Lead - Operational Risk

ROLE PURPOSE & OBJECTIVE

• Responsible to implement the operational risk framework for assessing, identifying, monitoring and mitigating pertinent operational risks in line with the defined risk appetite of the bank.
• To supervise the effective implementation of this framework across the Bank to ensure that the Banks objectives and goals are not in any way affected by inherent and external operational risks.
• Responsible for conducting pre-onboarding assessment of the vendor and also annual risk assessment of material vendors.
• Responsible for monitoring and managing overall Outsourcing risk and IT Risk posture of the bank including Digital risk.
• To manage operational risks arising from material outsourcing activities, review gaps and recommend preventive controls.
• Responsible for conducting Root cause analysis on critical IT incidents and implement preventive measures.
• Periodic review of the IT and Outsourcing risk register maintained and updated by each critical verticals/service delivery units.
• To ensure User access review is conducted for the critical applications on defined frequency as per the User Access Management Policy and ensure observations are shared with stake holders for necessary actions.
• Conduct thematic reviews and analysis on various operational risk areas as per the plan or as directed by the management Committee.
• To provide critical input to enhance from operational risk perspective and ensuring adequate controls are put in place before implementation (including review of Business Requirement Document, Functional Solutioning Document and User Acceptance Testing) of the Bank.
• To supervise the preparation of RBI tranche Data Control Template (DCT) at quarterly intervals and to provide compliance to the observations
• To have principal responsibility in reviewing and providing critical input on Risk Control Matrix prepared for identified processes of the Bank for the annual IFC review as per the Companies Act 2013, and to supervise the testing of each control with multiple samples to ensure compliance. This is mandatory for annual certification by External Auditors.
• To discuss with stakeholders on gaps identified during IFC and provide an action plan for closure of gaps.
• To support BCP manager to develop Business Impact Analysis (BIA) in consultation with various stakeholders and carry out frequent BCP simulations across branches, regions and corporate functions to evaluate preparedness of the Bank to carry out business as usual in the event of business disruption.
• Conducting risk awareness sessions on Outsourcing risk, IT risk, Digital risk and BCP for all employees and building robust risk culture within the Organization.
• Work with IT to minimize the recurring instances of gaps in system implementation that results in customer services issues.
• To ensure that all RBI inspection / Internal audit / Compliance observations are addressed and closed within the committed timelines.

1. SIZE OF THE ROLE

FINANCIAL SIZE

NON-FINANCIAL SIZE

• Maintains 1,500 + vendors Material, Financial and IT vendors
• 70 + annual risk assessment of critical vendors Financial and Critical
• Reviews 30 + documents in a month SOP, BRD and FSD
• 40 + Planned and Unplanned BCPs in a month for critical processes
• 20 + User acceptance tests in a month which includes regulatory and non-regulatory changes
• Conduct User access review for 40 + critical and security applications
• Prepares Outsourcing risk postures for 200 + critical vendors (Average yearly invoice > 1 Cr.)

• Managing team size varying 5 to 6 members
• 3 direct reports in the grade of Manager Operational Risk
• Regular interaction material vendors (35)
• Maintaining SOPs, Internal Circulars, Regulatory Circulars and guidelines issued by RBI
• Actionable tracking for Open points in ORMC, RMCB and PrAC.
• Regular interaction internal stakeholders Business heads, IT Solution Delivery heads, IT Application service Management heads, IT Governance head, Head Digital Banking, Principal Nodal Officer, National Manager Compliance, National Manager Legal, National Manager CPMT, Head Alliance and Electronic Payments.

1. KEY DUTIES & RESPONSIBILITIES OF THE ROLE

Business/ Financials

• Review and provide critical input on new All products/processes and any amendments to products/processes to highlight Operational Risks and recommend additional controls to mitigate the risks.
• Conduct RCA on critical IT incidents and take preventive measures.
• Support to BCP manager to prepare, evaluate and update Business Impact Analysis (BIA) documents to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.
• Support to BCP manager in preparing schedule for Business Continuity Plan (BCP) simulation covering activities carried out at branches, regions and corporate office to evaluate preparedness of the Bank to minimize the effect of a disruption. Facilitate regional Ops Risk team across branches and regions to carry out BCP simulation as per approved schedule.
• Review result of BCP testing and share the same with ORMC and BCP committee on its effectiveness in the event of a disaster and its continuing relevance to the Business to evaluate preparedness of the Bank to minimize the effect of a disruption.
• Direct and participate in product and process review for availability of controls and also in reviews related to Business Requirements Document (BRD), Functional Specific Development (FSD) and perform User Acceptance Testing (UAT) to ensure effectiveness of controls before moving to Production
• Perform pre-on-boarding material outsourcing vendors risk assessment with regards to compliance to regulatory guidelines on managing risks and code of conduct.
• Carry out annual risk assessment of material outsourcing vendors across regions and share the deviations with respective stakeholders for control gaps and associated risk.
• Manage operational risks arising from material outsourcing activities so as to ensure outsourcing vendors maintain high standard of compliance to code of conduct and service level agreement (SLA) in performing activities on behalf of the Bank.

Customer (Both Internal & External)

• Develop and implement outsourcing and IT risk posture to analyse key risk indicators and identify remedial measures in co-ordination with functional units, and initiate suitable actions.
• Carry out thematic control testing to review effectiveness of various controls, and provision for automation.
• Develop Risk and Control Matrix (RCM) along with concern stakeholders for various processes and products.
• Supervise the Test of Design and Test of Operating Effectiveness and discuss failure with the risk owners for putting controls and mitigations
• Coordinate, review and submit all the necessary data and reports/information for the purpose of submitting various DCTs to RBI on a quarterly basis.
• Participate in National Inter-Departmental Meeting (NIDM) to review process non-adherence, people issue and similar other regional issues including external development impacting risk so as to recommend process enhancement, process reiteration and punitive action where applicable.

Internal Process

• Supervise and review the Internal Financial Control (IFC) testing to comply with regulatory guidelines.
• Conduct Root Cause Analysis (RCA) of loss incidents for identification of control gaps and recommend corrective action.
• Maintain repository of Issue and Action and committee recommendations, and track them for effective implementation.
• Annual review of Outsourcing, IT, BCM policy documents of the Bank to incorporate all updates and amendments, and present such revised version of the document to the Board for necessary approvals.