Operational Risk Officer – Cyber IT

 Hong Kong, Hong Kong       Permanent contract        Corporate and Investment Banking

Responsibilities


Description of the line of business:


The Risk Management (RISQ) Division in Hong Kong is independent from the Business Lines, it contributes to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring. The RISQ division in HK supports all the Group’s activities in the Asia-Pacific Region.

The mission of the Operational Risk Second Line of Defence department (RISQ OPE) is to provide independent, objective and leading operational risk management challenge and oversight services to assist the firm in maintaining an effective system of operational risk management.

RISQ OPE conducts the oversight of the governance, risk and control frameworks and tolerances of Operational Risk.
RISQ OPE provides proactive advice to help management identify and measure key risks, and to evaluate controls in existing and expanding businesses. An objective is to accompany the employees and raise awareness on the importance of operational risk management which is based on the principle that “everyone is an operational risk manager”.

RISQ OPE organises and/or tests the soundness and efficiency of the operational risk framework, especially on governance, risk identification and mitigation as well as permanent controls.

The department based in Hong Kong covers the ASIA PACIFIC perimeter of activities.


Summary of the purpose of the role:


In this role, the Operational Risk Officer will assess the First Line of Defence (1 LOD) framework in the identification and management of its operational risks, defining and implementing the right remediation plan and challenge if required the risk acceptance taken by the business line (through the governance such as (operational risk committees) or normal day to day interaction on incidents…). This role applies to existing business as well as key projects or by conducting analysis and providing an opinion in new product committees.

The Operational Risk Officer should also make sure that the first level of control framework (on operational risk) is adapted and efficient. This is supported by second line of controls (also known as control of control or spot checks) and by recommending and following up on controls deployment initiatives when relevant.

The Operational Risk Officer needs to ensure that the processes and governance around operational risk (Incident Collection/Reporting, RCSA, Permanent Supervision, Spot Checks, Anti-Fraud, etc…) respect the group policies and norms. He/She will conduct investigations/post mortems and follow-up on red flags and corrective action items.

In case of major risk identification or a risk that is not appropriately managed by the department in charge (or lack of department in charge) the Operational Risk Officer has the duty to escalate the information through the appropriate channel starting with his/her management.

Responsibilities:

  • Assess operational risk management framework in Asia Pac on the following area:
  • Technology Risk Management (TRM), Cyber security, Business Continuity Management (BCM), as well as Physical Security
  • Conduct reviews or risk assessments on important topics or significant incidents.
  • Participate and contribute to first line operational risk committee with risk analysis and/or escalation, contribute and escalate if needed to second line of defense committees
  • Act as an advisor to the business on Operational Risk Processes, tools and propose solutions to address risks / communicate expectations to first line of defense
  • Develop knowledge and advise on (market) best practices related on risk management
  • Liaise / support / participate to debrief with second line of control during their testing
  • Provide an opinion or validate exceptions to operational risk norms during risk acceptance
  • Participate or coordinate with other second line teams and third line exercises as well as regulator requests on operational risk
  • Contribute to the necessary operational reporting and governance for the executive committee in line with the local risk teams.
  • May participate to and engage working groups / forums outside Societe Generale to share and implement best practices.
  • Assist other RISQ/OPE team member on their underlying business coverage for front to back analysis and to ensure minimal back-up


Profile Required


Skills Required:


Knowledge:

  • Knowledge in Operational Risk Management
  • Knowledge in Technology Risk Management and Cyber Security Preferable:
  • Knowledge in Business Continuity Management
  • Professional certification as recognized by the HKMA CFI (e.g. CISA, CISSP, … etc.)
  • Knowledge on ITIL, COBIT and NIST

Tools:
  • Competence with Microsoft Office suite
  • Microsoft Power BI
  • Excel macro-programming and/or Python scripting
  • Operational Risk Tools knowledge (SG or Industry)

Soft Skills:
  • Strong analytical skills with high attention to details and accuracy
  • Ability to articulate complex concepts in a clear manner
  • Excellent verbal, written, and interpersonal communication skills 
  • Able to organize time, multitask, and define priorities (autonomy)
  • Capable to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines
  • Ability to be flexible and agile (priorities may change, and escalation need to be adapted)
  • 5-8 years experience in same field.

Language:
  • English required – other spoken languages in the region or French are a plus.

Business Insight


Societe Generale is one of the leading European financial services groups. Founded in 1864, we have been playing a vital role in the economy for over 150 years. With more than 148,000 employees based in 76 countries worldwide, we accompany 32 million clients throughout the world on a daily basis. Based on a diversified universal banking model, the Group combines financial strength with a strategy of sustainable growth. 

Our expertise in the Asia Pacific region ranges from Corporate & Investment Banking (Advisory, Financing and Global Markets) to Asset Management, Securities Services, Trade Finance and Cash Management Services. Leveraging on our formidable global footprint, we serve Corporates, Financial Institutions and the public sector. With our regional headquarters in Hong Kong, we operate in 11 countries across Asia Pacific, employing over 6,600 employees. You can find us in Beijing, Seoul, Tokyo, Singapore, Mumbai, Sydney and other locations in the region.

At Societe Generale we have developed – and continue to develop – advanced programmes to support your career development. A diverse and comprehensive Learning & Development programme, a Junior programme for graduates and a Remuneration policy that stimulates your growth are just a few examples that illustrate how we help you to fulfil yourself personally and professionally, and how we develop your ability to adapt to ever-changing environments and transform challenges into opportunities.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, sexual or gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

Job code: 19000WAM
Business unit: Societe Generale Hong Kong Branch
Starting date: 28/12/2019
Date of publication: 02/12/2019
Share on

Operational Risk Officer – Cyber IT

Permanent contract   |   Hong Kong   |   Corporate and Investment Banking