This job board retrieves part of its jobs from: Sherbrooke Jobs | Laval Jobs | Work From Home

Top job offers in Montreal & Region

To post a job, login or create an account |  Post a Job

  English jobs in montreal  

Bringing the best, highest paying job offers near you

previous arrow
next arrow

Société Générale: Operational Risk Manager

Société Générale

This is a Full-time position in Montreal, QC posted April 9, 2021.

Division Description: Independent from the Business Lines, the Risk Management (RISQ) Division’s mission is to contribute to the development of the SG Group’s activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring.

The RISQ division in the US supports all the activities in the Americas Region (US, Canada and Latin America), which is almost exclusively corporate and investment banking (GBIS) oriented.

Day-to-Day Responsibilities: The Head of Data and Technology Risk is looking to hire a Data and Technology Risk Manager that will join the RISQ/OPE organization to help monitor the risks and execute the 2nd line of defense processes and policies for SG’s Business Continuity, Data and Technology environments.

SG AMER deploys a leading industry and regulatory practice approach to executing the operational risk management framework program.

This structured process of Identifying, Mitigating, Monitoring and Reporting (“IMMR”) is utilized by Operational Risk Management to evaluate and manage operational risks, controls, and processes, looking for potential areas of exposure to internal loss or intrinsic risks.

The ORMF ensures that operational risks remain within the thresholds determined by the enterprise and businesses.

Components of the ORMF act independently and in conjunction with each other.The IMMR integration into ORMF and stakeholder responsibilities is a continuous lifecycle for strong operational risk management success as noted by regulators.

Regulators want the overall aim of the IMMR process to ensure management and the business are considering whether the appropriate controls are in place and working effectively to mitigate the risk to an acceptable level (reflecting their risk appetite).Responsibilities include but not limited to:RISQ OPE DTR is the independent 2LOD that challenges the 1LOD RCSA assessments.

RISQ OPE DTR is the independent 2LOD which gathers relevant loss data and other evidence to use during its challenge function and prepares periodic reports on internal operational risk events for the operational risk governing committees.RISQ OPE DTR is the independent 2LOD which defines, manages, and challenges the 1LOD execution of the KRI Program.Working with SG Americas Enterprise Risk Management (“RISQ/AME/ERM” or “ERM”) to assist in setting, reviewing and maintaining the operational risk appetite or tolerances.Analyzing and reporting the operational risk exposure of SGUS to the ERC, including summary information on loss events, risk assessments, emerging risks, and the status of the ORMF.Establishing and setting strategic direction for policies and standards of SG AMER operational risk management framework (keeping in line with global policies) and assessing adherence.Establishing the risk oversight bodies (committees, forums) that are necessary to govern operational risk.Implementing and executing the infrastructure (key components) that facilitates identification, measurement, monitoring, mitigation, reporting and escalation of operational risk.Modifying the framework components in response to the changing (business and regulatory) environment and lessons learned.Defining Operational Risk Management decision and escalation paths for breaches, information, and approvals.Directing and coordinating with 1LOD operational risk managers to ensure consistent, sustainable implementation of the Framework.Reinforcing and directing Operational Risk Management culture set by senior management and the SGUS ExCo.Providing subject matter guidance on training development/content including identification of suggested Operational Risk training.Providing oversight of operational risk management processes and governance, so they are functioning as designed, objectives are met, and appropriate actions are taken to address and remediate gaps.Performing 2LOD Targeted Reviews on a continuing basis in line with the Level 4 “RISQ/OPE/AME Targeted Review Framework”.Performing the Review and Challenge of risk issues and their corresponding action plans including but not limited to Self-Identified Issues, Compliance Identified Issues, RISQ Identified Issues, Audit Identified Issues and Regulator Identified Issues.

Performing the Review and Challenge for the evidence submitted on Regulatory Findings in line with the Level 4 “SGUS Regulatory Findings Remediation Deliverable Review and Challenge Procedure”.COMPETENCIESRequired:
·Understanding of financial services specifically within risk and regulatory domains
·Experience in assessing design and operating effectiveness of technology controls
·Data architectures including reference/master data, transactions/messaging, and unstructured content
·Operational risk framework components including loss data collection, RCSA, process/risk/controls
·Experience leveraging IT risk frameworks such as: COBIT5, COSO, ISO27001, NIST and/or data management frameworks i.E., DCAM/CMM-DMM
·Expertise in financial regulations (BCBS 239, SR 11-7, Volcker Rule)
·Hands-on experience with GRC tools (i.E., Archer)
·Ability to analyze root causes of issues and documenting remediation
·Strong leadership skills with ability to lead by influence
·Diligence and persistence in the face of organizational crosswinds
·Technology experience in implementation of data architecture and building data quality controls
·Experience Evaluating Risks in Public Cloud.

·Familiarity data management tools; SAS, Collibra, Informatica, Hadoop, relational databases etc.

would be desirable.
·Familiarity with risk technology and assessment tools
·Hands-on application development life-cycle practices
·Proficient in Excel, Word, Access, PowerPoint, Outlook, SharePoint
·Strong written and verbal communicationPRIOR WORK EXPERIENCERequired:
·MBA or equivalent experience desired
·Experience Evaluating Risks in Public Cloud.

·Background in GRC tool development, implementation and governance
·Background in data control evaluation, data life-cycle management, and database technology
·Experience in software development of transactional and analysis/reporting
·IT Risk management or governance certifications (CGEIT, CRISC, CISA)
·Previous work within Risk and/or Finance Desirable:
·Cloud Certifications (CSSP, Cloud+, AWS certifications, Microsoft Azure Certifications)
·Experience in Second Line of Defense for an FBO