Lead-Operational Risk

ROLE PURPOSE & OBJECTIVE

• Responsible to implement the operational risk framework for assessing,identifying, monitoring and mitigating pertinent operationalrisks in line with the defined risk appetite of the bank.
• Tosupervise the effective implementation of this framework acrossthe Bank to ensure that the Banks objectives and goals are notin any way affected by inherent and external operational risks.
• Responsiblefor conducting pre-onboarding assessment of the vendor and alsoannual risk assessment of material vendors.
• Responsiblefor monitoring and managing overall Outsourcing risk and IT Riskposture of the bank including Digital risk.
• Tomanage operational risks arising from material outsourcingactivities, review gaps and recommend preventive controls.
• Responsiblefor conducting Root cause analysis on critical IT incidents andimplement preventive measures.
• Periodicreview of the IT and Outsourcing risk register maintained andupdated by each critical verticals/service delivery units.
• Toensure User access review is conducted for the criticalapplications on defined frequency as per the User AccessManagement Policy and ensure observations are shared with stakeholders for necessary actions.
• Conductthematic reviews and analysis on various operational risk areasas per the plan or as directed by the management Committee.
• Toprovide critical input to enhance from operational riskperspective and ensuring adequate controls are put in placebefore implementation (including review of Business RequirementDocument, Functional Solutioning Document and User AcceptanceTesting) of the Bank.
• Tosupervise the preparation of RBI tranche Data Control Template(DCT) at quarterly intervals and to provide compliance to theobservations
• Tohave principal responsibility in reviewing and providing criticalinput on Risk Control Matrix prepared for identified processes ofthe Bank for the annual IFC review as per the Companies Act 2013,and to supervise the testing of each control with multiplesamples to ensure compliance. This is mandatory for annualcertification by External Auditors.
• Todiscuss with stakeholders on gaps identified during IFC andprovide an action plan for closure of gaps.
• Tosupport BCP manager to develop Business Impact Analysis (BIA) inconsultation with various stakeholders and carry out frequent BCPsimulations across branches, regions and corporate functions toevaluate preparedness of the Bank to carry out business as usualin the event of business disruption.
• Conductingrisk awareness sessions on Outsourcing risk, IT risk, Digitalrisk and BCP for all employees and building robust risk culturewithin the Organization.
• Workwith IT to minimize the recurring instances of gaps in systemimplementation that results in customer services issues.

• Toensure that all RBI inspection / Internal audit / Complianceobservations are addressed and closed within the committedtimelines.

• SIZEOF THE ROLE

FINANCIAL SIZE

NON-FINANCIAL SIZE

• Maintains1,500 + vendors Material, Financial and IT vendors
• 70+ annual risk assessment of critical vendors Financial andCritical
• Reviews30 + documents in a month SOP, BRD and FSD
• 40+ Planned and Unplanned BCPs in a month for critical processes
• 20+ User acceptance tests in a month which includes regulatory andnon-regulatory changes
• ConductUser access review for 40 + critical and security applications

• PreparesOutsourcing risk postures for 200 + critical vendors (Averageyearly invoice 1 Cr.)

• Managingteam size varying 5 to 6 members

• 3direct reports in the grade of Manager Operational Risk
• Regularinteraction material vendors (35)
• MaintainingSOPs, Internal Circulars, Regulatory Circulars and guidelinesissued by RBI
• Actionabletracking for Open points in ORMC, RMCB and PrAC.

• Regularinteraction internal stakeholders Business heads, IT SolutionDelivery heads, IT Application service Management heads, ITGovernance head, Head Digital Banking, Principal Nodal Officer,National Manager Compliance, National Manager Legal,National Manager CPMT, Head Alliance and Electronic Payments.

• KEYDUTIES & RESPONSIBILITIES OF THE ROLE

Business/Financials

• Reviewand provide critical input on new All products/processes and anyamendments to products/processes to highlight Operational Risksand recommend additional controls to mitigate the risks.
• ConductRCA on critical IT incidents and take preventive measures.
• Supportto BCP manager to prepare, evaluate and update Business ImpactAnalysis (BIA) documents to determine and evaluate the potentialeffects of an interruption to critical business operations as aresult of a disaster, accident or emergency.
• Supportto BCP manager in preparing schedule for Business Continuity Plan(BCP) simulation covering activities carried out at branches,regions and corporate office to evaluate preparedness of the Bankto minimize the effect of a disruption. Facilitate regional OpsRisk team across branches and regions to carry out BCP simulationas per approved schedule.
• Reviewresult of BCP testing and share the same with ORMC and BCPcommittee on its effectiveness in the event of a disaster and itscontinuing relevance to the Business to evaluate preparedness ofthe Bank to minimize the effect of a disruption.
• Directand participate in product and process review for availability ofcontrols and also in reviews related to Business RequirementsDocument (BRD), Functional Specific Development (FSD) and performUser Acceptance Testing (UAT) to ensure effectiveness of controlsbefore moving to Production
• Performpre-on-boarding material outsourcing vendors risk assessment withregards to compliance to regulatory guidelines on managing risksand code of conduct.
• Carryout annual risk assessment of material outsourcing vendors acrossregions and share the deviations with respective stakeholders forcontrol gaps and associated risk.
• Manageoperational risks arising from material outsourcing activities soas to ensure outsourcing vendors maintain high standard ofcompliance to code of conduct and service level agreement (SLA)in performing activities on behalf of the Bank.

Customer (Both Internal & External)

• Developand implement outsourcing and IT risk posture to analyse key riskindicators and identify remedial measures in co-ordination withfunctional units, and initiate suitable actions.
• Carryout thematic control testing to review effectiveness of variouscontrols, and provision for automation.
• DevelopRisk and Control Matrix (RCM) along with concern stakeholders forvarious processes and products.
• Supervisethe Test of Design and Test of Operating Effectiveness anddiscuss failure with the risk owners for putting controls andmitigations
• Coordinate,review and submit all the necessary data and reports/informationfor the purpose of submitting various DCTs to RBI on a quarterlybasis.
• Participatein National Inter-Departmental Meeting (NIDM) to review processnon-adherence, people issue and similar other regional issuesincluding external development impacting risk so as to recommendprocess enhancement, process reiteration and punitive actionwhere applicable.

Internal Process

• Superviseand review the Internal Financial Control (IFC) testing to complywith regulatory guidelines.
• ConductRoot Cause Analysis (RCA) of loss incidents for identification ofcontrol gaps and recommend corrective action.
• Maintainrepository of Issue and Action and committee recommendations, andtrack them for effective implementation.
• Annualreview of Outsourcing, IT, BCM policy documents of the Bank toincorporate all updates and amendments, and present such revisedversion of the document to the Board for necessary approvals.
• Developrisk and control matrix / register for various processes.
• EnsureUser access review is conducted for the applications on definedfrequency as mentioned in the User Access Management Policy andensure observations are shared with stake holders for necessaryactions.
• Developrisk appetite framework of the Bank and continuously monitor itfor tolerance.
• Supportin preparing and publishing monthly update for the Riskdepartment.

Innovation& Learning

• Builda capable team who can design, monitor and update the OperationalRisk framework of the Bank.
• Toupdate self with prevailing regulations, notification, circularsand guidelines of the regulators and statutory bodies, anddisseminate the information regarding new regulatorydevelopments.
• Developtraining modules, including online modules, for development andmaintaining of risk culture.
• Coordinateand impart a multifaceted educational and training program thatfocuses on the elements of risk, process adherence, dos anddonts and seeks ownership of risk controls
• Trainrespective stakeholders on conducting RCSA on their own withminimal support from Operational Risk.
• Continuouslydrive benefits of reporting risk events across branches, regionaloffices and corporate offices to build risk ownership, andincentivize to encourage such reporting.
• Attendexternal training programs and workshops to enhance operationalrisk skill sets.
• Enhanceknowledge through successful certification on various coursesrelated to risk managements and latest technologicaldevelopments.

• Ensuregoal-setting, mid-year review and annual appraisal processhappens within specified timelines for self and the team.

• MINIMUMREQUIREMENTS OF KNOWLEDGE & SKILLS

Educational

Qualifications

• UG/PG Any Graduation; MBA preferable

Experience

• 14to 15 years of banking experience preferably with extensiveexposure in Operational Risk, Outsourcing risk management, ITrisk management and Business continuity management

Certifications

• Certificationon Small Finance Bank from IIBF, Certifications on OperationalRisk Management, Certifications on AML.

Functional Skills

• Soundunderstanding on Risk Management principles
• Abilityto anticipate and mitigate risk by developing appropriate ORMpolicies for the Bank
• Adeptat influencing process and policy changes to build control andmitigate risk
• Mandatoryoperating knowledge of computers
• Knowledgeof micro finance and functioning of Retail Bank branches;

Behavioral Skills

• StrongInterpersonal skills
• Listeningand communication skills
• Goodat time managements
• Effectiveteam player and efficient team leader
• Abilityto work with cross functional teams to deliver desired outcome

Competencies

• Stronganalytical skills
• Multitaskingability
• Proficiencyin MS office
• Strongwritten communication and presentation skills

• Decisionmaking skills

• KEYINTERACTIONS

INTERNAL

EXTERNAL

• ChiefRisk Officer
• NationalManager Operations
• Businessheads
• ITSolution Delivery heads
• ITApplication service Management heads
• HeadDigital Banking
• PrincipalNodal Officer
• NationalManager Compliance
• NationalManager Legal
• NationalManager CPMT
• ITGovernance Head

• HeadAlliance and Electronic Payments

• RBI

• NPCI
• Materialand Non-Material vendors
• Peersin other Banks