Business Risk and Control Manager, Group MI
New or Existing Role?
In addition as follows:
- The incumbent will be responsible for coordinating operational risk and control management activities across Group MI, which includes ensuring adherence to the Global Finance Op Risk Frameworks (i.e. Business Continuity, Information Security, Financial Reporting, Vendor Risk Management). The incumbent will report into the Head of MI Change, Group MI. Specifically the incumbent will be responsible for:
- Development and execution of internal control monitoring plan, (ICMP), based on Group MI requirements, covering Business Finance and MI Simplification, BAU Processes and MI Change
- Supporting the process owners (AOP, Cost Distribution, BPR, Costs) in the day to day operation of processes and embedded primary controls within processes
- Challenging the process owners in their Risk & Control Assessment, (RCA), outputs, particularly the details of key controls and driving consistency in RCAs
- Reporting control monitoring and performance data to management and committees
- Overseeing the remediation of issues arising from control monitoring and testing
- Implementing Global Finance Control Office risk policy across Group MI
- Monitoring and reporting completion of Audit Actions and Management Self Identified Issues
- Coordinating Business Continuity planning, training and testing
- Performing Business Information Risk Officer, (BIRO), duties for Group MI, i.e. Information Security Risk subject matter expertise, control testing and risk management
- Ensure compliance with policy/FIM requirement, including dispensations to FIM, outstanding Audit and regulatory findings and ensure management understanding of risks, controls, ownership and accountability
- Design and roll out of fit for purpose control frameworks for MI Change projects and programs
- Assist process owners in the production of Top Risk Analysis, (TRA), and RCAs
- Contribute / participate in the assessment of operational risk in key projects for the Function and ensure material risks are adequately mitigated.
- Monitor completion of key controls mitigating material risks
- Perform targeted reviews and root cause analysis on losses and risk events as required
- Review and assess adequacy of action plans and remediation of MSIIs, audit points and regulatory reviews to closure
- Monitor operational risk action plans for key projects
- Provide input into Key Risk Indicators, (KRI), for Finance owned processes
- Report issues as identified by testing/monitoring
- Produce periodic reports on operational risk management and internal control effectiveness based on RCA results and KRI
- Perform other reporting as required such as TRA, Risk Committee reporting & risk oversight function reporting
Impact on the Business/Function
Customers / Stakeholders
- Monitor operational risk and control management effectiveness in MI functions in Group, Global Businesses and Regions
- Coordinate timely compliance with operational risk and control management activities following Group central functions timetables
- Evaluate effectiveness of mitigating and/or remediation actions and reasonableness of implementation timeframes
- Monitor remediation actions are implemented in a timely fashion
- Consolidate operational risk management information for periodic reporting to Executive Management in Group MI
- Monitor guidance and updates issued by regulators and Group central functions to determine the impact on Group MI
Leadership & Teamwork
- MI functions in Group, Global Businesses, and Regions
- Global Finance Control Office
- Group central function: Operational Risk and Internal Control (ORIC), Information Security, Business Continuity, SOX
- Internal Audit, External Audit, Regulatory and Supervisory Bodies
Operational Effectiveness & Control
- Proactive leadership on operational risk within Group MI
- Liaise with Group central functions and communicate to reviewers
- Network with Global Finance Control Office team
- Operational risk and control management adherence to Global Risk FIM, Finance related Desk Instruction Manual (DIM) and other Group control guidance
- Regulatory changes and best practices implementation to maintain a sound operational risk management and robust control environment
- Mitigating and/or remediation actions prompt implementation for Management Self Identified Issues (MSIIs), and audit recommendations
- The management of operational risk across Group MI is a relatively new role. Previously risk has been managed in silos by individual MI departments, leading to inefficiencies and inconsistencies of approach
- Effective communication with stakeholders to ensure a sound operational risk management and robust control environment is maintained in Group MI
- Relevant data identification to provide Senior Management with significant information, enabling effective management of operational risk
- Efficient use of Group tools and resources to streamline operational risk management
Management of Risk
- The role is within Group MI. The role therefore covers risk and control activities for Group MI within the Global Finance Function
- Working within guidance in Global Risk Functional Instruction Manual and Finance related Desk Instruction Manual
- Awareness of financial environment and internal/external factors, eg, changes to HSBC Standards, Law, Accounting standards, collaborating with Group central functions, regions and business lines
- The jobholder will continually reassess the operational risks associated with the role and inherent in the business, taking account of changing economic or market conditions, legal and regulatory requirements, operating procedures and practices, management restructurings, and the impact of new technology.
- This will be achieved by ensuring all actions take account of the likelihood of operational risk occurring.
- Also by addressing any areas of concern in conjunction with line management and/or the appropriate department.
Observation of Internal Controls
- To ensure that Group management is able to certify, based on evidence, the effectiveness of the Group’s internal controls over financial reporting. (GSM 3.7)
- To respond to external audit queries and recommendations in a timely fashion. (GSM 3.2)
- To ensure that the recommendations made by Internal Audit are implemented. (GSM 10.4)
- All Group members must establish policies, practices and programmes to ensure compliance with information risk policies, relevant data protection laws and codes of practice, to protect customer information from unauthorised use and to ensure the confidentiality of Group information. (GSM 10.14)
- Comply with all Group policy and procedures (including GSM/FIMs) and local policy and procedures (including BIMs) relevant to the role
- The jobholder will also adhere to and be able to demonstrate adherence to internal controls. This will be achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.
- The jobholder will implement the Group compliance policy by containing compliance risk in liaison with Global Head of Compliance, Global Compliance Officer, Area Compliance Officer or Local Compliance Officer. The term ‘compliance’ embraces all relevant financial services laws, rules and codes with which the business has to comply.
- This will be achieved by adhering to all relevant processes/procedures and by liaising with Compliance department about new business initiatives at the earliest opportunity. Also and when applicable, by ensuring adequate resources are in place and training is provided, fostering a compliance culture and optimising relations with regulators.
Knowledge & Experience / Qualifications
Accounting & Finance.
- Qualified Accountant preferred
- Knowledge of Operational Risk within HSBC. Experience overseeing Operational Risk in a Finance function preferred
- Experience in business analysis
- Ability to provide structure and solution to problematic areas, to challenge information presented, providing reasoned explanation to ensure that agreement is reached by both parties
- Sound commitment to continuous improvement , self-motivated, confident, creative and capable of working effectively autonomously as well as part of a team
- Excellent interpersonal skills and strong stakeholder management skills with p
roven skill at influencing without authority, particularly at senior levels
- Sound judgment, keen sense of urgency and initiative, and high level of professional and personal integrity
- Strong business writing skills
- Good working knowledge of MS Word, Excel and PowerPoint
Europe-United Kingdom-Greater London-London
HSBC - 15 months ago
HSBC Holdings plc (commonly known as HSBC) is a British multinational banking and financial services company headquartered in London, United...