Operational Risk Manager/Technology, BCM and Data Mgt. Risk

This role is responsible for proactively identifying, assessing, mitigating, and reporting technology, business continuity and resiliency, and data management risks across the organization, with a strong emphasis on influencing stakeholders at all levels. This position requires the ability to effectively engage with senior and mid-level leadership to drive strategic decisions while also collaborating with teams across the organization to foster a risk-aware culture. Deep expertise in technology, business continuity and data management, regulatory compliance, and risk governance is essential to ensure robust protection and alignment with industry standards. Exceptional communication and leadership skills are critical to building trust, driving alignment, and ensuring the successful implementation of technology, business continuity and data management risk practices.

Key areas of risk coverage in technology, business continuity, and data management include core technology operational processes and controls such as IT production incidents, change management, problem management, cloud computing, job scheduling, backup and recovery, business continuity and disaster recovery, operational resiliency, and the data management lifecycle including data quality risks. The Operational Risk Manager will be responsible for assessing and evaluating the overall risks in these domains, maintaining an active oversight, and reporting on intrinsic, mitigations, and residual risks across the organization.

Additionally, this role will contribute to the enhancement of second line of defense practices in technology, business continuity and data management risk, which encompasses assessments, lifecycle practices, operational incident response, service delivery, disaster recovery and business continuity planning (BCP), and the management of Algo Model Operational Control Risk, Public Cloud Governance, and Laws, Rules, and Regulations.

Day to day responsibilities include but not limited to:

• As part of second line of defense, providing independent review and challenge of first line of defense’s assessments e.g. RCSA, IT Risk Assessment.
• As part of second line of defense, gather relevant loss data and other evidence to use during its challenge function and prepares periodic reports on internal operational risk events for the operational risk governing committees.
• As part of second line of defense, define, manage, and challenge the first line of defense execution of the KRI Program.
• Working with SG Americas Enterprise Risk Management to assist in setting, reviewing, and maintaining the operational risk appetite or tolerances.
• Analyzing and reporting the operational risk exposure in SGAMER, including summary information on loss events, risk assessments, and emerging risks. 
• Establishing and setting strategic direction for policies and standards of SG AMER operational risk management framework (keeping in line with global policies) and assessing adherence.
• Implementing and executing the infrastructure (key components) that facilitates identification, measurement, monitoring, mitigation, reporting and escalation of operational risk.
• Modifying the framework components in response to the changing (business and regulatory) environment and lessons learned.
• Defining Operational Risk Management decision and escalation paths for breaches, information, and approvals.
• Directing and coordinating with 1LOD operational risk managers to ensure consistent, sustainable implementation of the Framework.
• Reinforcing and directing Operational Risk Management culture set by senior management and the SGUS Executive Management Committee.
• Providing subject matter guidance on training development/content including identification of suggested Operational Risk training.
• Providing oversight of operational risk management processes and governance, so they are functioning as designed, objectives are met, and appropriate actions are taken to address and remediate gaps.
• Performing 2LOD Targeted Reviews on a continuing basis in line with current SGAMER requirements.
• Performing the Review and Challenge of risk issues and their corresponding action plans including but not limited to Self-Identified Issues, Compliance Identified Issues, RISQ Identified Issues, Audit Identified Issues and Regulator Identified Issues. 
• Review and Challenge of the Algo Model Operational Control Documents for any new Algo’s as a pre-condition as they are presented at the relevant committees for approval.
• Review and Challenge of the Algo Model Operational Control Inventory on an annual basis. 
• Review and Challenge of the Algo Model Operational Control Documents on an annual basis. 
• Review and Challenge 1LoD on their compliance with Laws, Rules and Regulations.
• Review and Challenge the Public Cloud migration and Key Projects for respective risks.

Independent from the Business Lines, the Risk Management (RISQ) Division's mission is to contribute to the development of the SG Group's activity by facilitating the objectives of the Business Lines while maintaining independent oversight through risk evaluation and monitoring. The RISQ division in the US supports all the activities in the Americas Region (US, Canada and Latin America) (SG AMER), which is almost exclusively corporate and investment banking (GBIS) oriented.

Required:

• Proficient understanding of financial services, particularly in risk and regulatory domains.
• This role requires a comprehensive understanding of technical concepts, coupled with familiarity with related technologies, infrastructure, and a strong conceptual knowledge of enterprise IT system operations, business continuity and data management lifecycle management. It also demands experience in evaluating the design and operational effectiveness of IT Risk, business continuity and data management processes, controls, and the associated risks to ensure robust security measures are in place.
• Extensive knowledge of emerging technology and data risks in the areas of Artificial Intelligence, Machine Learning, and Quantum Computing.
• This role requires a highly meticulous and detail-oriented individual who can effectively manage multiple tasks simultaneously. The ideal candidate demonstrates a high degree of initiative, dependability, and the ability to work independently with minimal supervision. Strong leadership skills, including the ability to lead through influence, are essential for driving collaboration and achieving organizational goals.
• Experience in assessing design and operating effectiveness of technology controls.
• Data architectures including reference/master data, transactions/messaging, and unstructured content.
• Operational risk framework components including loss data collection, RCSA, process/risk/controls.
• Experience leveraging IT risk frameworks such as: COBIT5, COSO, ISO27001, NIST and/or data management frameworks i.e., DCAM/CMM-DMM
• Expertise in financial regulations (BCBS 239, SR 11-7, Volcker Rule)
• Hands-on experience with GRC tools (i.e., Archer)
• Ability to analyze root causes of issues and documenting remediation 
• Strong leadership skills with ability to lead by influence
• Diligence and persistence in the face of organizational crosswinds
• Strong technology experience in implementation of data architecture and building data quality controls.

TECHNICAL SKILLS

• Extensive technical skills and expertise in business continuity, and data management include core technology operational processes and controls such as IT production incidents, change management, problem management, cloud computing, job scheduling, backup and recovery, business continuity and disaster recovery, operational resiliency, information security, and the data management lifecycle including data quality risks.
• Familiarity with data management lifecycle processes, concepts, controls, and tools; SAS, Collibra, Informatica, Hadoop, relational databases etc. would be desirable.
• Familiarity with risk technology and assessment tools
• Hands-on application development life-cycle practices
• Experienced in integrating vulnerability and patch management tools with IT/IS risk programs, as well as prioritizing and communicating vulnerability remediation efforts.
• Skilled in performing root cause analysis for technology incidents.
• Experienced in developing or defining requirements for GRC (Governance, Risk, and Compliance) management tools.
• Proficient in Microsoft Office Suite, including Excel, Word, Access, PowerPoint, Outlook, and SharePoint.

• Strong written and verbal communication skills.

  PRIOR WORK EXPERIENCE
  Required:

• Worked in Infrastructure and/or Security Operations – 1LOD.
• Preferably worked in Financial Services/ Banking industry.
• Preferably also worked in a 2LOD Cyber Security Risk function.
• Demonstrated effective communication at Senior Management level.
• Bachelor and or master’s degree in computer science, Engineering or relevant technical field.
• Strong background in control evaluation, life-cycle management, and technology 
• Background in GRC tool development, implementation and governance
• Background in SR11-7 Compliance
• Experience in software development of transactional and analysis/reporting
• IT Risk management or governance certifications (CGEIT, CRISC, CISA)
• Previous work within Risk and/or Finance
• Experience in leading regulatory remediation efforts

Supervision Duties

Provide mentorship to junior team members and provide coaching, performance feedback, and technical guidance across the coverage domains of technology and data risks.

Certification Required

• IT Risk management or governance certifications (CGEIT, CRISC, CISA)

Societe Generale is committed to offering an inclusive recruitment experience to all candidates. If you require any reasonable accommodations during the recruitment process, please do not hesitate to let our Recruiters know.

OUR CULTURE: 
At Societe Generale, we live by our 4 core values of commitment, responsibility, team spirit and innovation. We are engaged and demonstrate consideration for others. We act ethically and with courage. We focus our talent and energy on collective success. We experiment and propose new ideas. This way, we maximize our ability to serve client needs and anticipate market changes. Societe Generale is committed to strengthening bonds with colleagues, communities, and the world in which we live, because relationships are at the heart of how we operate. For more information about our Culture and Conduct initiatives, please visit this link (https://americas.societegenerale.com/en/careers/get-know-culture/)

DIVERSITY, INCLUSION & BELONGING (“DIB”):
Our DIB Mission: Recruit, develop, retain and advance a talented workforce that is united in our efforts to leverage our talent and further develop an inclusive environment that will enhance our competitive position and deliver innovative solutions to our clients. It seeks to foster an environment where employee differences are valued and where all employees feel engaged, supported, respected, and informed. For more information about our DIB initiatives, please visit this link: https://americas.societegenerale.com/en/careers/get-know-diversity/

HYBRID WORK ENVIRONMENT:
Societe Generale offers a hybrid work arrangement that offers employees the flexibility to work remotely, as well as on-site, in order to promote interaction and collaboration with colleagues while adhering to all SG standard protocols.  Hybrid work arrangements vary based on business area.  The applicable business lines will determine and communicate the work arrangements that best meet their business needs.

COMPENSATION:
Base salary range does not include overtime pay, bonus and/or other benefits, where applicable. Actual base salary offer will vary based on skills and experience. The role is eligible for an annual discretionary bonus and includes a competitive benefits package including 401(k) plan with company match, medical/dental/vision, and other benefits for fertility, wellness, student loans and commuters.