JOB SUMMARY

• Uphold the integrity of operational risk, in particular, ensuring that operational risks are properly assessed, that risk / return and cost / benefit decisions are made transparently on the basis of proper assessment, and are controlled in accordance with the Joint Venture (JV) standards and its Risk Appetite.
• Provide practical implementation guidance on Operational Risk (OR) Policy & Standard in an effective and consistent manner.
• Identify, assess, monitor, and mitigate risks related to the daily operations of the JV.
• In conjunction with first line of defence (1LOD), ensure any concerns on key controls, operational risk events and its risk impact are understood and escalated on a timely manner. 
• Drive comprehensive, high quality root cause analysis of operational risk events, review and provide robust challenge on remedial action plans proposed by 1LOD Risk / Control Owners. 
• Ensure new and material change in products / services / processes conforms with the Transaction Processing Policy, Change Management Policy, and Product Governance Policy. 
• Oversee and monitor the execution of inherent and residual risk ratings as per the Risk Control Self-Assessment (RCSA) Framework by 1LOD. 
• Ensure local regulatory requirements are met pertaining to operational risk management, prudential standards and governance and operational standards.
• Role requires a combination of expertise in financial services, blockchain systems, regulatory compliance, and risk management frameworks.

RESPONSIBILITIES

Business

• Identify and assess operational risks across the JV ecosystem, including blockchain infrastructure, custody solutions, liquidity management, and payment systems.
• Analyze risks related to smart contract vulnerabilities, stablecoin reserve management, cybersecurity threats, and compliance with regulatory requirements.
• Evaluate third party risks in partnerships with custodians, exchanges, and third-party service providers.
• Provide timely advice, support and challenge to enable compliance with all relevant laws and regulations and support the transition to pro-active and pre-emptive risk mitigation.
• Develop and implement mitigation strategies for identified risks, such as robust cybersecurity measures, operational redundancies, and business continuity plans.
• Lead the response to operational incidents like system outages, fraud, or liquidity crises.
• Collaborate (with Legal, IT, etc) to ensure timely resolution of any operational risk events.
• Assess the stability and reliability of the blockchain infrastructure supporting the stablecoin.
• Collaborate (with IT, Product, etc) to mitigate risks related to smart contracts, network attacks, and key management.
• Ensure robust cybersecurity measures are in place to protect reserves, transaction data, and user accounts.

Processes

• Ensure effective management of operational risks within the JV, in compliance with applicable internal policies, and external laws and regulations.
• Develop key risk indicators (KRIs) and risk control self-assessments (RCSAs) to monitor operational risks.
• Establish and maintain incident management and escalation procedures to address operational failures.
• Continuously improve the operational efficiencies and effectiveness of risk management and compliance processes.

People & Talent

• Lead through example and build the appropriate culture and values.  
• Uphold and reinforce the independence of the Risk function from those whose primary responsibility is to focus on maximizing revenues and profits.
• Lead through example and embed the applicable and appropriate Standard Chartered values and Code of Conduct in the Risk function to drive adherence with the highest standards of ethics, and compliance with relevant policies, processes and regulations among employees.

     

Risk Management

• Risk Appetite
• Conduct, at least annually, the Risk Appetite Refresh for Operational Risk and monitor the approved metrics on ongoing basis and escalate incidents of breach to respective Committees.
• Review and challenge the JV strategy where it is not aligned with the risk appetite.
• Design, maintain and effectively communicate operational risk control parameters across the JV, including policies, control standards, limits and other control levers in order to maintain the JV's risk profile in line with overall risk appetite.

Risk Ownership

• Ensure that risk decisions are transparent and supporting rationales are explained in a professional & courteous manner, especially when turning down proposals.
• Ensure that material operational risk exposures and related issues are reported to the responsible governance committees and to the Board or Board committee as appropriate.
• Highlight any data quality issues in the operational risk management system.
• Obtain assurance regarding the effectiveness of operational risk controls and compliance with applicable laws & regulations.
• Provide expert advice on the interpretation, application and implementation of all relevant laws and regulations for operational risk.

Governance

• Design and implement an operational risk management framework tailored to the Joint Venture’s needs as a stablecoin issuer.
• Maintain operational risk capability and a control environment which is in line with the Operational Risk Framework.
• Ensure that operational risk measurement methodologies are fit-for-purpose, comprehensive and implemented with integrity.
• Monitor top and emerging risks through forward looking indicators, taking into consideration to external events which may be material to the JV. Ensure appropriate management action is being taken to mitigate their impact.
• Define key risk metrics from Operational Risk Policy / Standards / Procedures and continually track performance on such metrics. Escalate concerns, if any, identified through such tracking to appropriate committees.
• Participate in the JV initiatives including undertaking assurance and Operational Risk framework effectiveness reviews, preparing risk analytics and other activities that will enable driving consistent set of operational risk management practices.

People, Culture and Values 

• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations and work in collaboration with risk and control partners within 1LOD and 2LOD.
• Ensure the provision of ongoing training. 
• Share best practices in Operational, Technology, and Cyber Risk.

Regulatory & Business Conduct

• Display exemplary conduct, embed into the JV and live by the Standard Chartered Values and Code of Conduct. 
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across the JV. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Engage relevant stakeholders to raise awareness of Operational, Technology and Cyber Risks and how these are managed in the JV

Internal

• Members of Peak Management Team
• JV Chief Risk Officer
• Group Operational, Technology and Cyber Risk Team
• Group Internal Audit

External

• Regulators in Hong Kong 
• External Auditors

Other Responsibilities

• Embed the JV’s brand and values in the Risk and Compliance Function 

Qualifications

• Local regulatory requirements (e.g. HKMA ECF ORM Certification)
• Operational risk management experience
• A clear understanding of the Bank’s approach to the management of operational risk, or equivalent experience gained in other organisations.
• Sound judgement and courage necessary to perform a control role and maintain effective working relationships.
• Excellent analytical skills and sound judgement in a rapidly changing environment
• Effective verbal and written communication skills
• Ability to present complex risk issues to senior and non-technical stakeholders
• Excellent interpersonal skills, multicultural awareness and sensitivity
• Proactive risk management. 
• Language: English, Chinese (goo to have)
• Training: Role-specific training which are mandatory and developmental
• Other training as deemed mandatory by the JV and updated on a periodic basis

Role Specific Technical Competencies

• Risk Management Framework
• Risk related regulations
• Committee governance
• Risk Appetite
• Risk – Operational, Technology and Cyber Risk
• Risk – Business Partnering
• Risk – Manage Change
• Risk – Communication and Influencing Skills

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

www.sc.com/career

Apply Now to join the Bank for those with big career ambitions.