Established in 1912, Bank of China is one of the largest banks in the world, with over $3 trillion in assets and a footprint that spans more than 60 countries and regions. Our long-term outlook, institutional weight and global breadth provide our clients with a stable and reliable financial partner, whether in Corporate or Personal Banking or our Trade Services, Commodities, Financial Institutions and Global Markets lines of business.

The FLU Risk Manager is responsible for executing the risk management processes and manages the risks within its department, including but are not limited to conducting risk assessments, testing the controls, identifying and reporting risks and issues, monitoring the department’s adherence to risk management policies and procedures, performing tasks required under data privacy program, coordinate within department to complete user recertification, and report any information security or data privacy incidents.

Include but are not limited to

Risk Management Responsibilities

• Implement, or coordinate with relevant FLU teams on the implementation of, the RGF and risk management policies and procedures within FLU as well as enforcing relevant controls (e.g. Clean Desk check)

• Create and maintain FLU procedures pertaining to FLU Risk Managers’ responsibilities

• Provide inputs/feedback to IRM risk management policies and procedures

• Monitor FLU adherence to IRM standards and requirements

• Propose addition, modification and removal of KRIs and thresholds during annual review and off-cycle adjustment, and facilitate the approval process

• Monitor, maintain and report KRIs owned by FLU according to the governance requirements in the KRI Procedure

• Identify and escalate KRI warning line and limit breaches according to the KRI Procedure

• Produce FLU risk reporting for applicable risk areas, and report to Senior Management, IRM and risk committees as appropriate

• Identify existing and emerging risks potentially impacting the FLUs if any

• Identify incidents and issues and report to respective IRM

• Remediate issue or monitor issue remediation according to action plan, validate issue closure documentation for FLU-owned business-identified issues

• Conduct risk assessments pertaining to the respective risk areas (e.g. ERA, RCSA)

• Maintain a control inventory, process mapping and other documentations as applicable

• Develop control testing plan

• Conduct control testing, report results, monitor control issue remediation as applicable and validate issue closure documentation

• Attend risk management related training

• Identify risk management training needs for FLUs

• Review the application security requirements, and conduct security control testing on processes, systems, and applications as applicable

• Assist ORD in conducting security monitoring investigation as needed

• Coordinate risk management related requests from internal/external audit, Head Office and regulators within FLU

• Monitor the departmental third-party risk management, business continuity planning/testing and record retention

• Actively participate in the monthly FLU Compliance Testing meetings

• Participating in the BSA/AML/OFAC risk assessment, including monthly data verification, and demonstrating an adequate understanding of the RAE system

• Contributing to the annual Fraud risk assessment, such as ensuring timely completion of the questionnaire with high quality, and reviewing and providing feedback on the reports

• Contributing to the annual Consumer and Regulatory compliance risk assessment, such as ensuring timely completion of the questionnaire with high quality, and reviewing and providing feedback on the reports

• Acting as the department's regulatory change coordinator, providing timely responses to the LCD as requested

• Any additional responsibilities related to compliance risk management, as assigned by their department heads

• Act as liaison between CISO and FLU department to perform required assigned projects under Data Privacy Program on a timely basis. Support Data Privacy program deliverables includes but not limited to identifying projects or applications initiated or owned by department and perform necessary privacy impact assessment

• Identify data sharing cross-border and follow cross-border data sharing requirements to get required review and approval

• Identify and report to CISO on a timely basis any incidents related to data privacy breach or data security breach

• Coordinate between FLU and CISO to timely perform and complete user recertification

Other Departmental Responsibilities

• Assist the Department Management with day-to-day administration of EO including preparation of workforce analysis and business impact analysis, drafting departmental strategic plan, work reports and others

• Conduct quality assurance evaluation and testing to departmental processes, assist with workflow process review and revision

• Monitor the implementation of departmental ABAC compliance and expense management

• Participate in special projects and other duties as assigned

• Bachelor’s degree in Business Administration, Finance, or Economics required; Master’s degree preferred
• Minimum 5 years of Banking or Administration experience required
• Minimum 5 years of Risk Management, Compliance, and Internal Control experience
• Demonstrate knowledge in risk management processes and principles, regulatory, and compliance
• Demonstrate knowledge in Purchasing Management, Asset Management, Expense Management, Facility Management, Reputation Risk Management, Donation and Sponsorship management, Branding and Marketing, and Executive Support, etc. 
• Bilingual ability in English and Mandarin required