Business Risk Manager – COO Office

À propos de cette offre

The Business Risk Manager within the Chief Operating Officer “COO” division is accountable for the implementation of a comprehensive risk and control framework within the 1LOD COO functions, which will be designed and developed by and in close collaboration with the Chief Risk Officer and the Head of Internal Controls. Acting as a first line of defence, the role supports that the bank’s infrastructure, governance, policies, processes, and services are resilient, well-controlled, and aligned with internal risk appetite and Swiss regulatory expectations.

The position partners closely with the various departments within the 1LOD COO function (such as IT, information security, physical security, facilities, operations, client reception, procurement, etc) acting as central interface within the first line of defence and in collaboration with the second line of defence.

Identify, assess, and monitor risks associated to relevant COO owned processes

Maintain controls framework for the relevant functions and processes, in line with the bank’s internal/external regulation and risk appetite

Regularly review and enhance the control framework, oversee its implementation and monitor the effectiveness of controls by the relevant control owners

Closely collaborate with the key stakeholders within the COO function for the definition of action plans to mitigate residual risks and address control gaps

Proactively escalate material incidents and control weaknesses to the COO, Chief Risk Officer and Head of Internal Controls

Governance, Reporting, Audit & Stakeholder Management

Serve as a trusted risk partner to COO management and key stakeholders

Act as central interface within the first line of defence for COO function and the second line of defence

Key point of contact for internal and external auditors for the COO function

Coordinate reporting on COO risk management matters to management committees

Change & Project Risk Assessment

Under the guidance of the Chief Risk Officer, coordinates the implementation of operational, access, and resilience risk mitigation measures arising from new products, process changes, and system implementations

Operational Resilience, Business Continuity & Disaster Recovery

Together with the Chief Risk Officer and Chief Security Officer, maintain and proposes updates to the Business Impact Analyses (BIA) to identify vulnerabilities, critical functions, and potential threats

Under the guidance and in collaboration of the Chief Risk Officer and the Chief Security Officer identify document and test critical functions, review BCP’ and DRP’s

Coordinate in collaboration with the Chief Security Officer Crisis exercises planning

Support the bank’s operational resilience framework, with the aim to ensure continuity of critical services under severe but plausible scenarios in collaboration with the Chief Risk Officer and Chief Security Officer

Monitor dependencies on people, processes, technology, premises, and third-party providers and adequately documented within the ERM tools (ie. OPCIS)

Access Management & Recertification controls

Manage access recertification for COO-owned or managed applications, including Lombard Odier (LO) related services

Support and guide managers in performing Entra-based access recertification for all COO departments and support functions, acting as a point of contact and facilitator; exclude Front Office roles (managed by the BRM Front team). Excluding the technical aspects of the Entra IAM platform and recertification tooling which remains under the responsibility of the Security function

Outsourcing & Third-Party Risk controls

Assess and monitor risks related to outsourced services and critical suppliers, in coordination with the Chief Risk Officer, the procurement function and IT

5–7 years of experience in the banking sector, preferably in risk & control, audit or BRM role

Strong understanding of regulatory requirement applicable to the banking sector, banking processes and operational, IT risks and resilience

Solid knowledge of FINMA regulatory expectations and banking auditors’ requirements (1st and 2nd line of defence organizational requirements notably in the compliance, data protection, operational risk, resilience, BCM/DR, and outsourcing fields)

Good understanding of information security frameworks (ITIL,) and third-party assurance reports (ISEA/SOC)

Soft skills:

Highly organized, rigorous, and able to manage multiple priorities

Appetite for transversal projects and enhancing collaboration intra-teams and stakeholders

Excellent communication skills, French & English, both in verbal and writing

Innovative mindset, able to identify opportunities for process improvement and operational efficiency

Solution‑oriented, and comfortable working under time pressure

Credible and confident when interacting with stakeholders of all levels

Language requirements:

Excellent verbal and written command in French and English, German an asset

Education & Certifications:

Bachelor’s degree in business, or computer science, or equivalent

Professional certification in Information Security (CISSP, CISA, CISM, auditor, or similar) highly appreciated