girl looking into her desktop
Back to search results

Compliance & Operational Risk Manager - Technology Infrastructure

Charlotte;

Job Description:

The Compliance and Operational Risk (C&OR) Manager is responsible for engaging in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (“FLU/CF”) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively “the Policies”) and the Compliance and Operational Risk Management (“CORM”) Program and Standard Operating Procedures (SOPs). As a member of an FLU or CF C&OR officer team, the C&OR Manager is accountable for proactive identification, management and escalation of compliance and operational risks through the execution of some or all of the below identified activities. This role exercises judgment and influence, and may constructively challenge FLU and CF leaders to support the CORM Program objectives, balancing business strategy with appropriate controls.

The C&OR Manager proactively engages with other C&OR officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of FLU/CF activities. This role develops and maintains a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The C&OR Manager prepares materials for C&OR regulatory exams/audits/inquiries and may provide consultation to business leaders in preparation for FLU/CF regulatory exams/audits/inquiries.

The C&OR Manager plans, drives and reviews team deliverables to support consistent quality of activities, processes and outputs. This role may contribute as a manager responsible for providing leadership direction to attract, assess, develop, motivate and retain a team, or may act as an individual contributor.

The C&OR Manager contributes to the requirements of the CORM Program requirements including, but not limited to the following activities:
• Produces and/or oversees the development of independent risk management reporting for respective area(s) of coverage as input governance and management routines
• Provides subject matter expertise to assist the FLU/CF in establishing an annual learning plan, may be accountable for developing and delivering training content
• Develops and maintains C&OR-owned policies and standards and/or provides oversight of FLU/CF-owned policies, standards and procedures to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
• Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage, advises business leaders on those changes, directs the appropriate areas to implement or amend policies, standards, procedures and/or processes to address regulatory requirements, and challenges the implementation plan as needed; maintains a comprehensive regulatory inventory
• Identifies, aggregates, reports, escalates, inspects and challenges remediation plans, and performs thematic analysis on FLU/CF-owned issues and control enhancements
• Ensures C&OR “owned” issues and control enhancements are identified and addressed appropriately and timely
• Contributes to or leads development of risk coverage plans, executes and / or oversees execution of independent risk monitoring, testing and risk assessments, communicates results
• Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
• Reviews and challenges internal and external operational loss events, including development of remediation plans to strengthen controls, and approves where appropriate
• Participates in Scenario Analysis activities for coverage areas and challenges as appropriate
• Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation


Specific LOB/segment/coverage area of this role: Core Technology Infrastructure (CTI). As a member of Global Technology (GT) Compliance and Operational Risk (COR), this Risk Manager is responsible for leading independent risk oversight for CTI in alignment with the Compliance and Operational Risk Program. The COR Risk Manager demonstrates and applies technology expertise in conjunction with risk acumen to promote a culture of compliance and the identification, escalation and timely mitigation of technology risks. This Risk Manager exercises judgment and influence, and may constructively challenge Technology leaders to improve the control environment and ensure adherence to applicable policies and standards. 


The COR Risk Manager remains current regarding industry and regulatory trends, benchmarks and best practices in compliance and operational risk management for his/her area of responsibility. The COR Risk Manager oversees proactive engagement with other COR risk officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of GT activities. This role oversees the development and maintenance of a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The COR Risk Manager also advises Technology leaders in preparation for regulatory exams/audits/inquiries, participates in Technology regulatory meetings, and oversees preparation of materials for COR regulatory exams/audits/inquiries.

Additional responsibilities include:
This Risk Manager is responsible for the investigation of aligned technology incidents, Identification of gaps and reduction of risks. Responsibilities may include risk assessments, scenario analysis, Third Party performance, CTI Metric performance and Ops Losses.

Coverage may include any number of areas in the Infrastructure space including Middleware, System Administration, System backup, Storage, Cloud, Network, Database, Lifecycle Currency, Mainframe, Technology Incident Management or Application Production Services. 

Required and desired skills/qualifications:

• 7+ years of technology experience with a focus on core infrastructure technologies

• Proven experience with Technology / Systems implementation

• Working knowledge of disaster response, infrastructure resilience and impact analysis

• Familiarity of enterprise networks, data center and cloud infrastructure services

• Understanding of shared technology services, core critical systems and how these enable the business

• Problem solving skills and ability to think algorithmically
• BS degree in a computer discipline or relevant certification
• Proven management skills; ability to build and execute routines to drive accountability against clear expectations, ensure execution of required operational routines
• Strong relationship management skills to navigate the complexities building consensus and resolving conflicts in a large organization; proven ability to influence peers/stakeholders and senior leaders across various lines of business
• Proven ability to manage multiple and often competing priorities in a global environment
• Proven ability to Identify, Escalate, Debate Risk Culture
• Proven ability to execute with accuracy, precision, and attention to detail
• Ability to decompose complex issues and drive timely decisions 
• Ability to connect dots, look across, and solve problems
• Strong communication skills (presentation and influencer)
• Ability to communicate complex ideas in a clear and concise manner, shaping the opinions and gaining trust.
• Participation in cross-functional teams and ability to work effectively in a geographically dispersed team

• Prior experience with Bank of America's infrastructure platforms, including data center, virtual hosting environments, and third-party programs. ITIL Framework, Incident and Problem management framework and Technology Change experience is desired, but not required.

Job Band:

H4

Shift: 

1st shift (United States of America)

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

2000

Job Description:

The Compliance and Operational Risk (C&OR) Manager is responsible for engaging in activities to provide independent compliance and operational risk oversight of Front Line Unit or Control Function (“FLU/CF”) performance and any related third party/vendor relationships in alignment with the Global Compliance - Enterprise Policy, the Operational Risk Management - Enterprise Policy (collectively “the Policies”) and the Compliance and Operational Risk Management (“CORM”) Program and Standard Operating Procedures (SOPs). As a member of an FLU or CF C&OR officer team, the C&OR Manager is accountable for proactive identification, management and escalation of compliance and operational risks through the execution of some or all of the below identified activities. This role exercises judgment and influence, and may constructively challenge FLU and CF leaders to support the CORM Program objectives, balancing business strategy with appropriate controls.

The C&OR Manager proactively engages with other C&OR officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of FLU/CF activities. This role develops and maintains a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The C&OR Manager prepares materials for C&OR regulatory exams/audits/inquiries and may provide consultation to business leaders in preparation for FLU/CF regulatory exams/audits/inquiries.

The C&OR Manager plans, drives and reviews team deliverables to support consistent quality of activities, processes and outputs. This role may contribute as a manager responsible for providing leadership direction to attract, assess, develop, motivate and retain a team, or may act as an individual contributor.

The C&OR Manager contributes to the requirements of the CORM Program requirements including, but not limited to the following activities:
• Produces and/or oversees the development of independent risk management reporting for respective area(s) of coverage as input governance and management routines
• Provides subject matter expertise to assist the FLU/CF in establishing an annual learning plan, may be accountable for developing and delivering training content
• Develops and maintains C&OR-owned policies and standards and/or provides oversight of FLU/CF-owned policies, standards and procedures to ensure regulatory and operational risk requirements are appropriately addressed, inclusive of conduct risk as applicable
• Monitors the regulatory environment to identify regulatory changes applicable to area(s) of coverage, advises business leaders on those changes, directs the appropriate areas to implement or amend policies, standards, procedures and/or processes to address regulatory requirements, and challenges the implementation plan as needed; maintains a comprehensive regulatory inventory
• Identifies, aggregates, reports, escalates, inspects and challenges remediation plans, and performs thematic analysis on FLU/CF-owned issues and control enhancements
• Ensures C&OR “owned” issues and control enhancements are identified and addressed appropriately and timely
• Contributes to or leads development of risk coverage plans, executes and / or oversees execution of independent risk monitoring, testing and risk assessments, communicates results
• Reviews and challenges the FLU/CF process, risk, control (PRC) inventory and FLU/CF Risk & Control Self-Assessment (RCSA)
• Reviews and challenges internal and external operational loss events, including development of remediation plans to strengthen controls, and approves where appropriate
• Participates in Scenario Analysis activities for coverage areas and challenges as appropriate
• Ensures metrics are designed to measure key risks and control performance, monitors and reports on metric performance and breach remediation


Specific LOB/segment/coverage area of this role: Core Technology Infrastructure (CTI). As a member of Global Technology (GT) Compliance and Operational Risk (COR), this Risk Manager is responsible for leading independent risk oversight for CTI in alignment with the Compliance and Operational Risk Program. The COR Risk Manager demonstrates and applies technology expertise in conjunction with risk acumen to promote a culture of compliance and the identification, escalation and timely mitigation of technology risks. This Risk Manager exercises judgment and influence, and may constructively challenge Technology leaders to improve the control environment and ensure adherence to applicable policies and standards. 


The COR Risk Manager remains current regarding industry and regulatory trends, benchmarks and best practices in compliance and operational risk management for his/her area of responsibility. The COR Risk Manager oversees proactive engagement with other COR risk officers, including horizontal coverage owners and Enterprise Areas of Coverage (“EAC”), to provide comprehensive oversight of GT activities. This role oversees the development and maintenance of a global coverage plan which defines the scope and risk-based focus of the second line’s risk management activities. The COR Risk Manager also advises Technology leaders in preparation for regulatory exams/audits/inquiries, participates in Technology regulatory meetings, and oversees preparation of materials for COR regulatory exams/audits/inquiries.

Additional responsibilities include:
This Risk Manager is responsible for the investigation of aligned technology incidents, Identification of gaps and reduction of risks. Responsibilities may include risk assessments, scenario analysis, Third Party performance, CTI Metric performance and Ops Losses.

Coverage may include any number of areas in the Infrastructure space including Middleware, System Administration, System backup, Storage, Cloud, Network, Database, Lifecycle Currency, Mainframe, Technology Incident Management or Application Production Services. 

Required and desired skills/qualifications:

• 7+ years of technology experience with a focus on core infrastructure technologies

• Proven experience with Technology / Systems implementation

• Working knowledge of disaster response, infrastructure resilience and impact analysis

• Familiarity of enterprise networks, data center and cloud infrastructure services

• Understanding of shared technology services, core critical systems and how these enable the business

• Problem solving skills and ability to think algorithmically
• BS degree in a computer discipline or relevant certification
• Proven management skills; ability to build and execute routines to drive accountability against clear expectations, ensure execution of required operational routines
• Strong relationship management skills to navigate the complexities building consensus and resolving conflicts in a large organization; proven ability to influence peers/stakeholders and senior leaders across various lines of business
• Proven ability to manage multiple and often competing priorities in a global environment
• Proven ability to Identify, Escalate, Debate Risk Culture
• Proven ability to execute with accuracy, precision, and attention to detail
• Ability to decompose complex issues and drive timely decisions 
• Ability to connect dots, look across, and solve problems
• Strong communication skills (presentation and influencer)
• Ability to communicate complex ideas in a clear and concise manner, shaping the opinions and gaining trust.
• Participation in cross-functional teams and ability to work effectively in a geographically dispersed team

• Prior experience with Bank of America's infrastructure platforms, including data center, virtual hosting environments, and third-party programs. ITIL Framework, Incident and Problem management framework and Technology Change experience is desired, but not required.

Shift:

1st shift (United States of America)

Hours Per Week: 

40

Learn more about this role

Full time

JR-22025323

Band: H4

Manages People: No

Travel: No

Manager:

Talent Acquisition Contact:

Referral Bonus:

2000