Role Title: Global Resilience Risk Specialist, Third Party Risk Lead
- Global Operational and Resilience Risk (ORR) is a sub function of Group Risk. Its purpose is to make sure HSBC understands, and is in control of its non-financial risk position. In addition, the function provides resilience risk stewardship to the Global Business and Functions and the entities we operate in. This is achieved through:
- Completing analytical assessments and opining on the control environment of the First Line of Defence (1LOD) within Businesses
- Constructive challenge to the global businesses and functions on their control environment and assessment of risk
- Oversight of emerging risks, strategic business initiatives and local change activity and new/materially changed products
- Analysis of risk exposure across all bank operations and territories to inform capital management and stress testing requirements
- Completing thematic reviews and aggregated reporting of the Non-Financial Risk profile of the bank
- Responsibility for the implementation of a Risk Management Framework (RMF) that sets out governance, policies and practices to proactively identify, assess, measure and report on, mitigate and control operational risk exposures associated with HSBC’s businesses and operations at all levels of the organisation.
- The role holder will have global responsibility for:
- Leading the deployment of deep subject matter expertise around third party risk globally
- Providing issues, event and incident oversight, including specialist oversight of technical controls
- Supporting country and global ORR Managers with all third party risk related queries
- Providing advice, guidance and challenge to senior businesses, functions and entity management, ensuring robust opinion is provided through global governance
- Recommending risk appetite thresholds for third party risk, and oversee risk appetite monitoring
- Providing guidance and support with policy writing, owning and monitoring compliance with a comprehensive set of clear and concise policies that outline the key principles and minimum requirements applicable to the management of third party risk
- Engaging with risk owners, control owners and risk stewards to ensure third party risks are managed in accordance to policy
- Overseeing compliance, for example, through the Risk and Control Assessment process, Top Risk Assessments and Incident Management process
Promoting and developing third party risk awareness and risk management culture in order to ensure that the material risks are both evident and effectively managed
Identifying any concerning trends and challenging the business to address these
- Leading on defining the risk and control library, including minimum control standards, with input from Risk Owners, Business Service and Control Owners, specifying key risks and key controls
- Recommending RCA scoping for third party risk controls and challenge where this is not appropriately applied in the RCA
- Driving appropriate governance for third party risk across key stakeholders and senior control owners
- Reporting on risk and control profile, including impacts of external environment changes, emerging risks and changes to the business strategy
- Monitoring the local external environment to get early sight of emerging risks and provide detailed guidance on controls required to mitigate against them
- Providing technical guidance to support development and completion of ORR and regulatory reporting obligations (e.g. RAS, top & emerging risks, risk profile reporting, RMM, Board reporting where relevant, etc.)
- Ensuring any concerns with key controls and material change programmes, relevant to third party risk, are understood and escalated as required
- Leading regulator and audit engagement pertaining to third party risk; ensure regulatory compliance for third party risk and timely completion of audit actions and findings
- Support training and capability uplift across ORR to ensure robust understanding of third party risk.
- Overseeing, escalating and providing guidance on the identification of conduct impacts across third partyrisk and activities owned by the 1LOD, including where control weaknesses and risk events impact the delivery of good outcomes
- Ensuring critical issues, events and incidents both in key controls and material change programmes are managed for third party risk, are understood by and escalated to appropriate governance forums for appropriate and timely resolution
- Educating stakeholders to understand the impact of emerging risks that require changes to controls, resources and business operations to ensure they remain within appetite
- Ensuring that third party risk initiatives are not adversely affected as a result of poor planning, testing and approach during the delivery of significant change
- Influence and provide direction to the 1LOD and ORR Business & Functions team to ensure they fulfil own roles and responsibilities and manage resilience risk according to the Group’s frameworks and within stated appetite
- Build and maintain relationships with external partners, regulators, industry bodies and others to keep up to date with developments
- Manage relationships with wider ORR team
- Challenge and influence to ensure specialist advice and guidance is understood and followed
- Work in conjunction with ORR Business & Functions team and the wider specialist teams
- Support diversity and reflect the HSBC brand and organisational values
- Partner with ORR Business & Functions team and 1LOD to identify, measure, mitigate, monitor and report resilience risks related to their area of specialism
- Third party risk services, as detailed in the Service Catalogue are embedded consistently globally
- Audit issues, actions and regulatory findings on third party risk are closed in a timely manner, supported with detailed and realistic Management Actions Plans
- Embed Operational Risk Framework deliverables
- Operating with influence and gravitas across all Lines of Defences, Global Businesses and Legal Entities within HSBC, in relation to the management and oversight of non-financial risk
- Providing effective leadership to influence and embed culture change across all levels of seniority and all businesses and functions
- Maintaining a commercial understanding without compromising standards of internal control and organisational risk appetite in a growing and successful business
- Adapting quickly to changing situations and influence strategies with practical, effective commercial solutions through a comprehensive assessment if the non-financial risks are perceived to exceed appetite
- Maintaining independence of thought and lateral thinking to assist in optimising the level of business control and maximising efficiency
- Board level scrutiny around third party risk and the associated risk profile
- The role holder will maintain close working relationships with the wider ORR team, locally, globally and globally.
- HSBC serves the needs of retail, corporate and institutional clients delivering innovative and integrated financial solutions. The Risk function discharges oversight on the management and monitoring of financial and non-financial risk by the businesses and their support functions.
- The importance of non-financial risk and control has increased in recent years and is now the most influential subject for senior management, boards, and regulators. An organisation’s ability for effective identification, measurement and mitigation of non-financial risk will have a significant impact on the achievement of strategic objectives.
- The role has influence over a wide group of stakeholders and employees across the organisation.
- You will be required to
- Work closely with all components of the ORR team.
- Build effective relationship internal and external to ORR
- Enhance control understanding across HSBC’s Products and Services globally
- The responsibility for non-financial risk spans globally. You may also be responsible for local entity management for other team members outside of your direct reports, according to HSBC local entity management requirements.
- economic or market conditions, legal and regulatory requirements, operating procedures and practices, organisation change, the impact of new products, services, third party and / or threats. Accountable to support the creation and maintenance of relevant core policy and guidance, and overseeing the alignment of 1LoD development of procedures and standards
- Consistently display positive leadership behaviour for the management of risk, including notification and escalation of any concerns and ensuring timely action in relation to points raised by audit and external regulators.
- Continually support HSBC's approach to conduct, which is designed to ensure we deliver fair outcomes for our customers and do not disrupt the orderly and transparent operation of financial markets.
- Maintain awareness of operational risk and minimise the likelihood of it occurring, including its identification, assessment, mitigation and control, loss identification and reporting in accordance with the HSBC Operational Risk Management Framework
Observation of Internal Controls
- You will adhere to and be able to demonstrate adherence to HSBC internal control standards. This is achieved by adherence to all relevant procedures, keeping appropriate records and, where appropriate, by the timely implementation of internal and external audit points, including issues raised by external regulators.