding of Operational Resilience.
• Deliver effective coordination of all resilience-related activities across the designated location such as comprehensive self-assessments and attestations, Critical and Important Functions (CIF) identification, robust business impact threshold setting, detailed process mapping and workshop facilitation.

Supplier Risk Management:

• Lead second-line oversight and assurance of the local Supplier Risk Management Framework across all designated locations. This includes reviewing, challenging, and assuring the effectiveness of processes related to material outsourced services, critical supplier management, the development of robust exit plans, and the comprehensive oversight of sub-outsourcing arrangements.

Governance & Reporting:

• Provide insightful second-line operational risk opinions on emerging risks such as, Supplier Risk, BC, Pandemic, and Resilience to relevant Location governance forums, ensuring appropriate utilisation of escalation processes.
• Oversee and ensure the integrity and timely submission of internal and local regulatory reporting requirements including but not limited to ensuring the annual DORA Register of Information is maintained and validated.
• Oversee the timely and effective mitigation of operational risk events, ensuring that all risk events are properly documented in the GRC system and that Major ICT incident cost and loss aggregations are accurately recorded and reported annually in line with DORA requirements.

Qualifications:

• Strong demonstrable experience in a second-line operational risk, operational resilience, business continuity, or related role within the financial services sector.
• In-depth knowledge of European resilience regulations and standards, including DORA, EBA guidelines, and NIST frameworks.
• Demonstrated experience with risk management frameworks and methodologies, including three lines of defence, risk maps, and thematic reviews.
• Ability to collaborate effectively with IT and operational teams across various geographic locations, providing constructive challenge and expert advice.
• Experience in leading or significantly contributing to supplier risk management frameworks, particularly concerning critical third parties and outsourced services.