Oferta pracy

Operational Risk Data And Privacy Manager



rondo Daszyńskiego 2b


Operational Risk Data and Privacy ManagerNumer ref.: Location: Warszawa

Make an impact every day with Trust, Data and Resilience (TDR) Our TDR team sits within the Group Operations function and is responsible for mission-critical areas including cyber, information, data, privacy and resilience. These are challenges that impact our clients globally. Our TDR team develops the platforms, drives the processes and builds partnerships to benefit millions of people every day. They thrive in providing solutions to complex issues, devote time and energy to designing new and innovative solutions, and all in an environment that demands being risk-aware, not risk-averse. TDR chooses progress over perfection and aims to always participate with a constructive purpose. The team makes an impact wherever they are based, be it in our offices around the world, our Global Business Solution centres in China, India, Malaysia and Poland, or even from our home. Now you have an opportunity to make a meaningful impact with a diverse and passionate team of creators, innovators and achievers. With us, you'll learn, be inspired, and make an impact every day. The success of our work hinges on how we use the unique diversity of our people to realise the effects we seek to achieve: Always on. Always safe. Always Simple.

The Role Responsibilities

The purpose of this role is to support the Senior Operational Risk Officer for COO CISO TDR in the process build out and 2nd line challenge on the Data Management and Privacy programme. Focus to ensure all elements of the Operational Risk requirements are proactively assessed and factored into the design, development and implementation of the program and its adherence to the Operational Risk Type Framework ("ORTF") and associated policies and standards.


  • Operational Risk spans an array of potential for financial loss and negative impact on our clients and providers of capital. A developed understanding of this potential and the business case for minimising loss and impact is a requirement for this role.
  • From a regulatory perspective, under Section 320 of the European Union Capital Requirements Regulation (CRR) banks are required to demonstrate the ability to identify their exposures to Operational Risk and have in place an appropriate system of monitoring and control, Understanding this and other relevant regulatory requirements and guidance in respect of Operational Risk is a requirement for this role.
  • While the majority of risk management is done in the First-Line, the Group Operational Risk Team (GORT) is accountable for monitoring and ensuring that Operational Risk is appropriately identified, assessed, understood/calibrated, controlled and managed, with Risk Appetite clearly articulated and supported by appropriate stress testing. GORT is also responsible for ensuring appropriate escalation, follow-up and learning from Operational Risk Events / Incidents.
  • Working in partnership with Country and Regional Second-Line Operational Risk experts, those charged with Operational Risk management in the First-Line and identified SMEs enterprise wide the team is charged with ensuring the adequacy of - and adherence to - a comprehensive Operational Risk Type Framework.
  • The role-holder is required to understand the role and responsibilities of the GORT team as a whole and how these are discharged by the team, actively contributing to development and improvement in the same, as well as to remain informed of pertinent industry and organisational developments


Primary objective of this role is to support the Operational Risk implementation of Data Management and Privacy program delivery and related processes as well as support Operational Risk activities and the program in delivering the required outcomes. The following are key responsibilities linked to the Senior Manager Operational Risk Functions position:
  • The management and monitoring of all the operational risk arising within the Data Management and Privacy Programme and across Functions in Standard Chartered Group and its subsidiaries. This includes setting and agreeing with process and risk owners controls and standards and embedding these within the Operational Risk assessments to identify material risks requiring management attention.
  • Support program and 1st line in identification, assessment and escalation of delivery risk pertaining to the overall Data Management and Privacy Programme and its constituent projects.
  • Attend appropriate
  • To provide a focal point of control over the aggregate level of operational risk in the program that arises from end to end processes, including the design of effective controls and the systematic monitoring of process control effectiveness.

The role-holder is responsible for supporting the development and enhancement of the OR framework, policies and standards to support all Businesses and Functions in line with the Operational Risk strategy.

This will be achieved through delivery of the following:

Risk Management

  • Advice & Engagement: Offering a point of deeper expertise around more technical areas of operational risk.
  • Governance: Develop and inculcate the right policy, process, technology and governance architecture, in partnership with ERM and Group Management where appropriate.
  • Contribute to the design of the risk committee structure for operational risk within the Data Management and Privacy PU and ensure it is effective.
  • Ensure that the individual Data Management and Privacy PU Operational Risk committees are exercising their responsibilities effectively within delegated authorities; actively participate in other key committees through standing membership.
  • Ensure first line process owners, Risk Framework Owners and all Operational Risk Control Owners supporting a Data Management an Privacy process universe understand and accept their risk management responsibilities.
  • Training: To support the Global Head of Data Management and Privacy in the development and execution of OR training. This consists of communication, delivery and timely feedback to ensure appropriate enhancements at Group and Country level.

Risk Appetite:

  • To support Risk Appetite definition for Operational Risk as it applies to Data Management and Privacy, ensuring the same informs risk identification and control design, where relevant, and proactively providing input and advice as to how to address any breaches.
  • Direct appropriate response to material events or other risk issues that come to the Head, Functions Operational Risk's attention.
  • Ensure that effective management response plans are in place to respond to extreme but plausible scenarios
  • Uphold the integrity of operational risk / return decisions, by challenging function heads to demonstrate that risk origination and control decisions are properly informed and consistent with strategy and risk appetite.
  • People & Risk Culture: Drive the engagement with Operational Risk enterprise-wide, supporting a culture that recognises and reflects Operational Risk in its operating model and its decision making.
  • Risk Control Ownership of Operational Risk
  • Ensure that material risk exposures and related issues are reported to the responsible risk governance committees and to the Board Risk Committee.
  • To provide a focal point of control over the aggregate level of operational risk that arises from end-to-end processes.
  • Design, maintain, and effectively communicate operational risk control parameters across the Functions, including policies, control standards, risk exposure limits, and other control levers in order to maintain the Functions risk profile in line with the overall risk appetite set by the Board.
  • Challenge the completeness of risk identification, monitoring, and control activities across Operational Risk Control Areas within the Functions and identify and address any significant gaps that may exist between them.
  • Maintain a good understanding of the requirements of the Group's key external stakeholders in respect of operational risk management and ensure these are well understood internally and reflected in internal procedures.
  • Obtain assurance regarding the effectiveness of operational risk controls and compliance with applicable laws and regulations.
  • Ensure effective reporting of operational losses and incidents in line with policy 

Our Ideal Candidate

The role holder will have experience in Operational Risk management and / or experience in Privacy or Data Management, within the Banking industry, including relevant regulation and industry trends. In particular, the role holder will demonstrate:
  • A rigorous and analytical approach to risk management
  • Experience in enhancing frameworks and policies
  • Understanding of Risk and Control Self Assessment methodology including Control Design.
  • Experience in managing operational resilience risk
  • Proven experience in the development and delivery of training framework, policies and procedures
  • Experience of business partnering, including the ability to synthesise and articulate complex and technical topics clearly to diverse audiences
  • Ability to manage a diverse and challenging stakeholder community / team
  • Proven experience with co-ordination of many dependencies in a complex, large-scale environment
  • Excellent oral, written communication and presentation skills
  • Specific strong competence in the use of Excel for analysis of complex data and PowerPoint for communication purposes Ideally the role holder will have specific experience of Operational Risk frameworks and have an in-depth knowledge of some of the key organisational and operational challenges faced by a Second-Line Operational Risk function. Qualifications Certified Qualifications in the following areas would be preferred.
  • A certified Information Privacy qualification (CIPP, CIPM or CIPT)
  • Data Management Caability Assessment Model (DCAMp
  • Certified Information Management Professional (CIMP)
  • However training will also be provided to the successful candidate.
  • The role holder should comply with all mandatory e-learning as prescribed from time to time.

What we offer:

  • Career development in a fast-growing company with a clear business strategy
  • Opportunity to expand international experience and build global professional relations
  • Permanent
  • Competitive benefits package (incl. health & life insurance, pension plan, meal cards)
  • 3 days of paid volunteering leave our employees can use to support the cause of their choice
  • Convenient location (next to Rondo Daszyńskiego) with subway, tram and bus lines
  • Comfortable office space with chillout areas, free coffee/tea & fruit supply
  • Contribution to building our newest Global Business Services centre

Ogłoszenie archiwalne

Pracodawca zakończył zbieranie zgłoszeń na tę ofertę

Aktualne oferty pracodawcy