Head of Operations Risk and Control SG

Responsibilities:

Drive strong Operational Risk Management practices

• Adopt a proactive risk management strategy which involves anticipating and addressing potential/emerging risks before occurrence to reduce the likelihood and impact of negative events by taking preventive actions in advance.
• Proactively identify areas with ineffective controls or non-compliance and work with the relevant stakeholders to enhance overall control environment to holistically mitigate operational risks.
• Support and facilitate the roll-out of the Group-wide risk frameworks, policies and procedures for the department and provide advice, assurance and validation to ensure the risk management SOPs and control frameworks, policies, and procedures are defined comprehensively and adhere to Group and country level risk frameworks, policies and procedures.
• Implement and execute all the relevant policies and procedures, e.g., Operational risk framework in a robust and disciplined manner to achieve sound operational risk management practices and reporting within the Department. This includes ensuring that departmental policy, procedures, and standard operating procedures are effective and compliant.
• Be the first point of contact in providing support and advice to the Department in all operational risk advisory matters. The RCU Head should resolve queries which are within their knowledge and expertise and promptly escalate issues which are unfamiliar and/or require specialist advice/knowledge.
• Lead the Department in proactively identifying, managing, and monitoring operational and compliance risk using operational risk tools. This includes recommending appropriate action owners within the Department to the HOD for any new and/or revisions in processes/controls.
• Detect, highlight, and mitigate emerging risks.
• Proactively partner and engage with the 2nd Line of Defence to achieve an optimal outcome of risk management for the CIMB SG.
• Ensure gap analysis is completed in a timely and comprehensive manner for new and/or updated regulatory requirements as well as the Bank’s established policies, procedures, and guidelines to ensure adequate processes and/or controls are in place for compliance.
• Handle and deep-dive into operational risk events through understanding the sequence of events to identify the root cause/control weaknesses to develop and implement mitigating controls/preventive action plans.
• Perform independent thematic and/or periodic reviews of incidents, projects, processes/controls, systems, etc., to identify causes and controls breakdown/deviation at a department and/or cross-department level.

Champion the Risk and Compliance Culture

• Establish a reverence for strong compliance and risk management by applying knowledge and understanding of business products, services, and processes.
• Facilitate strong partnerships across various stakeholder groups, determine best methods of communication and establish escalation model, and ensure alignment of tasks between the 3 lines of defense to minimize overlap or gaps arising during execution of roles and responsibilities.
• Work closely with 2nd LOD to design and develop training materials, where necessary, and conduct ongoing compliance and risk-related training periodically within their respective division/department as required, as part of upskilling and capability building initiatives to enhance risk and compliance awareness, competency, and culture within the BU/BE.
• Lead specific projects/initiatives relating to Culture & Capability to raise awareness of operational and compliance risk within the Department, including emerging risks in the industry.
• Provide advice and assurance to the department in monitoring, reporting, and escalating any risk culture issues/updates to ensure they operate within the risk and compliance culture framework, as well as escalation of any risk culture issues/updates (including initiatives to address identified risk culture areas for improvement) to Line 2, management, and/or relevant risk committees.
• Provide guidance to support the RCU team in their role to strengthen the 1st LOD relating to Risk & Compliance matters in the day-to-day running of the BU/BE, e.g., new product or product changes, process design, development of policies/procedures/SOP, etc.
• Ensure that every business and support unit within the Department has appropriate RCS and QA testers and the appointment is properly executed via GHR.
• Track and maintain an updated list of the RCU team members (onboarding and offboarding) within the Department.
• Facilitate all relevant training within the Department and cascade relevant risk and compliance-related information or program updates to the RCU teams including respective business heads.

Promote and maintain regulatory compliance

• Implement and execute all the policies and procedures owned by Group Compliance in a robust and disciplined manner to achieve sound compliance risk management practices and reporting within the Department. This includes ensuring that departmental policies, procedures, and standard operating procedures are well drafted to ensure they are operationalized effectively by the Department.
• Be the first point of contact in providing support and advice to the Department in all compliance advisory matters. The RCU Head should resolve queries which are within their knowledge and expertise and promptly escalate issues which are unfamiliar and/or require specialist advice/knowledge.
• Ensure the regulatory gap analysis is completed in a timely and comprehensive manner for new and/or updated legal and regulatory requirements and ensure adequate processes and/or controls are in place for regulatory compliance.
• Proactively identify areas with ineffective controls or regulatory non-compliance and work with the relevant stakeholders to enhance overall control environment to holistically mitigate compliance risks.
• Lead the Department in proactively identifying, managing, and monitoring compliance risk using compliance risk tools. This includes recommending appropriate action owners within the Department to the Head of Department for any new processes/controls.
• Ensure that all non-compliance incidents and deficiencies, the assessment of impact (both financial and non-financial), disciplinary action is taken where necessary, and the recommendation of preventive measures and corrective measures to address non-compliance incidents are promptly escalated and appropriately reported.
• Ensure the timely completion and quality of compliance controls self-testing.
• Conduct surveillance of AML and Counter Financing of Terrorism (CFT) risk indicators, including overall management of these risks and any reporting where required.

Employee Engagement and Development

• Monitor performance against KPI’s of the relevant RCU team, including soliciting and incorporating performance feedback from relevant BU/BE stakeholders (e.g., Head of NFRM, Head of Compliance Business Partner, etc.).
• Develop direct and indirect subordinates by ensuring each has a well-thought-through and executable action plan to help them achieve their development goals and needs.
• Provide timely feedback to staff and complete appraisal processes in line with CIMB SG process.
• Comply with HR performance processes and meet internal KPIs.
• Attract, develop, and retain talent by ensuring constant engagement surrounding risk & compliance-related agenda.
• Through leadership by example, actively work to create an environment for the team that encourages open and honest dialogue and escalation of issues.

Projects

• Participate/manage projects where required.
• Provide/review business requirements, provide/review Functional Specification Document (FSD).
• Monitor the projects that the team/department participated in for testing.
• Provide guidance to the team on the projects.
• Liaise with IT, BU, or vendor on defects, changes/resolution on the defects, etc.

Requirements:

• University Degree or Diploma or equivalent.
• Professional or postgraduate qualifications e.g., Chartered Accountant, CFA, MBA, LLB, Operational Risk Management Certification, etc.
• Minimum 10 years work experience with relevant experience in a risk/audit/compliance/legal related role and/or working within the relevant business/function in the financial industry.
• Excellent communication skills both verbal and written.
• An understanding of risk drivers and ability to articulate risk to non-risk personnel.
• Good working knowledge of Operational/Compliance risk framework and various Operations Processes within the banking business.
• Able to work autonomously with a problem-solving and ownership mindset.
• Leads through setting high standards of work practices.
• Demonstrated managerial and leadership skills with a proven record of good teamwork, collaboration, and strong stakeholder management skills.
• Good presentation and facilitation skills that encourage open and honest dialogue among the teams.
• Ability to manage relationships across different entities (e.g., divisions, departments, etc.).
• Build a strong culture of service excellence and growth opportunities for the organizational unit to attract and retain top talents.
• Foster an environment that values, supports, and rewards collaborative efforts and provide high-level support as required (e.g., recognition, resources).