Principal Auditor (m/f/x) Non-Financial Risk Management (NFRM), Enterprise Risk Management (ERM) and Risk COO

Position Overview

Role Overview
The Non-Financial Risk Management (NFRM), Enterprise Risk Management (ERM) and Risk COO team is part of the Risk team within GA. The auditor will report into the Principal Audit Manager (PAM) who reports directly into the Chief Auditor (CA) for Non-Financial Risk Management, Enterprise Risk Management and Compliance.
The GA Non-Financial Risk Management, Enterprise Risk Management and Risk COO team is responsible for the developing to the highest industry standards a risk-based and global audit plan covering:

• Non-Financial Risk includes new product and transaction approvals, reputational risk and the broader Operational Risk framework
• Specific components of NFRM including Business Continuity Management, Security Risk Management, Crisis Management, IT Risk Management, Transaction Processing Risk, and Information Security Risk Management
• Strategic Risk Framework, Group ICAAP, Group Regulatory Stress Testing (EBA), Group-Wide Stress Testing, Recovery and Resolution Planning, Risk Appetite Framework

• Evaluate the adequacy and effectiveness of internal controls relating to risks involved in the relevant areas in accordance with Group Audit Methodology and the established risk assessment framework
• Complete all assigned audit work (e.g. planning, fieldwork, finding validations) in line with agreed budgets and document in accordance with divisional standards. This includes discussing exceptions identified during fieldwork with audit leads and PAMs to enable drafting of high quality impactful audit findings
• Provide PAM / audit lead updates on progress, escalates problems/delays, support ad hoc projects
• Proactively develop and maintain professional working relationships with colleagues (locally and globally), stakeholders and respective support areas
• Supports ad-hoc projects including regulatory requests and/or other GA initiatives

• Professional credentials including degree-level education and a relevant Risk or Accounting professional qualification
• Knowledge of auditing standards and concepts. Direct experience as an auditor or controls function, minimum five years
• Understanding of risk management and control frameworks in a global banking control environment. Experience covering non-financial risk topics or Operational Risk Management frameworks or Enterprise Risk Management topics preferred
• Excellent analytical and communication skills, oral and written English, together with strong presentation and interactive skills
• Ability to work independently with limited oversight. Able to learn complex concepts quickly and then convey the concepts and ideas on issues requiring interpretation and opinion
• Independent in judgment and with unquestionable personal integrity and ethic. Able to challenge and be challenged whilst maintaining the highest levels of professionalism