Monitors and supports activities to minimize the company’s exposure to risk. Activities may include quantitative analysis, risk identification and remediation. Represents and supports the reputation of the company by minimizing compliance and regulatory risk(s) through supporting execution against the Enterprise Risk Management Framework by proactively identifying and resolving emerging and material risks and ensuring adherence to company and legal standards. Responsible for ensuring that all of the company’s activities adhere to the necessary rules and regulations, and that the company complies with legal/regulatory statutes and jurisdictions. Evaluates the adequacy and effectiveness of business unit risk management.

Job Function: Business Control

Ensures transparency of business results, finance and processes. Typically organizes a reporting system and tracks goals accomplishment, collect and process data and provides managers with all necessary company management data and information.

Summary of Responsibilities:

The Business Control & Risk Management Specialist operates within the First Line of Defense and is responsible to assist the Business Control & Risk Management unit on the execution against the Enterprise Risk Management Framework.  Specifically, the Business Control & Risk Management Specialist works to identify, assess and action various risks throughout the assigned business line by, assisting with business unit compliance with applicable regulatory/legal obligations, and a high degree of adherence to Corporate and Business Line Policies and Standards.  The Business Control & Risk Management Specialist will also assist with completion of business line risk initiatives, as assigned, such as risk assessments, KRI/KPI development, and timely complete remediation of issues.

Essential Functions:

Assists in the execution of both Operational and Compliance Risk Control Self-Assessments (RCSA’s).

Conducts walk-throughs and documents internal processes by developing and/or enhancing process maps and narratives.

Independently conducts control testing, which will include inquiry with management and staff,  on-site observations, examination & analysis of data and potential re-performance, depending on the control and the level of risk being mitigated.  Analyzes documentation for evidence of successful and efficient performance.

Through walkthroughs and testing, identifies possible internal control breakdowns and gaps and report them to management.

Identifies opportunities for improvement that will strengthen the overall control environment.

Assists with the development and documentation of achievable and sustainable action plans to remediate identified control weaknesses and performs validation testing upon business line execution.

Interprets regulations affecting the control environment with large degree of independence and suggests methods of updating policies and practices to address any risk concerns.

Manages complex projects that involve working with businesses to improve controls to mitigate any deficiencies.

Provides input in the development and helps execute the annual risk education and awareness training.

Provides guidance and feedback on operating process and internal control improvement initiatives.

Partners with Internal Audit, Compliance, and/or lines of business for control testing and regulatory requests; escalating issues as needed.

Provides thematic analysis of issues for business to identify emerging trends.

Assesses audit results/recommendations and assists lines of business with developing corrective action plans, as necessary.

Reviews current policies and procedures to identify process gaps and opportunities for improvement.

Other Functions:

Other duties as assigned.


Education –

Bachelor’s Degree: Accounting, Business, Statistics, Risk Management, Human Resources, Information Systems, Finance, Economics or equivalent field.

or equivalent work experience

Master’s Degree: Accounting, Business, Statistics, Risk Management, Human Resources, Information Systems, Finance, Economics or equivalent field.

Experience –

5-9 years Operational Risk Management, Internal Controls, Auditing, relevant line of business experience and/or legal or regulatory experience.

Skills & Abilities –

Experience in Risk & Control Self assessments, control frameworks, SOX / Operational Risk Control strongly preferred

Proficiency with Microsoft Office Suite including Excel, PowerPoint, Word, and Visio

Ability to build positive relationships with team members across the organization and continue to enhance internal and external networks of risk management information resources

Strong organizational skills with the ability to work in a dynamic environment that requires the ability to manage multiple, and often competing priorities

Strong analytical and problem solving skills

Strong project management skills and can effectively work independently

Strong oral and written communication skills and the ability to summarize and present complex information and issues succinctly for the required target audience

Licenses & Certifications –

Other Risk Certification


Collaboration – Relationship Management:

Proficient – Applying and Executing

Knows who to reach out to inside and outside of one’s team to get work done

Takes action to enhance working relationships needed to achieve seamless work flow

Collaboration – Teamwork:

Proficient – Applying and Executing

Creates a good working environment in the team; works towards shared goals contributing ideas and accepting change

Provides assistance and coaches less experienced team members

Execution – Accountability:

Proficient – Applying and Executing

Follows through to meet commitments to others

Takes responsibility for achieving strong results, despite balancing multiple complex demands

 Influence – Information Sharing:

Proficient – Applying and Executing

Uses information and data effectively to support a position and present a rational case

Influence – Two-way communication:

Proficient – Applying and Executing

Communicates in a timely and straightforward manner

Probes for additional information, clarifies assumptions and confirms agreed-upon actions

Keeps everyone involved informed about progress and issues

Risk Business Acumen – Industry Acumen:

Proficient – Applying and Executing

Stays current with industry and regulatory trends and emerging risk issues

Has good understanding of current market and competitive landscape that the organization operates within

Risk Management – Knowledge of Risk Management Policies, Regulations, Processes and Procedures:

Proficient – Applying and Executing

Executes risk management process and procedures without management direction, and demonstrates awareness of expected results

Knows the relationship and impact of actions and results

Has an understanding of regulations impacting area supported

Risk Management – Risk and Compliance Adherence:

Proficient – Applying and Executing

Communicates the importance and benefits of risk management to counterparts

Displays natural skepticism and curiosity to question the status quo and uncover issues

Adheres to a good root cause analysis process

Working Conditions:

Frequently: Minimal physical effort such as sitting, standing, and walking.

Occasional moving and lifting of equipment and furniture is required to support onsite and offsite meeting setup and teardown.

Physically capable of lifting up to fifty pounds, able to bend, kneel, climb ladders.