Risk Business Partner

A Risk Business Partner works closely with the business units to identify, assess, and mitigate operational and financial risks. They integrate risk management into strategic and change management initiatives, ensuring alignment with business objectives. Additionally, they provide expert advice and support in mitigating and managing risk exposure in a commercial way, deliver meaningful analysis and reporting to both the business and senior management, ensure compliance with the risk framework and business continuity management requirements, and conduct training to enhance risk awareness and competency across the organization.

Role Responsibilities

1. Collaborate with the business to identify and assess its material risks from business as usual activity, emerging risks, strategic and change initiatives, etc., ensuring they are understood as part of commercial and decision making activity.
2. Support the business as it undertakes risk assessment activity (e.g. Risk and Control Self-Assessment, Top Down Risk Assessment, Scenario Analysis, Root Cause Analysis, etc.) and leverage expertise to challenge the business's logic/assumptions to ensure the assessments are thorough and complete.
3. Work proactively with the business to define the Group's risk appetite (including risk appetite thresholds and key risk indicator (KRI) metrics/thresholds), ensuring it is appropriate in relation to the business's activity and risk profile.
4. Review the business risk profile against risk appetite and work with the business to identify appropriate actions to address risks that fall outside appetite.

Strategic Risk & Change Management

5. Partner with the business to identify, assess, and manage risks that could potentially hinder the achievement of its long-term strategic objectives.
6. Help the business identify and assess risks regarding strategic initiatives (e.g. M&A, new product development, new business ventures, etc.) and the potential impact on the business's risk profile. This includes the financial, operational, regulatory and cultural risks that could impact the success of the initiative, ensuring the business has all necessary information to make informed decisions and ensure a smooth execution.
7. Review new business requests (as part of the Change Management Process) to ensure there is a complete and accurate understanding of the initiative and its risk profile, and that appropriate actions are taken by the business and support functions to mitigate/manage any risks arising from new business activity.
8. Work with the business to ensure its end-to-end risk profile is managed actively and appropriately and in a commercial manner.
9. Partner with the business to evaluate the adequacy of its control and policy framework in mitigating the risks that are inherent to its risk profile and leverage expertise to challenge the business's logic/assumptions to ensure controls are adequate and effective.
10. Support and challenge the business in identifying deficiencies in its control and policy framework.
11. Ensure the business's plans to address control deficiencies will address shortcomings properly and in a timely manner.
12. Ensure a risk-based analysis has been conducted to assess how a risk acceptance could affect the business's risk profile.
13. As needed, collaborate with/conduct assurance activity being undertaken including controls testing, and undertake targeted risk reviews on hot topics/areas of interest across the Group.
14. Support the business in monitoring its end-to-end risk profile. This includes ensuring appropriate MI, analysis and commentary are produced regarding (but not exclusive to):
1. the performance of risk appetite metrics and related KRIs against established thresholds;
2. significant internal and external risk events that could impact the business, as well as the Group's response to reduce the likelihood of an occurrence/recurrence of these events;
3. significant issues and the status of the Group's response to remediate these issues;
4. risks identified and the proposed mitigating actions;
5. risk-related data (e.g., events, issues, metrics, etc.) to help identify meaningful trends;
6. the Risk team’s assurance activity.
15. Take part in regular engagement and/or management meetings to provide an independent second line view of the business's risk profile.
16. Provide monthly updates on risk-related MI, analysis, emerging threats, etc for Risk Leadership Team meetings.
17. Draft commentary for risk committees as required.