BRCO Risk Partner Lead - Applications Technology
The Business Risk and Control Officers (BRCO) play a pivotal role in guiding the business to identify and understand risk exposures and the controls needed which are integral to reducing risk and safeguarding our customers and colleagues. BRCOs are critical to the success of the Risk Management Lifecyle and play a role in Planning, Identifying, Assessing, Mitigating, Monitoring, and Reporting. BRCOs are members of the First Line of Defense (1LOD) who:
Provide leadership and coaching to the 1LOD to proactively identify and effectively manage risks.
Translate and educate 1LOD to enable and drive business relevant implementation of Second Line of Defense (2LOD) risk management frameworks, policies, taxonomies, and inventories.
Review, validate, and test 1LOD activities to ensure adequate control design and effective control operation.
Provide credible challenge to 1LOD colleagues, ensuring safeguard and risk mitigation measures are upheld in decision making and adherence to 2LOD frameworks and policies prior to 2LOD review.
Drive two-way collaboration across 1LOD and 2LOD; liaise between 1LOD and 2LOD to drive engagement throughout the risk management lifecycle.
Collaborate and coordinate across the organization to help navigate and mitigate horizontal risk promoting resilience and ensuring safety and soundness.
Document, aggregate and report risk in accordance with the risk management lifecycle.
The Business Risk and Control Office (BRCO) Risk Partner Lead for Applications Technology is responsible for engaging with 1LOD on the development and design of implementing new controls as well as changes to existing processes. Develops options and actions for control owners to perform that will result in improved controls and greater control effectiveness. Monitors controls, including advising on appropriate monitoring structures and conducts thematic analysis providing insights on drivers of risk and emerging risks.
Position Responsibilities:
Business Partnerships
Develops and maintains partnerships with the Line of Business process owners to provide end-to-end thought leadership through strategic consulting and providing expertise in control design that can lead to early identification and sustainable mitigation of technology risks.
Inquiries about and builds deep familiarity with critical Line of Business processes to advise on applicable technology controls.
Drives a strong enterprise risk culture by fostering rigor and discipline focused on risk and compliance awareness, ethical business practices, transparency, and escalation.
Collaborates with and supports other BRCO team members to ensure a robust and comprehensive implementation of Second Line of Defense (2LOD) frameworks within 1LOD.
Depending on size of LOB and the number BRCO Risk Partners, may align support to specific leaders.
Design Controls
Engages in the development and design of implementation of new controls as well as changes to existing processes. Develops options and actions for control owners to perform that will result in improved controls and greater control effectiveness.
Designs controls to fit for purpose, are relevant and primarily address the root causes of the risk, they should also be appropriate, covering the full extent and scope of the risk and its consequences, taking into consideration efficiency and cost-effectiveness as well as ensure they conform to relevant standards or regulatory requirements.
Supports Line of Business process owners and ensures appropriate controls for new and changing processes are identified, risk assessed, documented, and implemented to mitigate risks and ensure all incremental risks have been captured.
Drives adherence within 1LOD to enterprise-wide control design standards, policies, and frameworks.
Engages with 2LOD to ensure risks and control results are in alignment with Comerica's objectives, all risk pillars, and risk appetite and provides 2LOD with regular updates.
Monitoring and Analyzing of Controls
Oversees Line of Business monitoring of controls, including advising on appropriate monitoring structures.
Performs validation to demonstrate the remediation has effectively address root cause of issue, is effective and aligned with regulatory/audit expectations.
Conducts thematic analysis providing insights on drivers of risk and emerging risks.
A successful candidate will have the following knowledge and/or skills:
Demonstrated knowledge of banking industry products, services, and workflows.
Strong familiarity with critical technology processes and controls supporting overall business needs and objectives, for the Line of Business.
Strong track record of driving timely and effective technology issue resolution in a financial services context.
Deep expertise and ability to educate colleagues on technology risk management, controls, and compliance concepts, frameworks, and policies.
Ability to establish authority, influence stakeholders, and productively debate issues (e.g., credible challenge) at all levels including without direct reporting responsibility.
Ability to build strong relationships and engage constructively in a proactive and transparent approach with cross-functional stakeholders, to challenge status quo and drive buy-in to achieve common goals.
Ability to clearly and effectively communicate, including ability to summarize and explain complex findings and issues to a wide range of audiences.
Ability to apply sound judgment and appropriately escalate concerns and issues.
Ability to demonstrate managerial courage and inspire colleagues across the organization to embrace change.
Ability to gather, analyze and interpret large datasets from various sources.
Strong analytical and critical thinking skills with high attention to detail and accuracy.
Ability to manage multiple tasks and projects, prioritize work, meet deadlines, achieve goals, and work under pressure in a dynamic and complex environment.
Self-starter, able to work independently, flexible and can navigate a complex organization.
Position Qualifications:
Bachelor's degree from an accredited university or a High School Diploma or GED and 6 years of Risk Management or other related experience in the Financial Services Industry
6 years of experience in Risk Management, Compliance, Audit, or related field
Expertise in identifying areas of control weakness
Expertise in designing or advising on the design of a broad range of controls (e.g. preventative vs. detective controls; manual vs automated)
Strong understanding of various risk types/pillars, risk management, controls, and compliance concepts and frameworks
Project support/project management skills - ability to provide direction, track progress and ensure alignment with program requirements
Proficient in risk management software, MS Office Suite, and other related technology tools
Preferred Qualifications:
CISA or CRISC certification
Work Best Category:
Category C - Days in the office will either be designated days or will vary week to week from 2-5 days
Hours:
8:00am - 5:00pm Monday - Friday, this position includes both onsite and remote work.
Salary:
To Be Determined Based on Individual Experience