Enterprise Risk Management - Regional Head of Third Party Risk Management, GSC Cairo

Why join us?

Global Enterprise Risk Management is a sub function of Group Risk. Its purpose is to help the bank grow safely and sustainably, helping ensure HSBC understands and effectively manages its non-financial risk. In addition, the function provides resilience risk stewardship to the Regional Business and Functions and the entities we operate in.

This is achieved through:

• Completing analytical assessments and opining on the control environment of the First Line of Defence (1LOD) within Businesses and Regions
• Oversight of emerging risks, strategic business initiatives and local change activity and new/materially changed products
• Completing thematic reviews and aggregated reporting of the Non-Financial Risk profile of the bank
• Responsibility for the implementation of the Risk Management Framework (RMF) that sets out governance, policies and practices to proactively identify, assess, measure and report on, mitigate and control operational risk exposures associated with HSBC’s businesses and operations at all levels of the organisation.

The Opportunity: 

• Supporting the deployment of deep subject matter expertise around third party risk regionally
• Providing advice, guidance and challenge to senior businesses, functions and entity management in region
• Supporting development and oversight of effective implementation of the Group’s third party risk framework across the Group
• Providing guidance and support with policy writing, owning and monitoring compliance with a comprehensive set of clear and concise policies that outline the key principles and minimum requirements applicable to the management of third party risk 

What you’ll do: 

• Engaging with risk owners, control owners and risk stewards to ensure third party risks are managed in accordance to policy
• Overseeing compliance, for example, through the Risk and Control Assessment process, Top Risk Assessments and Incident Management process
• Promoting and developing third party risk awareness and risk management culture in order to ensure that the material risks are both evident and effectively managed
• Identifying any concerning trends and challenging the business to address these concerns.
• Supporting with defining the risk and control library, including minimum control standards, with input from Risk Owners, Business Service and Control Owners, specifying key risks and key controls
• Recommending RCA scoping for third party risk controls and challenge where this is not appropriately applied in the RCA
• Driving appropriate governance for third party risk across key stakeholders and senior control owners
• Reporting on risk and control profile, including impacts of external environment changes, emerging risks and changes to the business strategy.