Operational Risk Management Lead

The Operational Risk Management (ORM) Lead - RCSA is responsible for overseeing the development, execution, and continuous enhancement of the Risk and Control Self-Assessment (RCSA) program and supporting other operational risk programs, ensuring that operational risks are effectively identified, assessed, and managed in alignment with the organization's risk appetite and regulatory expectations.

Reporting to the ORM Director, this role serves as a key second-line advisor and governance partner to first-line and second-line business units. The Operational Risk Management (ORM) Lead - RCSA drives day-to-day program efforts, provides subject matter expertise, and ensures consistency in execution, stakeholder engagement, and timely risk remediation.

The position operates in a lead capacity, helping to advance team priorities, coordinate program-level activities, and serve as a central point of contact for complex or high-impact RCSA efforts.

Principal Duties & Responsibilities:

Lead the design, execution, and continuous improvement of the RCSA program across all business units.

• Ensure consistent identification, assessment, documentation, and monitoring of operational risks and controls aligned with the organization's risk appetite and regulatory expectations.

• Establish and maintain RCSA standards, methodologies, and templates to ensure consistency and quality across the enterprise.

• Provide second-line oversight and credible challenge to first- and second-line RCSA processes, risk assessments, and control evaluations.

• Review and validate the adequacy and effectiveness of controls identified by business units, ensuring risks are properly mitigated and documented.

• Escalate material risks, control weaknesses, and emerging issues to the ORM Director and relevant risk committees.

• Serve as the subject matter expert (SME) and primary liaison between Operational Risk Management and business units for RCSA-related matters.

• Partner with 1LOD, Compliance, Internal Audit, and other risk partners to ensure coordinated and consistent risk management practices.

• Facilitate regular meetings, walkthroughs, and workshops with process owners to support high-quality risk and control self-assessments.

• Lead program-level activities by guiding execution efforts, coordinating priorities, and advancing consistent delivery of RCSA objectives.

• Provide subject matter expertise and act as a resource to team members and business partners to promote best practices in risk control validation.

• Oversee identification, documentation, tracking, and closure of control deficiencies or risk issues arising from the RCSA process.

• Ensure corrective action plans are realistic, properly implemented, and validated before closure.

• Support root cause analysis and thematic reviews for recurring control failures or risk events.

• Prepare and deliver RCSA-related reporting, dashboards, and metrics for senior management and governance committees.

• Monitor adherence to program timelines, data quality standards, and policy requirements.

• Track key indicators of risk and control effectiveness to proactively identify potential areas of concern.

• Support integration and alignment of the RCSA program within the broader operational risk framework (e.g., risk taxonomy, KRIs, KPIs, loss events).

• Lead development and enhancement of process, risk, and control libraries.

• Contribute to GRC system enhancements to support RCSA automation, workflow, and reporting capabilities.

• Develop and deliver training and guidance to first- and second-line staff on RCSA methodology, risk identification, and control evaluation best practices.

• Promote a culture of risk awareness and ownership across the organization.

• More than 10 years of relevant experience in operational risk management, enterprise risk, internal audit, compliance, or internal controls, ideally within the financial services industry (banking, insurance, asset management, etc.).
• Experience working with risk technology platforms and analytics tools (e.g., Archer, ServiceNow, Power BI).

• Demonstrated experience in leading an RCSA program or similar risk/control assessment frameworks in a second-line or audit function.

• Proven ability to work independently and exercise sound judgment in complex risk environments.

• Prior experience in a risk governance or oversight capacity, with a proven ability to credibly challenge first-line assessments and escalate risk issues effectively.

• Experience working with risk/control libraries, risk taxonomies, or GRC tools (e.g., RCSA Archer, ServiceNow) is strongly preferred.

• Strong background in operational risk concepts, internal controls, risk identification, and root cause analysis.

• Experience providing guidance or mentorship in a formal or informal capacity without direct supervisory responsibility.

• Proven track record of cross-functional collaboration with risk, compliance, internal audit, and business units to support enterprise risk initiatives.

• Exposure to regulatory expectations related to operational risk (e.g., OCC, FFIEC, Basel, Federal Reserve, FDICIA) is a plus.

• Bachelor's Degree in Finance, Risk Management, Economics, Business Administration, or a related field.
• An equivalent combination of education and relevant professional experience may be considered in lieu of a degree.

• Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
• Please view Equal Employment Opportunity Posters provided by OFCCP here.
• The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
• Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com.