Head of Operational Risk

Head of Operational Risk & Resilience
- Reporting directly to the Chief Risk Officer
- Provide strategic advice and enhance risk frameworks that enable the bank to progress its business and digital strategy
- Ensure the complete taxonomy of operational risks across critical operations and processes are accurately defined and effectively managed

Are you a strategic leader with deep expertise in risk management and technology with an unwavering commitment to maintaining highly resilience and secure operations? Join our Group Risk leadership team and take on a pivotal role in safeguarding our organisation's reputation and fostering growth.

**Your role**

In this newly created position, you will spearhead the development and implementation of comprehensive risk management frameworks across People First Bank. You will ensure an integrated approach to the assessment and management of operational risk, data risk, technology and information security risks, enabling the bank to maintain the highest standards for service availability and embd resiliency in its processes across all critical operations.

You will lead a team of dynamic Operational and Information Security risk professionals, driving the continuous improvement and integration of our risk, control, and resiliency frameworks throughout the organisation. Core to your role will be supporting the business and maturing our Three Lines risk governance model, providing strategic oversight and insights for both established and emerging risks.

Key responsibilities include:

- Develop and maintain enterprise level Operational Risk and Resilience Management Frameworks.
- Assessment of People First Bank's Operational Risk and Information Security Risk appetite and development of appetite statements, indicators, tolerances and limits.
- Develop policies, standards and guidelines that are compliant with Prudential Obligations and ensure all operational risks are effectively managed within risk appetite.
- Support the Board and Executive to set the vision and tone for operational resilience.
- Cultivate a culture of risk awareness and proactive mitigation throughout the organisation.
- Provide oversight and challenge of the processes supporting the management of service provider arrangements and supply chain risks.
- Maintain comprehensive Bank-wide information security management governance and frameworks.
- Provide challenge and oversight of the effective management of risks arising from transformation and digital uplift projects with a focus on potential impacts to the bank's information security, data management and supply chain.
- Monitor, analyse and report on operational risks and operational risk profiles.
- Partner with the business to support the effective implementation and embedment of operational risk and resilience frameworks.
- Support the business to ensure critical operations and processes are defined and associated risks and controls regularly assessed and tested.
- Support the business with the assessment and remediation of incidents and issues.
- Develop business continuity framework and support business continuity planning processes.
- Prepare APRA notifications for material control weaknesses and material security incidents under CPS 234.
- Support and challenge processes for service provider management and third part risk assessments.
- Conduct line 2 assurance over the implementation of operational risk and resilience frameworks including assurance of compliance with CPS 230 and CPS 234 prudential obligations.

**About you**

You are a motivated and passionate senior leader with a proven track record of successfully shaping risk management strategies and fostering a culture of resilience at all organisational levels. Your experience in leading and mentoring high performing teams, driving continuous improvement, and cultivating a culture of accountability and collaboration will ensure your success. Your work history will also demonstrate:

- 10+ years industry related experience in an equivalent role for a medium to large organisation.
- Demonstrated experience in the end-to-end development and enhancement of risk policies, procedures, and frameworks aligned with industry best practices, including a focus on operational risk and resilience incorporating stress testing and scenario analysis.
- Demonstrated experience in operational risk management including development of frameworks and integration of risk frameworks across end-to-end business processes.
- Demonstrated experience managing technology and information security risks, including significant understanding of the regulatory requirements associated with Information security (CPS234, PCI DSS).
- Demonstrated experience in the develop of Line 2 assurance programs and performance of assurance activities across all operational risks.
- Extensive experience in writing and developing business documents, reports (including Board reports) and policies.
- Highly developed networking, interperso