Operational Risk Manager

• Operational risk framework: Own/maintain op risk policy/standards, risk & control assessments (RCSAs or equivalent), KRIs, incident taxonomy, issues/action tracking.
• Outsourcing & third-party oversight: Oversee outsourcing register completeness, risk assessments, contract/SLA review standards, ongoing monitoring, and exit/contingency expectations.
• DORA & ICT risk oversight: Drive second line oversight for DORA-aligned governance (incident classification, testing expectations, ICT third-party risk oversight) and evidence readiness.
• Operational resilience: Support mapping of important services, scenario testing, lessons learned, and remediation tracking.
• Reporting & assurance: Produce management/Board-quality MI across incidents, KRIs, outsourcing performance, and resilience testing; support audits and regulator engagement.

• Outsourcing/third-party MI + register assurance; incident & issues MI
• DORA/resilience oversight plan + evidence library; quarterly reporting cadence
• Control effectiveness insights and remediation follow-through

• Operational risk in regulated FS; strong outsourcing/TPRM experience; DORA/op resilience familiarity; excellent documentation discipline; constructive challenge.

• Complete/accurate registers; consistent incident learning; measurable remediation closure; clear DORA/resilience evidence; improved control effectiveness.

Ballinger Group