Manager, Operational Risk
Description
About BankFund:
BankFund Credit Union is a full-service financial cooperative that was organized and chartered in 1947 as a convenient place for employees of the World Bank Group and International Monetary Fund and their families to save and to obtain credit. Located in Washington, DC, BankFund maintains three full-service branches downtown with our headquarters located near Farragut West metro station. This position is classified as a hybrid role which means that on-site work will be expected. After completion of training for the role, staff generally work on site 40% of the time but this is subject to change based on health and safety standards and operational need.
Summary
Manages critical enterprise-wide operational risk management (ORM) programs including business resiliency and third-party management. Ensures the consistency of the operational risk programs, applies a systematic approach to identify and manage operational risks.
Supervises the Operational Risk Coordinator who assists with carrying out daily operations with regards to critical enterprise-wide operational risk management programs.
Secondary Functions
Serve as a backup in support to the Director of Operational Risk. Supports management reporting and data analysis for the Operational Risk Management (ORM) section and Risk Management Department, as needed. Support management reporting and data analysis for the Risk Management Department and operational risk management areas.
Responsibilities
Supervisory
• Supervise the Operational Risk Coordinator. The Operational Risk Coordinator is tasked with assisting with the facilitation and maintenance of the enterprise-wide operational risk operational management programs.
Business Resiliency
• Lead and manage the enterprise Business Continuity Management (BCM) Program. Manage and maintain organizational preparedness and continuity plan documents, including collaborating with business line stakeholders to update, test, and analyze resiliency and preparedness plans.
• Lead periodic testing and walkthroughs of business unit workarounds to validate and strengthen organizational resiliency. Pursue continuous improvement and challenge adoption of lessons learned during operational resilience related tests, exercises, and simulations.
• Lead ongoing program and organizational process enhancements to develop and mature the resiliency program throughout the organization. Develop and implement improvements to processes and controls. Conduct analysis of processes or workflows to improve program efficiency or effectiveness. Liaise with BankFund staff to identify program deficiencies.
• Conduct business impact analysis in the business continuity system to ensure critical functions are identified, prioritized, and monitored. Conduct gap analysis against IT capabilities of critical applications, business processes, and shared dependencies to resolve any gaps and strengthen resiliency.
• Perform, update, and maintain business resiliency operational risk assessment and organizational threat assessment.
• Utilize the business continuity system to identify and maintain key reporting, perform business continuity risk analysis and reporting. Include third party considerations into business resiliency reporting for enhanced operational resiliency. Periodically present findings to executive leadership.
• Support and collaborate with IT Disaster Recovery staff to ensure testing and maintenance of IT Disaster Recovery Plan and scripts, etc. and coordinate annual Disaster Recovery testing.
• Support the Incident Management Team with Incident Management Reporting, action item tracking, and maintaining the Incident Management System
Third Party Management
• Lead and manage the enterprise Third Party Management (TPM) program. Manage risk scoring and monitoring methodologies to apply to new and existing vendors. Liaise with third party owners, vendors, and other key persons to assess third party vendor risk and adherence enterprise TPM program.
• Lead, manage, and provide guidance for the third party risk management life cycle processes including, but not limited to, onboarding, due diligence, monitoring and reporting, and offboarding.
• Manage and maintain the third party management system while working with business owners to ensure accuracy of information. Maintain the organizational repository of third parties, to be used and considered in other organizational processes.
• Coordinate enhanced due diligence reviews of critical third parties; maintain documentation and enhanced due diligence assessments and provide periodic reporting.
• Manage and develop ongoing third party monitoring and reporting to assess strength and stability of the relationship. Work with third party owners to conduct ongoing due diligence, service level agreement (SLA) monitoring, scorecard monitoring. Manage issue monitoring and management, and escalation reporting.
• Perform third party management risk analysis and reporting. Include business resiliency considerations into third party reporting for enhanced operational resiliency. Periodically present findings to executive leadership.
• Lead ongoing program and organizational process enhancements to develop and mature the third party management programs throughout the organization. Develop and implement improvements to processes and controls. Conduct analysis of processes or workflows to improve program efficiency or effectiveness. Liaise with BankFund staff to identify program deficiencies.
• Support and collaborate with the Director of Legal and Privacy regarding third party contracts, technical assessments, and controls. Coordinate and maintain third party processes which may inform contract, privacy, and/or data information security assessments.
General
• Serve as backup to the Director of Operational Risk in the administration and maintenance of the Risk Management Department’s program and reporting responsibilities.
• Support the Director of Operational Risk to develop, implement, and produce ongoing enterprise-wide operational risk management program reporting to the Chief Risk Officer, Executive Management, and the Board of Directors.
• Primary point of contact and third party owner for BCM and TPM program vendors. Manage and monitor associated budgets for BCM and TMP programs. Periodically assess and evaluate tools, provide recommendations for program enhancements.
• Participate in annual Bank Secrecy Act (BSA) and Office of Foreign Assets Control (OFAC) training and demonstrate knowledge and understanding of the BSA and OFAC, including the immediate reporting of unusual or suspicious activity to the Risk Management Department. Undertake additional training specific to daily responsibilities and as required to ensure continued compliance with all applicable regulations.
• Ensure the Credit Union’s safe harbor protections as allowed by the BSA. Understand that if confronted with knowledge of existence of a Suspicious Activity Report (SAR), an obligation exists to preserve the confidentiality of that SAR, as well as any information that may reveal the existence of a SAR. Maintain awareness of, and immediately report to the Compliance Officer, any unauthorized disclosure of a SAR, or unauthorized disclosure of information related to a SAR. Understand that failure to do so is a violation of federal law and may lead to both civil and criminal penalties for SAR disclosure violations.
• Successfully participate in annual Information Security refresher training. Complies with the Information Security Policy, including the immediate reporting of unusual or suspicious activity to management and the Security Officer. Follow all procedures to protect company computers from viruses, and to maintain the security and confidentiality of Credit Union data.
• Demonstrate commitment to the Credit Union’s Service IMPACT philosophy.
• Perform other work-related duties as assigned by the Director of Operational Risk.
Requirements
Education:
• Bachelor’s degree in related field or an equivalent combination of education and experience.
Experience
• Minimum 3 years in operational risk management related experience at a financial institution with experience in business continuity and resilience and third party management; or equivalent combination of education and related work experience.
• Strong analytical and critical thinking skills.
• High dependability with well-honed time management skills.
• Excellent verbal and written communications skills.
• Thorough knowledge of the credit union industry, products, and services.
Knowledge And Skills Preferred
• Experience with Business Continuity Software, such a Preparis Planner (or similar)
• Experience with Third Party Management Software, such as Quantivate, NVendor (or similar)
• Proficient with Microsoft Products, including SharePoint
• Experience with enterprise collaboration tools and tracking, such as Confluence and Jira
• Development of Analysis and Reporting; data analysis and visualization with demonstrated proficiency and understanding of the principles of operational risk management
Certifications Preferred
• Certified Business Continuity Professional (CBCP)
• Certified Third Party Risk Professional (CTPRP) or Certified Third Party Risk Management Professional (C3PRMP)
• Certified Risk Management Professional (CRMP) or Certified Credit Union Enterprise Risk Professional (CUERME)
For internal purposes, this position is graded as Exempt-14.
The anticipated annualized base salary range for this position is $132,000 to $165,000. Final base salary for this role will be based on the individual’s job-related experience, skillset, training, certifications and market demands. The benefits available for this full-time position include but are not limited to: medical, dental, and vision insurance, 401(k) plan, life insurance coverage, disability benefits, tuition assistance program and paid time off, including paid parental leave benefits. In addition to base compensation salary, this role position is eligible for an annual incentive plan.
Description
About BankFund:
BankFund Credit Union is a full-service financial cooperative that was organized and chartered in 1947 as a convenient place for employees of the World Bank Group and International Monetary Fund and their families to save and to obtain credit. Located in Washington, DC, BankFund maintains three full-service branches downtown with our headquarters located near Farragut West metro station. This position is classified as a hybrid role which means that on-site work will be expected. After completion of training for the role, staff generally work on site 40% of the time but this is subject to change based on health and safety standards and operational need.
Summary
Manages critical enterprise-wide operational risk management (ORM) programs including business resiliency and third-party management. Ensures the consistency of the operational risk programs, applies a systematic approach to identify and manage operational risks.
Supervises the Operational Risk Coordinator who assists with carrying out daily operations with regards to critical enterprise-wide operational risk management programs.
Secondary Functions
Serve as a backup in support to the Director of Operational Risk. Supports management reporting and data analysis for the Operational Risk Management (ORM) section and Risk Management Department, as needed. Support management reporting and data analysis for the Risk Management Department and operational risk management areas.
Responsibilities
Supervisory
• Supervise the Operational Risk Coordinator. The Operational Risk Coordinator is tasked with assisting with the facilitation and maintenance of the enterprise-wide operational risk operational management programs.
Business Resiliency
• Lead and manage the enterprise Business Continuity Management (BCM) Program. Manage and maintain organizational preparedness and continuity plan documents, including collaborating with business line stakeholders to update, test, and analyze resiliency and preparedness plans.
• Lead periodic testing and walkthroughs of business unit workarounds to validate and strengthen organizational resiliency. Pursue continuous improvement and challenge adoption of lessons learned during operational resilience related tests, exercises, and simulations.
• Lead ongoing program and organizational process enhancements to develop and mature the resiliency program throughout the organization. Develop and implement improvements to processes and controls. Conduct analysis of processes or workflows to improve program efficiency or effectiveness. Liaise with BankFund staff to identify program deficiencies.
• Conduct business impact analysis in the business continuity system to ensure critical functions are identified, prioritized, and monitored. Conduct gap analysis against IT capabilities of critical applications, business processes, and shared dependencies to resolve any gaps and strengthen resiliency.
• Perform, update, and maintain business resiliency operational risk assessment and organizational threat assessment.
• Utilize the business continuity system to identify and maintain key reporting, perform business continuity risk analysis and reporting. Include third party considerations into business resiliency reporting for enhanced operational resiliency. Periodically present findings to executive leadership.
• Support and collaborate with IT Disaster Recovery staff to ensure testing and maintenance of IT Disaster Recovery Plan and scripts, etc. and coordinate annual Disaster Recovery testing.
• Support the Incident Management Team with Incident Management Reporting, action item tracking, and maintaining the Incident Management System
Third Party Management
• Lead and manage the enterprise Third Party Management (TPM) program. Manage risk scoring and monitoring methodologies to apply to new and existing vendors. Liaise with third party owners, vendors, and other key persons to assess third party vendor risk and adherence enterprise TPM program.
• Lead, manage, and provide guidance for the third party risk management life cycle processes including, but not limited to, onboarding, due diligence, monitoring and reporting, and offboarding.
• Manage and maintain the third party management system while working with business owners to ensure accuracy of information. Maintain the organizational repository of third parties, to be used and considered in other organizational processes.
• Coordinate enhanced due diligence reviews of critical third parties; maintain documentation and enhanced due diligence assessments and provide periodic reporting.
• Manage and develop ongoing third party monitoring and reporting to assess strength and stability of the relationship. Work with third party owners to conduct ongoing due diligence, service level agreement (SLA) monitoring, scorecard monitoring. Manage issue monitoring and management, and escalation reporting.
• Perform third party management risk analysis and reporting. Include business resiliency considerations into third party reporting for enhanced operational resiliency. Periodically present findings to executive leadership.
• Lead ongoing program and organizational process enhancements to develop and mature the third party management programs throughout the organization. Develop and implement improvements to processes and controls. Conduct analysis of processes or workflows to improve program efficiency or effectiveness. Liaise with BankFund staff to identify program deficiencies.
• Support and collaborate with the Director of Legal and Privacy regarding third party contracts, technical assessments, and controls. Coordinate and maintain third party processes which may inform contract, privacy, and/or data information security assessments.
General
• Serve as backup to the Director of Operational Risk in the administration and maintenance of the Risk Management Department’s program and reporting responsibilities.
• Support the Director of Operational Risk to develop, implement, and produce ongoing enterprise-wide operational risk management program reporting to the Chief Risk Officer, Executive Management, and the Board of Directors.
• Primary point of contact and third party owner for BCM and TPM program vendors. Manage and monitor associated budgets for BCM and TMP programs. Periodically assess and evaluate tools, provide recommendations for program enhancements.
• Participate in annual Bank Secrecy Act (BSA) and Office of Foreign Assets Control (OFAC) training and demonstrate knowledge and understanding of the BSA and OFAC, including the immediate reporting of unusual or suspicious activity to the Risk Management Department. Undertake additional training specific to daily responsibilities and as required to ensure continued compliance with all applicable regulations.
• Ensure the Credit Union’s safe harbor protections as allowed by the BSA. Understand that if confronted with knowledge of existence of a Suspicious Activity Report (SAR), an obligation exists to preserve the confidentiality of that SAR, as well as any information that may reveal the existence of a SAR. Maintain awareness of, and immediately report to the Compliance Officer, any unauthorized disclosure of a SAR, or unauthorized disclosure of information related to a SAR. Understand that failure to do so is a violation of federal law and may lead to both civil and criminal penalties for SAR disclosure violations.
• Successfully participate in annual Information Security refresher training. Complies with the Information Security Policy, including the immediate reporting of unusual or suspicious activity to management and the Security Officer. Follow all procedures to protect company computers from viruses, and to maintain the security and confidentiality of Credit Union data.
• Demonstrate commitment to the Credit Union’s Service IMPACT philosophy.
• Perform other work-related duties as assigned by the Director of Operational Risk.
Requirements
Education:
• Bachelor’s degree in related field or an equivalent combination of education and experience.
Experience
• Minimum 3 years in operational risk management related experience at a financial institution with experience in business continuity and resilience and third party management; or equivalent combination of education and related work experience.
• Strong analytical and critical thinking skills.
• High dependability with well-honed time management skills.
• Excellent verbal and written communications skills.
• Thorough knowledge of the credit union industry, products, and services.
Knowledge And Skills Preferred
• Experience with Business Continuity Software, such a Preparis Planner (or similar)
• Experience with Third Party Management Software, such as Quantivate, NVendor (or similar)
• Proficient with Microsoft Products, including SharePoint
• Experience with enterprise collaboration tools and tracking, such as Confluence and Jira
• Development of Analysis and Reporting; data analysis and visualization with demonstrated proficiency and understanding of the principles of operational risk management
Certifications Preferred
• Certified Business Continuity Professional (CBCP)
• Certified Third Party Risk Professional (CTPRP) or Certified Third Party Risk Management Professional (C3PRMP)
• Certified Risk Management Professional (CRMP) or Certified Credit Union Enterprise Risk Professional (CUERME)
For internal purposes, this position is graded as Exempt-14.
The anticipated annualized base salary range for this position is $132,000 to $165,000. Final base salary for this role will be based on the individual’s job-related experience, skillset, training, certifications and market demands. The benefits available for this full-time position include but are not limited to: medical, dental, and vision insurance, 401(k) plan, life insurance coverage, disability benefits, tuition assistance program and paid time off, including paid parental leave benefits. In addition to base compensation salary, this role position is eligible for an annual incentive plan.
