Description of the line of business:
The Risk Management (RISQ) Division in Hong Kong is independent from the Business Lines, it contributes to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring. The RISQ division in HK supports all the Group’s activities in the Asia-Pacific Region.
The mission of the Operational Risk Second Line of Defence department (RISQ OPE) is to provide independent, objective and leading operational risk management challenge and oversight services to assist the firm in maintaining an effective system of operational risk management.
RISQ OPE conducts the oversight of the governance, risk and control frameworks and tolerances of Operational Risk.
RISQ OPE provides proactive advice to help management identify and measure key risks, and to evaluate controls in existing and expanding businesses. An objective is to accompany the employees and raise awareness on the importance of operational risk management which is based on the principle that “everyone is an operational risk manager”.
RISQ OPE organises and/or tests the soundness and efficiency of the operational risk framework, especially on governance, risk identification and mitigation as well as permanent controls.
The department based in Hong Kong covers the ASIA PACIFIC perimeter of activities.
Summary of the purpose of the role:
In this role, the Operational Risk Officer will assess the First Line of Defence (1 LOD) framework in the identification and management of its operational risks, defining and implementing the right remediation plan and challenge if required the risk acceptance taken by the business line (through the governance such as (operational risk committees) or normal day to day interaction on incidents…). This role applies to existing business as well as key projects or by conducting analysis and providing an opinion in new product committees.
The Operational Risk Officer should also make sure that the first level of control framework (on operational risk) is adapted and efficient. This is supported by second line of controls (also known as control of control or spot checks) and by recommending and following up on controls deployment initiatives when relevant.
The Operational Risk Officer needs to ensure that the processes and governance around operational risk (Incident Collection/Reporting, RCSA, Permanent Supervision, Spot Checks, Anti-Fraud, etc…) respect the group policies and norms. He/She will conduct investigations/post mortems and follow-up on red flags and corrective action items.
In case of major risk identification or a risk that is not appropriately managed by the department in charge (or lack of department in charge) the Operational Risk Officer has the duty to escalate the information through the appropriate channel starting with his/her management.