girl looking into her desktop
Back to search results

Compliance and Operational Risk Manager - GCOR Policy Adherence

Charlotte, North Carolina;

Job Description:

The Compliance and Operational Risk (C&OR) Manager is responsible for engaging in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (“FLU/CF”) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively “the Policies”) and the Compliance and Operational Risk Management (“CORM”) Program and Standard Operating Procedures (SOPs). As a member of an FLU or CF C&OR officer team, the C&OR Manager is accountable for proactive identification, management and escalation of compliance and operational risks through the execution of some or all of the below identified activities. This role exercises judgment and influence, and may constructively challenge FLU and CF leaders to support the CORM Program objectives, balancing business strategy with appropriate controls.

The C&OR Manager proactively engages with other C&OR officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of FLU/CF activities. This role develops and maintains a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The C&OR Manager prepares materials for C&OR regulatory exams/audits/inquiries and may provide consultation to business leaders in preparation for FLU/CF regulatory exams/audits/inquiries.

The C&OR Manager plans, drives and reviews team deliverables to support consistent quality of activities, processes and outputs. This role may contribute as a manager responsible for providing leadership direction to attract, assess, develop, motivate and retain a team, or may act as an individual contributor.

The C&OR Manager contributes to the requirements of the CORM Program requirements including, but not limited to the following activities:

• Produces and/or oversees the development of independent risk management reporting for respective area(s) of coverage as input governance and management routines
• Provides subject matter expertise to assist the FLU/CF in establishing an annual learning plan, may be accountable for developing and delivering training content
• Develops and maintains C&OR-owned policies and standards and/or provides oversight of FLU/CF-owned policies, standards and procedures to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
• Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage, advises business leaders on those changes, directs the appropriate areas to implement or amend policies, standards, procedures and/or processes to address regulatory requirements, and challenges the implementation plan as needed; maintains a comprehensive regulatory inventory
• Identifies, aggregates, reports, escalates, inspects and challenges remediation plans, and performs thematic analysis on FLU/CF-owned issues and control enhancements
• Ensures C&OR “owned” issues and control enhancements are identified and addressed appropriately and timely
• Contributes to or leads development of risk coverage plans, executes and / or oversees execution of independent risk monitoring, testing and risk assessments, communicates results
• Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
• Reviews and challenges internal and external operational loss events, including development of remediation plans to strengthen controls, and approves where appropriate
• Participates in Scenario Analysis activities for coverage areas and challenges as appropriate
• Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation

This role is responsible for supervision and execution of the Policy Adherence Assessment (PAA) team activities. The PAA team executes a range of assessments to validate enterprise compliance with applicable policies and laws/rules/regs and to identify instances of noncompliance; assessments include FFIEC Authentication, Global Workplace Assessment, and the GIS Policy Assessment that is comprised of several sub-assessment components.

Role manages a number of onshore FTEs and a team of enterprise offshore resources that support PAA execution and interacts frequently with partners that include application owners, technical experts, and various other internal and external parties.

Specific responsibilities:
• Own controls affiliated with the PAA team activities
• Own and maintain the metrics affiliated with the PAA team activities
• Ensure currency between the PAA team assessments and the bank’s Info Security policies as well as applicable LRRs
• Interface with partners to address gaps and issues, and adjust the PAA team activities, where appropriate, to address them
• Resolve conflicts between PAA activities and LOB or other group processes, where they cannot be resolved on a lower level; escalate those that cannot be readily resolved
• Maintain connections with stakeholders, users, and partners to ensure we are properly delivering against our remit and our SLAs
• Ensure that all changes are socialized and any training required is performed
• Ensure all assessment governance requirements are met or otherwise addressed
• Perform continuous improvement activities to ensure that we stay best-in-class
• Own the PAA process within the system of record for assessments (GPA assessment, FFIEC Authentication Assessment, GWA; along with sub-surveys used to create each)
• Own the PAA process within CM (All findings are assigned to role, though handled by team)
• Define the scoping parameters for scheduling application under development (SRS)
• Define the PAA requirements and responsibilities for interfaces with RISE
• Manage all FTEs assigned to the PAA program for all HR and operational needs
• Manage the relationship with GBS for the GBS associates assigned to PAA activities
• Manage the relationship with Corporate Security for the performance of the GWA assessments
• Manage the personnel budget for the program, and provide input into capital and operating expenses
• Own all action steps assigned to the PAA team for audit issues across the Bank
• Own the ELC-GIS-2 SOC control, and provide support to the SOX Program Office in quarterly control effectiveness reporting

Required and desired skills/qualifications:

- 8-10 years in cybersecurity; prefer 10+ years
- Prefer experience in risk management/oversight/compliance role
- Prefer banking/financial services experience
- Prefer experience supervising cybersecurity technical talent
- Must effectively interact with a diverse set of personalities and talent
- Must be able to effectively communicate across the organization, with partners ranging from highly technical application and cybersecurity experts to nontechnical partners
- Must have the ability to analyze, summarize and report data
- Must have familiarity with applicable law, rules, and/or regulations (examples are FFIEC Authentication, FFIEC IT Examination Handbook)
- Must have ability to interpret enterprise policy and evaluate testing scope to validate coverage
- Must have effective written and verbal communications skills

Job Band:

H4

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

The Compliance and Operational Risk (C&OR) Manager is responsible for engaging in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (“FLU/CF”) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively “the Policies”) and the Compliance and Operational Risk Management (“CORM”) Program and Standard Operating Procedures (SOPs). As a member of an FLU or CF C&OR officer team, the C&OR Manager is accountable for proactive identification, management and escalation of compliance and operational risks through the execution of some or all of the below identified activities. This role exercises judgment and influence, and may constructively challenge FLU and CF leaders to support the CORM Program objectives, balancing business strategy with appropriate controls.

The C&OR Manager proactively engages with other C&OR officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of FLU/CF activities. This role develops and maintains a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The C&OR Manager prepares materials for C&OR regulatory exams/audits/inquiries and may provide consultation to business leaders in preparation for FLU/CF regulatory exams/audits/inquiries.

The C&OR Manager plans, drives and reviews team deliverables to support consistent quality of activities, processes and outputs. This role may contribute as a manager responsible for providing leadership direction to attract, assess, develop, motivate and retain a team, or may act as an individual contributor.

The C&OR Manager contributes to the requirements of the CORM Program requirements including, but not limited to the following activities:

• Produces and/or oversees the development of independent risk management reporting for respective area(s) of coverage as input governance and management routines
• Provides subject matter expertise to assist the FLU/CF in establishing an annual learning plan, may be accountable for developing and delivering training content
• Develops and maintains C&OR-owned policies and standards and/or provides oversight of FLU/CF-owned policies, standards and procedures to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
• Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage, advises business leaders on those changes, directs the appropriate areas to implement or amend policies, standards, procedures and/or processes to address regulatory requirements, and challenges the implementation plan as needed; maintains a comprehensive regulatory inventory
• Identifies, aggregates, reports, escalates, inspects and challenges remediation plans, and performs thematic analysis on FLU/CF-owned issues and control enhancements
• Ensures C&OR “owned” issues and control enhancements are identified and addressed appropriately and timely
• Contributes to or leads development of risk coverage plans, executes and / or oversees execution of independent risk monitoring, testing and risk assessments, communicates results
• Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
• Reviews and challenges internal and external operational loss events, including development of remediation plans to strengthen controls, and approves where appropriate
• Participates in Scenario Analysis activities for coverage areas and challenges as appropriate
• Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation

This role is responsible for supervision and execution of the Policy Adherence Assessment (PAA) team activities. The PAA team executes a range of assessments to validate enterprise compliance with applicable policies and laws/rules/regs and to identify instances of noncompliance; assessments include FFIEC Authentication, Global Workplace Assessment, and the GIS Policy Assessment that is comprised of several sub-assessment components.

Role manages a number of onshore FTEs and a team of enterprise offshore resources that support PAA execution and interacts frequently with partners that include application owners, technical experts, and various other internal and external parties.

Specific responsibilities:
• Own controls affiliated with the PAA team activities
• Own and maintain the metrics affiliated with the PAA team activities
• Ensure currency between the PAA team assessments and the bank’s Info Security policies as well as applicable LRRs
• Interface with partners to address gaps and issues, and adjust the PAA team activities, where appropriate, to address them
• Resolve conflicts between PAA activities and LOB or other group processes, where they cannot be resolved on a lower level; escalate those that cannot be readily resolved
• Maintain connections with stakeholders, users, and partners to ensure we are properly delivering against our remit and our SLAs
• Ensure that all changes are socialized and any training required is performed
• Ensure all assessment governance requirements are met or otherwise addressed
• Perform continuous improvement activities to ensure that we stay best-in-class
• Own the PAA process within the system of record for assessments (GPA assessment, FFIEC Authentication Assessment, GWA; along with sub-surveys used to create each)
• Own the PAA process within CM (All findings are assigned to role, though handled by team)
• Define the scoping parameters for scheduling application under development (SRS)
• Define the PAA requirements and responsibilities for interfaces with RISE
• Manage all FTEs assigned to the PAA program for all HR and operational needs
• Manage the relationship with GBS for the GBS associates assigned to PAA activities
• Manage the relationship with Corporate Security for the performance of the GWA assessments
• Manage the personnel budget for the program, and provide input into capital and operating expenses
• Own all action steps assigned to the PAA team for audit issues across the Bank
• Own the ELC-GIS-2 SOC control, and provide support to the SOX Program Office in quarterly control effectiveness reporting

Required and desired skills/qualifications:

- 8-10 years in cybersecurity; prefer 10+ years
- Prefer experience in risk management/oversight/compliance role
- Prefer banking/financial services experience
- Prefer experience supervising cybersecurity technical talent
- Must effectively interact with a diverse set of personalities and talent
- Must be able to effectively communicate across the organization, with partners ranging from highly technical application and cybersecurity experts to nontechnical partners
- Must have the ability to analyze, summarize and report data
- Must have familiarity with applicable law, rules, and/or regulations (examples are FFIEC Authentication, FFIEC IT Examination Handbook)
- Must have ability to interpret enterprise policy and evaluate testing scope to validate coverage
- Must have effective written and verbal communications skills

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-21064356

Band: H4

Manages People: Yes

Travel: No

Manager:

Talent Acquisition Contact:

James Henry

Referral Bonus:

0