Role Profile. Role Details. Grade 4 Business unit. Date produced or updated March 2017

Transcription

1 Role Profile Role Details Role Title Risk Officer Permanent Grade Business unit Risk Reporting to Head of Risk Date produced or updated March 2017 Purpose of Role To support the Head of Risk and Risk Director in developing and implementing an enterprise risk management framework across NS&I which ensures our risk profile is defined, understood and managed effectively across all areas of the business and within the agreed risk appetite. This includes: - Developing and implementing an enterprise risk management framework that meets the up to date regulatory and industry standards and helps to achieve NS&I business objectives - Providing assurance that the Atos risk management framework is aligned with NS&I and operating effectively - Providing assurance to senior management and Audit & Risk Committee of effective risk management through accurate and timely risk reporting - Management and oversight of breach reporting processes Key responsibilities Assist the Head of Risk with the development and implementation of NS&I s enterprise risk management framework, including: Risk Management Framework: Contributing to developing and Implementing an FCA best practice risk management framework, including MI, to provide assurance to NS&I Board and Executive Committee that risks and opportunities related to the achievement of its objectives have been identified and that mitigations / controls are in place to effectively and efficiently manage those risks and seize the opportunities. Work in conjunction with the business to ensure that risks are managed effectively by implementing a risk based approach to assist with making strategic decisions within the business. Contributing to document and improve wide range of risk management processes, to include risk capture, risk measurement, risk management and risk reporting Contributing to developing and implementing an effective assurance framework within the head office through design of first line controls testing and reporting (RCSA) Work closely with directors, senior management and business areas, including outsource service provider and B2B clients, to create a risk control framework and promote a risk aware culture. Provide guidance to business areas on risk management processes and systems to ensure risk events are identified, reported and managed in an effective and timely manner. Act as a central point of contact for the business to provide SME advice and guidance

2 on new risk policies, processes and methodologies. Build and maintain relationships with internal and external stakeholders. Where necessary define and develop appropriate MI to gain assurance of level of compliance with regulatory and contractual requirements and effective risk management. Develop and maintain effective arrangements for identifying and assessing impact of changes in the external environment, analysing upcoming legislation, regulations and industry standards and guidelines, tracking progress and reporting. Oversee, facilitate and support the completion of policy manager assurance statements to support the Annual Governance Statement in compliance with corporate governance standards and guidelines. Help to benchmark NS&I s approach against relevant regulations and FCA texts and industry developments to ensure NS&I s approach reflects relevant best practice. Ensure key gaps are identified and escalated to the appropriate governance forums as required Continually develop processes and methods to improve NS&I s risk framework Oversight and Assurance: Work closely with Atos counterparts to gain assurance that the Atos risk framework is aligned with NS&I, including risk policies, risk appetite, KRIs etc Provide assurance over the implementation and management of first line controls within operations and that they are sufficient and effective in mitigating the identified risks Review and analyse operational, compliance and risk management reporting and MI including 1st line reporting, breach reports, KRIs, PIs, KPIs with appropriate level of challenge to ensure risks are management within NS&I s risk appetite. Working in partnership with other NS&I assurance functions to ensure assurance over the outsource provider in respect of Retail and B2B clients is complete and effective by reference to 1st, 2nd and rd line assurance reports. Risk Management Reporting Develop and implement an effective process for monthly risk reporting across NS&I Provide timely and accurate reporting for senior management, Risk Management Committee, Audit & Risk Committee and the Board to provide assurance that the risks are being managed effectively and escalate where weaknesses is identified and further action is required. Breach Reporting Develop, implement and embed processes to identify breaches of policy and process, assessing the severity of the issue and ensuring remedial action is completed within acceptable timeframes Ensure breaches reported are fully documented and investigated Work in conjunction with other functions within NS&I and Atos to ensure a cohesive and consistent to management and reporting of breaches and incidents Identify issues, and underlying root-cause analysis of breaches, providing insight to the business identifying themes and areas for improvement

3 Other: Development, implementation and maintenance of risk management tools to record and monitor NS&I Corporate risk register, to include developing and delivering training to business users Providing support and guidance on risk management requirements for business activity as required to enable timely and effective delivery of NS&I strategy and objectives for retail and B2B activity. A key part of this role will require very strong stakeholder management at all levels and across all functions including outsource provider and B2B clients, build relationships across other business units, and promote a risk aware culture. Relationships Areas with which the post interacts. Internal All Governance Committees, especially RMC, ExCo, Conduct Committee, Audit Committee and Board All Directors All business areas and staff Risk Management input for Governance Committees External Atos Risk & Assurance Directorate Atos Operational managers and staff B2B Clients Internal Auditors External Auditors Person specification Essential qualifications, experience and technical knowledge Essential qualifications & knowledge: Educated to degree level Good understanding of regulations, guidance and codes of practise relevant for a financial services organisation, eg Money Laundering Regulations, Data Protection Act, FCA Handbook. Training will be provided for legislation specific to NS&I products and government departments more generally where necessary. Good understanding of general law Knowledge of Internal and external risk mitigation techniques, governance and control requirements Essential experience: Ability to develop and oversee implementation of best practice risk management processes across the business Experience of developing and operating risk management frameworks incorporating but not limited to regulatory, operational, reputational, information and security risk, partnering with the business and embedding an operational risk approach. Experience and evidence of having designed frameworks which meet the obligations of Financial Services firms. Risk and compliance experience in a regulated financial services environment (in excess

4 of 5 years) Experience of working within a risk and control function either operational risk or internal audit Strong influencing skills to work across the organisation and its key interfaces / stakeholders Capability to translate and influence FCA compliance within NS&I and its partners Good written and verbal communication skills to all levels of management, and the ability to present formally to stakeholders, including the Audit Committee when required. Excellent interpersonal skills to build effective relationships with internal and external stakeholders Essential To be able to demonstrate an ability to rapidly acquire a good understanding of the general laws that apply to NS&I. Ability to identify pragmatic solutions to risks and issues identified Desirable: Experience of working in an outsourcing environment In depth knowledge of NS&I s policies impacting products, customers and operational procedures Competencies and values Please read in conjunction with the NS&I Behavioural Based Competency Framework. Communication Communicate complex risk issues in a clear, understandable manner Encourage debate on issues (e.g. policy implementation) to seek optimal outcomes Customer focus Consults across the business to determine needs and acts accordingly Maintains effective working relationships with internal customers to ensure requirements are met or exceeded and achieve mutually satisfactory outcomes Achievement Orientation Identifies, understands and manages delivery to agreed service levels Monitors service levels; identifies and manages delivery of remedial action when they fall below agreed levels Managing Third Party Relationships

5 Monitors the external environment to identify opportunities and pre-empt threats to the organisation, including anticipation of political, economic, industry, legal and regulatory trends Manage working relationships with Atos and other external stakeholders assertively to achieve mutually satisfactory outcomes and commercial focus Improving business performance Be receptive to new ideas and challenge Constantly develop knowledge of and respond to the current risk environment and potential new risk areas Be responsible for development of the risk management framework across the organisation to facilitate successful delivery of our strategy Maintain the overall risk framework of NS&I to FCA best practice standards Leading Others (highlight at the top) Be a visible and passionate advocate of risk management Intervene and resolve issues when policies or procedures are not followed Coach and develop others to deliver the risk management framework Develop the risk management capabilities in others Making decisions Devises, challenges and debates both system and procedural changes to enhance performance Takes a wide and balanced view of user requirements, cost, strategic fit and timely delivery before making decisions Teamwork Works effectively as part of the Risk Team and cross Directorate Recognises areas across NS&I where support is required and offers assistance. Able to develop and maintain effective working relationships built on an understanding of stakeholders needs and expectations.