Trainee Operational Risk & Controls Officer


Trainee Operational Risk & Controls Officer

  • London, United Kingdom
  • Trainee
  • Others


Description of the Business Line or Department

GBSU Risk & Production Management team (RPM), as part of LOD1, accompanies SG UK management in the development and transformation of its business whilst ensuring non-financial risks are appropriately identified and managed operationally, with a focus on:

  • Transversal risks management (Business Continuity, Cyber, Third Party Risk Management, Production Oversight, IT Risk Management) for the UK wholesale platform;
  • Operational Security Management (OSM) functions for GBSU UK in SGIL and SGLB (for IT, Operations, CLD, COO functions);                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      
  • LOD1 ad-hoc deliverables and project coordination (e.g. Operational Resilience) for the UK wholesale platform.
  • On specific topics and at the request of UK Senior Management, RPM also ensures the coordination of specific LoD1 BAU topics relating to permanent control and operational risk management (on an ad-hoc or permanent basis), and also coordinates work on other ad-hoc deliverables (e.g. addressing regulatory requests for information).

In the UK for SGIL, LOD1 risk management and control functions are provided by RPM as a service under the governance of, and with accountability from, SGIL management.

In RPM, Governance, Risk and Controls (GRC) is primarily tasked with operational risk management topics for GBSU, notably:

  • Assisting GBSU management and operational teams in the definition and the setup of their permanent control framework, supporting managers in ensuring that this framework is adequate and sufficient to address risk on the concerned perimeter;
  • Day-to-day identification, investigation, response / remediation and reporting on key non-financial risks through appropriate channels (incl. op risk systems) and with escalation to relevant stakeholders (e.g. LOD2, senior management);
  • Analysis, monitoring and reporting of the results of the managerial supervision controls to senior management and governance;
  • Assist GBSU management in establishing relevant action plans addressing self-identified issues as well as LoD2 and LoD3 feedback regarding permanent controls, risk assessments, operational incidents management, etc.
  • Co-ordination with other risk specialists across lines of defense (head-office GBSU LoD1 risk management team, other LoD1 teams in SG UK, LoD2 teams in RISQ, CPLE and DFIN…), to support the delivery of appropriate permanent controls measures in SGLB;
  • Coordination of Risk and Control Self-Assessments (RCSA), mapping of Activities, Processes, Risks and Controls (MyAPRC), deployment of the Library of Normative Controls (LNC), and similar/related activities within GBSU;
  • Preparing and facilitating GBSU’s reporting and oversight of risks – preparation of Operational & Conduct Risk committee (OCR), supporting GBSU’s input into SGLB’s own non-financial risk governance, supporting deep dives on GBSU-relevant risk topics, risk & controls related projects / transformation activities, scenario analysis exercises, and regulatory engagement.
  • Supporting GBSU’s senior stakeholder to act in, and demonstrate, compliance with the requirements stemming from the Senior Management Regime in the UK, as well as Group requirements (e.g. Permanent Control Transformation related ones).
  • Support operational risk management for the SGIL entity under the direction of SGIL’s CBCO (as a service provider, focusing on the forementioned topics).

In addition to the above, GRC will also provide a support and coordination on Permanent Control topics for SG UK (acting as “Permanent Control coordinators” for SGLB, and providing operational support to SGIL’s CBCO who remains the Permanent Control Coordinator for SGIL). GRC may also provide a targeted contribution on specific topics requiring coordination across RPM and/or SG UK Wholesale platform (e.g. ad-hoc initiatives stemming from the Senior Management Function regime requirements, Post-Brexit “Inbound Business” & cross-border requirements, regulatory-related developments requiring input from all BU/SUs).

Lastly, within the SGIL entity specifically, GRC operates a GBSU Business Control team, a function which supports the maintenance of an effective control framework across every operational, information systems, regulatory reporting and on-boarding activities with a transversal focus to complement the organisational structure. This team, along with the rest of GRC, support the SGIL Chief Business Control Officer for GBSU, responsible for leading and coordinating the risk and control agenda in the first line of defence across all SGIL GBSU perimeters, covering operational and other non-financial risks.

Geographical & Business coverage:

  • GBSU
  • SGLB and SGIL

Summary of the key purposes of the role

  • Provide operational support to OSMs in the day-to-day management of OSM deliveries, focusing on GBSU’s  identification, assessment, recording & mitigation of operational risk.
  • Support the oversight and first level challenge of all operational risk related topics, including but not limited to: RCSA process; incident management; Internal Capital Adequacy Process (for entities where this is relevant); KRI reporting; process reviews, outsourcing risk reviews, action plan completion, including CTL and IGAD finding/recommendation progress tracking.
  • Support the production of operational risk governance packs to be presented to key senior stakeholders.
  • Participate to the implementation and maintenance of the first level (operational) control framework as well as of the supervisory control framework within GBSU (OPER, CLD, IT, COO).
  • Challenge existing processes and procedures within the GBSU Operations department.
  • Recording of operational incidents within the Group’s internal incident management platform, and their subsequent handling / management in line with appropriate procedures.
  • Assist OSMs and LoD1 managers in addressing queries from 2LoD in relation to non-financial risk management and collaborate on incident management matters and investigations (as per relevant thresholds).
  • Contributing to the deployment and monitoring of the requirements of the “Permanent Control Transformation” (PCT) in run mode for GBSU SGIL and SGLB; General support to the PCT Coordinator function in RPM, addressing ad-hoc requests from all UK BU/SUs, conducting training sessions, minuting decisions and actions from PCT governance.
  • Risk-related actions & deliverables management for GBSU: keeping track of all the open actions stemming from all lines of defense (LoD1/2/3) to avoid overdues, collating appropriate justifications for deadline extensions and supporting reviews/approvals for these – SGIL and SGLB; overdue e-learning , phishing campaign defaulters, mandatory absence anomalies; Ad hoc Permanent Supervision (GPS) requests / assisting with the modifications of controls , creation of controls through SG workflow. Preparing relevant weekly or ad-hoc reports on these topics to key stakeholders (head of RPM UK, GRC Paris, entity management etc.).
  • Support the SGIL Head of GBSU Business Controls Office (GBCO) in the oversight of the control framework for SGIL.


This role does not require a specific certification.


This role covers all SGIL activities (conducted across all geographies) and SGLB activities.

Summary of responsibilities

Control Framework Supervision and Governance

  • Support OSMs in the day-to-day OSM tasks for GBSU (SGLB, SGIL) and EMEA OSM supervisor on EMEA OSM coordination and regional governance topics.
  • Support OSMs in providing oversight and first level challenge of all operational risk related topics (GBSU-focus).
  • Preparation of operational risk governance packs to key senior stakeholders (GBSU-focus).
  • Support the maintenance and enhancement of the first level control framework (GBSU-focus). 
  • Support OSMs in challenging GBSU stakeholders on the quality of their operational risk reporting (GBSU focus)
  • Support the effective and, where needed, consistent roll-out of projects & ad-hoc tasks e.g. RCSA, PCT, Outsourcing risk reviews (GBSU).
  • Ensure capture of operational errors & incidents and use of relevant risk event collection processes/tool(s) (GBSU).
  • Ensure action plans are developed and implemented, with appropriate ownership and achievable deadlines; ensure and track sign off on closed actions (GBSU)
  • Assist in ad-hoc projects or initiatives of the CCO/UK department, as directed by Senior OSMs, CBCO, Head of Operations of  SGIL, Head of GRC, Head of CCO UK/EMEA and, potentially, EMEA OSM supervisor (GBSU, EMEA).
  • Contribute proactively to KRI initiatives, incl. helping to improve data quality and avoidance of duplication (GBSU).
  • Support operational key risk indicator dashboard to ensure key items including FBK have agreed action plans with Operational Managers, tracked and shared with appropriate parties (SGIL, GBSU).
  • Monitor and report on operational policies and procedures to ensure review and sign off completed by owners (SGIL, potentially extended to SGLB).
  • Maintain awareness of operational driven projects, in order to assist with remediation and input new/enhanced controls, procedures and ongoing oversight (SGIL, GBSU).
  • Support coordination of Deloitte audit, managing the requests and tracking quality and completion of responses (SGIL).
  • Participate in all required governance meetings related to the perimeter and prepare relevant reporting (SGIL, GBSU SGLB).
  • Support I2C quarterly declarations process with DFIN (SGIL)

Profile required


The following competencies are expected:-

  • Being a fast (and keen) learner – the role entails exposure to many operational processes and the acquisition of a broad expertise regarding risk and control framework and associated operating standards.
  • Excellent coordination skills (multi-tasking essential).
  • Attention to detail and to the quality of output.
  • Good level of (with ability to further develop) IT skills to allow for design and manipulation of reports/MIS through a variety of programs.
  • Strong inter-personal and communication skills; must be able to produce detailed and accurate reports.
  • Strong writing skills, ability to summarise complex matters.
  • Ability to perform against tight deadlines e.g. when running investigations, implementing urgent remedial actions.
  • Ability to identify operational risk issues, to summarise them effectively, to escalate in an appropriate/timely manner.
  • Interest in Markets activities in the UK and associated operational processes (and issues).
  • Ability to work with a degree of autonomy and be responsible for following matters through to completion.
  • Team player, must be able to step up and cover broader roles within a team environment.

Why join us

People join for the impact they can have on us. They stay for the impact we have on them. A flatter structure offers visibility and exposure beyond that of our competitors, so you know our names, and we know yours. It's personable, human, and inspires success through passion. By encouraging open mindedness and a willingness to share ideas, we have adapted to market changes and thrived through innovation. Bringing words like “hard work” and “dedication” together with “community” and “respect” has enabled us to work collaboratively and build our future together. We call this Team Spirit and it's what makes us different. It's what makes you different.

Business insight

If you feel you have the required experience and qualifications, then please apply to the SG Resourcing Team, and we will manage your application. At Société Générale, we believe our people are our strength and are core to the success of our business. As such, we search for, recruit and appoint the best available person on the basis of aptitude and ability, regardless of sex, marital or civil partnership status, race, colour, nationality, ethnic or national origins, pregnancy, disability, age, sexual orientation, religion, belief or gender identity.

We are an equal opportunities employer and we are proud to make diversity a strength for our company. Societe Generale is committed to recognizing and promoting all talents, regardless of their beliefs, age, disability, parental status, ethnic origin, nationality, gender identity, sexual orientation, membership of a political, religious, trade union or minority organisation, or any other characteristic that could be subject to discrimination.

  • Reference: 23000727
  • Entity: SG CIB
  • Starting date: 2023/05/15
  • Publication date: 2023/03/13