Operational Risk Officer Senior

As a key member of the Operational Risk Management (ORM) team, the Operational Risk Officer Senior- RCSA is responsible for executing the Risk and Control Self-Assessment (RCSA) process and supporting a broad portfolio of operational risk programs. This role provides expert guidance in identifying key operational risks, assessing the effectiveness of controls, and driving the development and implementation of risk mitigation plans. The Operational Risk Officer Senior- RCSA contributes to enhancing risk awareness and supports the ongoing evolution of the bank's operational risk governance framework.

The position requires independent judgment and discretion in performing complex risk activities, with a strong focus on strategic decision-making and supporting the bank's operational objectives. The Senior Officer collaborates with risk and business leaders to promote a proactive risk culture while ensuring alignment with regulatory expectations and internal standards. Through thoughtful analysis and advisory, the role influences the effectiveness of operational risk management across the bank.

Principal Duties & Responsibilities:

Independently manage RCSA activities with business units, ensuring timely execution, quality documentation, and alignment with risk appetite.

• Assess whether identified controls are appropriately designed, effectively implemented, and sufficient to mitigate inherent risks.

• Identify control gaps or weaknesses and work with business units to develop feasible and sustainable remediation plans.

• Conduct control effectiveness reviews during RCSA cycles and critically evaluate business responses.

• Facilitate operational risk workshops and walkthroughs to identify new and evolving risks across functions.

• Analyze the operational impact of new initiatives, products, or system changes through pre-implementation risk reviews.

• Contribute to the development and ongoing maintenance of standardized process, risk, and control libraries, ensuring alignment with enterprise risk taxonomy and integration into risk assessment activities, including RCSA.

• Manage the risk event lifecycle processes, from detection and reporting through remediation and closure.

• Review root cause analyses to confirm underlying issues are addressed in remediation plans.

• Ensure all OREs are logged promptly, escalated appropriately, and accurately recorded in risk systems and tools.

• Collaborate with business units to implement preventative controls or process improvements following incidents.

• Monitor and quality-check open risk issues, ensuring timely resolution aligned with business priorities and regulatory expectations.

• Validate issue closures through evidence review and control testing, confirming corrective measures are embedded and effective.

• Communicate overdue or at-risk items to senior management with clear escalation triggers and mitigation recommendations.

• Develop and deliver targeted training on operational risk concepts, control design, and RCSA best practices.

• Promote risk ownership across business units by reinforcing accountability for risk identification, documentation, and mitigation.

• Share lessons learned from internal and external events and audits to strengthen institutional risk culture.

• Provide second-line oversight and credible challenge to RCSA processes, risk assessments, and control evaluations.

• Collaborate with Risk Subject Matter Experts (e.g., Compliance, Internal Audit, IT Risk, Business Continuity) to ensure coordinated risk oversight and avoid silos.

• Contribute to Operational Risk Committee materials by providing insights on control weaknesses, risk trends, or critical issues.

• Maintain risk dashboards and prepare periodic reports for senior management and regulators as needed.

• Contribute to the evolution of the Operational Risk Management Framework (ORMF), ensuring tools like RCSA, Key Risk Indicators (KRIs), and OREs are integrated and actionable.

• Benchmark internal practices against industry standards and regulatory expectations (e.g., Basel, OCC, Federal Reserve, FFIEC) and identify opportunities for improvement.

• Participate in policy, standard, and procedure reviews and updates to ensure operational risk policies remain practical, current, and well-communicated.

• 5-7 years of relevant experience in operational risk management, enterprise risk, internal audit, compliance, or internal controls within the financial services industry (banking, insurance, asset management, etc.).
• Experience working with risk technology platforms and analytics tools (e.g., Archer, ServiceNow, Power BI).

• Advanced knowledge of banking regulations, risk assessment methodologies, and financial risk products to independently identify and mitigate operational risks.

• Thorough understanding of risk management principles, financial regulations, and industry best practices, with expertise in financial products and operations.

• Strong critical thinking and analytical skills to evaluate complex risks, formulate recommendations, and effectively influence senior leadership decisions.

• Excellent communication and interpersonal skills to clearly present risk findings and collaborate across business units and senior stakeholders.

• Self-motivated and able to work autonomously, managing multiple priorities with minimal supervision, utilizing technology and risk management systems effectively.

• Proactive collaborator who contributes expertise within cross-functional teams to support robust risk management and compliance.

• Bachelor's Degree in Finance, Risk Management, Economics, Business Administration, or a related field.
• An equivalent combination of education and relevant professional experience may be considered in lieu of a degree.

• Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
• Please view Equal Employment Opportunity Posters provided by OFCCP here.
• The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
• Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com.