Business Risk Compliance Management Manager 8/16/2016
JOB DESCRIPTIONAPPLY DESCRIPTION
Business Risk & Control Management (BRCM) promotes, supports and ensures the Business/Function Management owns its risk and controls as the first line of defense to Operational Risk Compliance, Fiduciary, Legal, Information, Accounting, Tax, External Fraud, Internal Fraud, People, Political, Physical, Business Continuity, Systems, Operations, Project, ensuring that all key risks within their activities and operations are identified, mitigated and monitored by an appropriate control environment that is commensurate with risk appetite.
The VP Business Risk may include material operational risks, internal control monitoring results, significant internal control issues, and/or BRCM activities
* Support development and execution of plans to achieve the operational risk management goals of the Chief Operating Officer and/or Head of BRCM, including a resource plan with appropriate level and experience of BRCM team members
* Assist business/function management in establishment of 'end to end' ownership of operational risks, controls, and processes
* Promote operational risk awareness, including training for BRCM capability and business/function personnel
* Individual contributor/subject matter expert in operational risk or Manage BRCM personnel, including ongoing supervision, performance management, and development of staff
_ORIC Framework Responsibilities (Direct the coordination, on behalf of business/function management)_
* Direct Risk and Control Assessment ("RCA") including set scope, identify material risks, assign risk prioritization, identify and assess the design and operating effectiveness of key controls to mitigate operational risk
* Manage internal control monitoring including develop monitoring plan, monitor progress against plan, execute control monitoring to assess the design and operating effectiveness, report results, develop action plans and oversee remediation for all controls assessed as "ineffective" or "needs improvement", and challenge procedures covering areas under review
* Ensure risk and control documentation is clear, comprehensive and in accordance with internal and external standards
* Build relationships and interact with process and control owners to maintain current knowledge of the operations and business, organizational and/or technological changes impacting operational risk and internal controls
* Design and implement procedures that enable all incidents to be reported in complete, accurate and timely manner including recording and conducting quality assurance, escalating incidents, appointing incident owner to analyze root cause and manage actions, and develop risk appetite target for operational losses
* Direct the design, measurement and reporting of key indicators; escalate breaches and determine underlying cause. Coordinate control efficiencies.
* Participate in capital modeling and reporting, including capital estimates based on Scenario Analysis, quarterly dashboard and Top Risk Analysis ("TRA")
* Support assessment of operational risk in material projects and initiatives; assure adequate mitigation
* Develop and implement process for timely identification and escalation of Management Self-Identified Issues; document and monitor progress of remedial actions
* Assist with the CEO Attestation, including significant open issues in the internal control framework and obtain Management's confirmation that all documented policies and procedures remain effective against known significant issues
* Assess adequacy of remediation of issues, including audit findings, internal control issues, and regulatory observations
* Manage a process to escalate significant, current and emerging operational risks and internal control issues to the regional/country ORIC Team and/or regional/country ORIC Committee; such as 'top' risks, key indicator breaches, and 'dark corners'
LEADERSHIP & TEAMWORK
* Lead and develop an effective team through communication, performance management, development plans and reward/recognition practices.
* Promote an environment that supports diversity and reflects the HSBC brand.
* Provides regular updates to FCC Operations Compliance Services Board on control framework and testing progress
OPERATIONAL EFFECTIVENESS coordinate risk assessment certification/sign-off by business/function management; direct the development, execution and reporting of a Compliance Risk and Control Testing plan that includes remediation plans; facilitate timely identification and escalation of compliance related MSIIs; direct the documentation and monitoring of progress of remedial actions for issues identified by others, including Internal Audit, TRAC, regulators, third party consultants, and ERA risk assessments; identify participants for required compliance training and assist with coordination of training; and support business/function management with MIS including material compliance risks and control issues.
* _Fiduciary:_ Manage fiduciary risk and control assessments, including resolution of open issues, review of management information, and instilling an effective fiduciary risk management culture _Note: Only applicable to businesses that conduct fiduciary duties and activities._
* _Product Due Diligence:_ Manage operational risks and controls associated with introduction, modification, and expansion of a product or service
* _Vendor:_ Direct, along with Contract Owners, risk and control management of third party vendors and sub-contracting arrangements, including identifying, assessing, and managing vendor risks and controls, complying with laws, regulations and internal standards, monitoring of performance and defined SLAs, and maintaining exit strategies
* _SOX:_ Manage operational risk of financial misstatement, identifies related mitigating controls, and ensures Management has an adequate control environment, includes updating SOX process documentation, executing test plans to evaluate effectiveness of SOX controls, and monitoring remediation of SOX deficiencies
* _Information Security:_ Manage, along with Business Information Risk Officer, information security risk through the implementation of primary and secondary controls to mitigate the risk, identifying information assets and associated risks, and ensuring information security awareness of employees in business/function
* _Privacy:_ Manage the assessment and mitigation of privacy risk, including customer disclosure and access that is compliant with laws and internalrequirements, implementation of information security controls for repositories and processes containing personally identifiable information, considering impact of privacy matters on projects and initiatives in area of responsibility
* _Business Continuity:_ Manage potential and real situations that may cause disruption to operations and invocation of business continuity plans, including implementation of a robust business recovery strategy comprising an impact analysis, contingency plans and testing and with consideration to critical parties and vendors. Responsibilities also include facilitation of mandatory business continuity awareness and escalation of business continuity risks.
* _Fraud: _Manage fraud risk assessments, monitor the effectiveness of controls related to identified points of fraud risk vulnerability, and ensure remediation of those deemed ineffective or deteriorating. Ensure employees are properly trained in fraud risk awareness and facilitate reporting of confirmed/suspected fraud.
* To implement the Group compliance policy locally by containing compliance risk in liaison with the Head of Group Compliance, Global Business Compliance Officer, Area Compliance Officer or Local Compliance Officer, ensuring adequate compliance resources and training, fostering a compliance culture and optimizing relations with regulators.
* Complete other responsibilities, as assigned.
ACCOUNTABILITY AND DECISION-MAKING RESPONSIBILITY:
* Supports the