Senior Manager, Head of BRCM Finance : 00008G92

Employment Type: Regular

• Business Risk & Control Management (BRCM) promotes, supports and ensures the Business/Function Management owns its risk and controls as the first line of defense to Operational Risk, ensuring that all key risks within their activities and operations are identified, mitigated and monitored by an appropriate control environment that is commensurate with risk appetite
• The Head of Business Risk & Control Management will lead the BRCM capability in the execution of an effective operational risk and control management program within business/function area of responsibility. Primary responsibilities with respect to all categories of operational risk may include
• identifying and assessing operational risks and controls within acceptable levels to the scale and nature of the area’s operations and within Group and regional standards and local regulations
• identifying and reporting incidents in accordance with HSBC standards
• monitoring the ongoing effectiveness of key controls to gain assurance that they are operating in line with risk appetite and any regulatory and HSBC requirements

Impact on the Business

• The Manager, BRCM is responsible for leading the integration of operational risk and internal control management and initiatives throughout the operations of the business/function and is the primary point of contact for embedding the ORIC framework activities within and throughout their business/function. The Manager of BRCM is also accountable to lead the management of specific operational risk categories and coordinate efforts on behalf of business/function management
• Business/Function Specific Responsibilities
• Provide management information to business/function management and risk committees, including material operational risks, significant internal control issues, BRCM activities
• Develop and execute a plan to achieve the operational risk management goals of the Chief Information Officer, including a resource plan with appropriate level and experience of BRCM function
• Lead business/function management in establishment of ‘end to end’ ownership of operational risks, controls, and processes
• Promote operational risk awareness, including training for business/function personnel
• ORIC Framework Responsibilities (Coordinate on behalf of business/function management)
• Coordinate Risk and Control Assessment (“RCA”) including set scope, identify material risks, assign risk prioritization, identify and assess effectiveness of key controls
• Undertake internal control monitoring including develop monitoring plan, monitor progress against plan, execute control monitoring, report results, develop action plans and oversee remediation, and challenge procedures covering areas under review
• Design and implement procedures that enable all incidents to be reported in complete, accurate and timely manner including recording and conducting quality assurance, escalating incidents, appointing incident owner to analyze root cause and manage actions, and develop risk appetite target for operational losses
• Coordinate design, measurement and reporting of key indicators; escalate breaches and determine underlying cause
• Review and provide input on capital modeling and reporting, including capital estimates based on Scenario Analysis, Risk dashboards and Top Risk Analysis (“TRA”)
• Act as “Business Owner” of Key Dimension Combination (“KDC”) in ORION system, for area of responsibility; maintain ORION as the operational risk system of record
• Coordinate assessment of operational risk in material projects and initiatives; assure adequate mitigation
• Facilitate timely identification and escalation of Management Self-Identified Issues; document and monitor progress of remedial actions
• Provide input and review output of CEO Attestation, including significant open issues in the internal control framework and obtain Management’s confirmation that all documented policies and procedures remain effective against known significant issues
• Assess adequacy of remediation of audit findings, internal control issues, and regulatory reviews
• Contribute to the Business Level (HTS) Risk and Control Committee as outlined in the ORIC Committee Charter
• Escalate significant emerged and emerging operational risk and internal control issues to the ORIC team and/or ORIC Committee
• Added: Audit Management
• Coordinate all Internal Audit, including Group, Regional, and Canada originated engagements:
• Regular reporting of Management Self- Identified Issues (MSII), and audit specific MSII
• Manage IT owned and IT dependent audit findings inventory to ensure timely and complete remediation to prevent repeat findings
• Ensure Audit Issues Database (AID) is kept up to date, and the monthly audit tracker is correct
• Facilitate all audit engagements, including planning, kick-off, information request, interviews with all SWD/ITO staff members, draft finding reviews, exit meeting, report review, management response submission, and remediation monitoring
• Added: Sarbanes Oxley (SOX) Compliance Program
• Manage the SOX compliance program in HBCA IT:
• Coordinate annual planning of SOX testing
• Provide oversight of plan execution
• Manage remediation of deficiencies and keep HBCA IT management up to date on testing progress, deficiencies, issues/challenges
• Facilitate external audit queries and information requests
• Responsibilities for Specific Operational Risk Categories (Lead coordination on behalf of business/function management)
• Information Security: Manage, along with Business Information Risk Officer (BIROs) and Deputy BIROs, information security risk through the implementation of primary and secondary controls to mitigate the risk, identifying information assets and associated risks, and ensuring information security awareness of employees in business/function
• escalate to business area management and expedite remediation of overdue/stale information risk findings and deficiencies
• work with the central BIRO Support team to provide business area RAG assessments on Information Risk into ORIC Heat Map Reporting
• Facilitate and communicate implementation of Group and Regional ISR initiatives
• Vendor Risk Management: Manage through the implementation of primary and secondary controls to mitigate the risk, identifying potential vendor control weaknesses and associated risks, and ensuring Vendor Risk awareness of employees in business/function
• Support business area with input from SMEs (i.e. ISR for Data security risk, BCP for Business Continuity) on implementation of effective vendor risk controls
• Escalate to business area management and monitor status of high risk contracts, ensuring action plans are sufficient or risk acceptance is in place
• Conduct periodic IC reviews of business owned controls for Vendor Risk in line with Regional BRCM workplan
• Facilitate and communicate implementation of Group and Regional VRM initiatives
• The position requires secondary coverage of the IT Operations Financial Function (MICS) and provides senior leadership oversight of the ITO MI (Management Information) to IT Operations (ITO) management. This helps enable these areas to effectively manage their costs to achieve IT objectives. This position acts as a trusted ITO partner in providing not only BRCM and financial support for both expense and revenue management, but technological support to effectively aid in the selection process to obtain the most cost effective solutions to manage customer needs

Operational Effectiveness & Control

• Leads the business/function in its management of operational risk appetite, ensuring business/function operates in compliance , with operational risk framework and standards
• Liaison to business/function management, ORIC team and other ‘second line of defense’ teams, and others for operational risk and internal control matters

Management of Risk

• Ensure compliance, operational risk controls in accordance with HSBC or regulatory standards and policies; and optimize relations with regulators by addressing any issues
• Promote an environment that supports diversity and reflects the HSBC brand

Observation of Internal Controls

Maintains HSBC internal control standards, including timely implementation of internal and external audit points together with any issues raised by external regulators

Qualifications

• Delivers high quality sustainable results, considering the impact and risk of own actions and that of the business/function, both short term and long term, on the bank’s operational risk profile and appetite
• Communicates openly with staff, management, internal partners, and external parties and is open to new and better ways to manage operational risk
• Uphold compliance with all relevant internal and external rules, regulations and procedures; engage others to act responsibly and minimize operational risk and internal control issues
• Demonstrate a sound holistic and technical understanding of pertinent business areas and Group requirements as detailed in Group Standards Manuals, Functional Instruction Manuals (FIM), and local standards
• Excellent written and oral communication skills
• Sound judgment, keen sense of urgency, and high level of professional and personal integrity
• Minimum of a Bachelor’s degree
• Experience in Banking, Risk Management, Audit, and/or Compliance. A professional designation is preferred

Job Field : Accounting & Finance
Primary Location : North America-Canada-British Columbia-Vancouver
Schedule : Full-time Shift : Day Job
Type of Vacancy : Country vacancy
Job Posting : 28-Nov-2016, 20:47:17 Unposting Date : 10-Dec-2016, 23:59:00