Enterprise Risk Manager

One of our clients, an international company in the financial services' industry currently requires an Enterprise Risk Manager

Start: ASAP
Length: min 3 months
Location: Brussels

Objectives:

- Support the implementation of the Internal Control Framework for the Customer Onboarding processes in the scope of this initiative, including, amongst others:
- Assist the CRO Office in orchestrating and facilitating the ICF implementation workshops;
- Act as subject matter expert in Customer Onboarding and provide in depth expertise to help CRO Office validate the identified risks, challenge the existing control environment and provide improvement recommendations;
- Review the adequacy of the risk treatment plans and suggest actionable approach for implementation, including functional and organisational aspects;
- Serve as "sounding board" and advise on best practices for process documentation, risk identification and assessment;
- Support the CRO Office and the Business Teams in preparing deliverables of the various phases of the ICF implementation process.
- Identify and drive opportunities to improve the internal control framework/process in partnership with the CRO Office and the Business Teams;
- Support the CRO Office in designing or improving the communication and feedback loops with other ICF stakeholders (eg other assurance providing functions, governance and policy-setting bodies, key process owners in other ICF initiatives, etc.)

Framework

The ERM function (the CRO Office) has developed an Internal Control Framework methodology, consisting in four main phases:

- Internal control modelling: aims at producing a detailed description of the process by means of process narratives and flowcharts;
- Risk assessment: consists in identifying, analysing (likelihood and impact) and evaluating the risk (against the risk appetite). The deliverable is a detailed description of the risks with their current risk exposure, taking into account the existing control environment;
- Control assessment: consists in identifying, analysing and evaluating the controls (design and effectiveness) through management self-assessment. The outcome of this phase is a detailed description and evaluation of controls; and,
- Risk treatment: the objective of this phase is to bring the risks within appetite by identifying and applying the risk treatment scenarios. The deliverables are the risk treatment plans and the updated risk inventory.

The CRO Office will assist management through all the phases of the implementation effort.

Specific skills - competences

- 8+ years experience in the following areas:
- Internal Control Framework design and implementation;
- Hands-on Customer Onboarding;
- Risk and Control assessments;
- Recommending control enhancement strategies;
- Excellent communication skills allowing to articulate findings and improvements addressed at all levels of management;
- Knowledge of COSO, ISO31000, ISO 27001/27002, ITIL or any other relevant standard;
- Relevant certifications are an asset;
- Experience in a large "Matrix" organization implementing company-wide internal control framework;
- Languages: Fluency in English;

Tags: "Enterprise Risk"; Management; Risk; Risk Appetite; Process