The Operational Risk (OR) Analyst supports the Director, Operational Permanent Control (OPC) in the management, implementation, and monitoring of the Business first line of defence(1LoD) elements of the Operational Risk Management Framework which also includes the General Data Protection Regulation (GDPR), as prescribed by Group. The OR Analyst is required to have a full understanding of the Operational Risk Framework, Policies, Procedures and risk tools / methods used for Operational Risk Management.
Group - Key deliverables
- Support the Business and Functional teams (Operations Directors and or delegate) in the update of their Risk & Control Self Assessments (RCSA/Risk mappings) through review and monitor of their RCSA’s, and where appropriate provide challenge to the content and assessment ratings.
- Lead officer responsible for oversight and support to the Business and Functional teams on all GDPR matters including the periodic maintenance the GDPR database for all required records such as (RoPA), Data Subject Requests management, Privacy by Design updates, and Data Breach reporting in accordance with GDPR and RE group guidelines.
- Assist the Business/Functional teams in the coordination and update of controls monitoring, testing and reporting of (FMPs) and escalating any issues to the Head or Director of OPC
- Support the Head or Director OPC in the validation and maintenance of operational risk metrics populated in the operational risk management local databases.
- Support the collection and recording of Business risk incidents and losses, in the Group’s Risk360 system and reporting any issues for escalation to the Head or Director OPC for resolution.
- Follow up with Central OPC as required on remedial Incident and or risk mitigation actions as appropriate.
- Support the Head of OPC in the maintenance and periodic reviews of the TPRM/Outsourcing register.
Roles and responsibilities
- Group Risk Management Framework
- Support the Implementation of Group Risk Management policies and procedures, and proactively suggest improvements to the risk and control framework.
- Coordinate, collate and report on control results on periodically as required
- Manage the GDPR governance process including Breach reporting, Data Subject Request administration, to ensure business compliance.
- Assist in the maintenance of the TPRM & Outsourcing Register and follow up with business and functional teams on SLA updates.
Oversight & Challenge of the Business Lines - First line of defence (LoD1)
- Assist and advise the Business and Functional heads and/or delegates on the implementation of the Group’s OR framework.
- Provide Operational Risk support to Central OPC/ORC where required in consultation with the Head of OPC.
- Collect incident data, escalate to the appropriate stakeholders, challenge and investigate incidents appropriately
- Ensure risk remediation is carried out effectively and timely to mitigate risk recurrence
- Challenge where appropriate the adequacy of mitigating controls
- Suggest and co-ordinate thematic controls, local assessments and oversights
- Proactively raise awareness of the Operational Risk Framework through relationship building, training, communication, and gaining business commitment highlighting the value add/benefits of good operational risk management
- Assist in the production and validation of risk data metrics for various Operational Risk, and Control, Committee packs.
- Participate in relevant meetings such as OPC community group, Risk Committees, Internal Control Committees
- Escalate incidents as soon as they occur to Head/ Director of OPC and/or appropriate stakeholders as required.
- Good judgment
- Motivated and driven
- Responsiveness to colleagues
- Able to tailor communication appropriately across the organisation
- Educated to degree level
- Fluent in English (written and spoken)
- Solid Operational Risk experience within the First or Second line of Financial Service industry firm.
- Good understanding of Second Line of Defence, Internal Audit, Risk Management Frameworks
- Providing training on Operational Risk
- Experience in the use of Risk Management Systems
- Property industry knowledge would be advantageous
- Proven ability to earn trust and respect with colleagues and senior management
- Strong collaboration skills and ability to work across both functional and geographical lines
- GDPR operations experience would be advantageous
BNP Paribas Real Estate is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, color, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status.
BNP Paribas Real Estate is proud to be an inclusive employer, as recognised by our RICS Inclusive Employer status and membership to Stonewalls Diversity Champion Programme.