Job Summary
The Manager, Operational Risk leads the credit union’s operational risk framework by overseeing Risk and Control Self-Assessments (RCSAs), incident management, change-management controls, and the development and monitoring of key risk indicators (KRIs). This role partners with business units to embed risk-based decision-making into day-to-day operations and drives continuous improvement in risk-control processes.
Essential Functions
Risk & Control Self-Assessment (RCSA)
- Design and execute the annual RCSA program: develop assessment tools, train process owners, and facilitate workshops.
- Analyze RCSA results to identify control gaps and emerging risk trends; prioritize remediation actions in collaboration with business leaders.
- Maintain an up-to-date RCSA repository in risk-management software.
- Incident Management
- Oversee operational-risk incident intake: define triage criteria, ensure timely logging, and classify events by severity.
- Coordinate root-cause analyses and corrective-action plans; track remediation to closure and report on trends.
- Prepare monthly incident-management dashboards for senior management review.
- Change Management Controls
- Partner with IT and Operations to embed risk controls into change-management processes (e.g., system implementations, process redesigns).
- Review and approve change-requests for risk-impact, ensuring segregation of duties, testing protocols, and rollback plans are in place.
- Monitor post-implementation reviews to validate controls performed as designed.
- Key Risk Indicator (KRI) Development & Monitoring
- Identify, define, and validate KRIs aligned to high-priority operational risks (e.g., transaction errors, vendor performance, cyber-incidents).
- Establish thresholds and escalation triggers; build and maintain automated KRI dashboards.
- Analyze KRI trends and recommend risk-mitigation actions to the ERM Committee.
- Policy, Procedure & Reporting
- Draft and update ORM policies, standards, and procedure manuals in line with the credit union’s risk appetite.
- Produce quarterly ORM reports—including RCSA summaries, incident trends, and KRI variances—for executive leadership and the Board Risk Committee.
- Ensure ORM documentation meets audit and regulator expectations.
- Stakeholder Engagement & Training
- Serve as the subject-matter expert for operational risk; advise business units on control design and risk-management best practices.
- Develop and deliver risk-awareness training sessions and RCSA workshops across the organization.
- Foster a risk-aware culture through regular communications and targeted outreach.
- Continuous Improvement
- Conduct post-mortems on significant incidents and control failures; identify process improvements and update monitoring protocols.
- Leverage lessons learned to refine ORM methodologies and tools, driving increased efficiency and effectiveness.
Knowledge, Skills and Abilities
- Bachelor’s degree in Finance, Business, Risk Management, or related field (master’s preferred).
- 5+ years of operational-risk experience in financial services, including hands-on RCSA and incident-management work.
- 2 years previous supervisory experience
- Proficiency with risk-management frameworks (e.g., COSO, Basel II/III operational risk principles).
- Strong analytical skills and experience with risk-management or GRC platforms (e.g., MetricStream, RSA Archer).
- Excellent project-management abilities, with a track record of delivering complex, cross-functional initiatives on time.
- Effective communicator, able to present risk insights to both technical and executive audiences.
Preferred Credentials & Skills
- Experience in change-management methodologies (e.g., ITIL) and root-cause analysis tools (e.g., 5 Whys, Fishbone).
- Familiarity with data-visualization tools (e.g., Power BI, Tableau) for KRI dashboard creation.
Working Environment & Logistics
- Location: Hybrid (minimum 2 days/week onsite at headquarters).
- Travel: Occasional travel (<10%) for vendor audits, industry conferences, and regional offices.
- Collaboration: Works closely with IT, Compliance, Internal Audit, Operations, and Business Unit leaders.
At OnPoint, we believe a workplace that reflects the richness of the world fosters a welcoming and empowering environment for everyone. We're committed to equity and inclusion, and consider all qualified applicants embracing every race, religion, color, sex, national origin, age, sexual orientation, gender identity, disability or veteran status, and your unique background.
We encourage you to apply if you're passionate about this opportunity and have the core qualifications. Your unique experiences and skills are what make you a strong candidate. Don’t let imposter syndrome hold you back! Our recruitment process is designed to be inclusive and accessible to all. If you need any accommodations during the application or interview stage, please let us know. We're dedicated to providing what's necessary to ensure a fair and inclusive experience.
Job Details
- Job Family
- Internal Audit
- Job Function
- Internal Audit
- Pay Type
- Salary