Skip to content
CareersJob opportunitiesBusiness Control Officer

Back to search result

Business Control Officer

Employee | Risk Management | Professional | Philippines | Makati | 2024-04-15 | REQ-10072502

Apply

Risk Governance

ING Hubs Philippines’ risk governance structure follows ING Bank’s three lines of defence model. This model aims to provide sound governance framework for risk management by defining and implementing three risk management ‘layers’ with distinct roles, execution, and oversight responsibilities.

First line of defence (1LoD)

Each department and business line has the primary ownership, accountability, and responsibility for assessing, controlling, and mitigating all financial and non-financial risks affecting their businesses and for the completeness and accuracy of financial statements and risk reports with respect to their responsible areas.

Meanwhile, the Management Committee (ManCom) is responsible for developing and implementing operational controls to manage and mitigate risks.

The ODCR Team functions as 1LoD risk and control, mandated to ensure framework execution in the organization and to provide control insight and support to the business lines and Mancom.

Specific to ING Hubs, the ODCR Team also:

  • Functions as the delegate Data Protection Executive (DPE) Office, ensuring execution of Global Personal Data Protection Policy and relevant local data privacy requirements
  • Covers specialized function for Fraud Management, Business Continuity Management, and Compliance, ensuring proper execution of relevant controls within the organization

Job Purpose

Contributes to business risk and control functions to ensure that ING’s activities are in line with regulatory requirements and run smoothly, in such a way that it can be demonstrated to the regulators and the outside world. Contributes to the integrity of ING’s products, services, and employees, and compliance with respect to the outside world.

Roles and Responsibilities

Process

Responsibilities

Activities

Training and Awareness

Ensure adequate understanding of control ownership and risks across the organization

  • Create awareness about Non-Financial Risk (NFR) responsibilities and control ownership across 1LOD
  • Ensure 1LOD staff are trained on NFR methodology and tooling
  • Develop local training & awareness plan in collaboration with 2LOD
  • Monitor timely participation in mandatory trainings on specific control requirements

Risk Assessment

Facilitate the timely execution of risk assessments, ensuring the participation of relevant 2LoD functions as of the start of risk assessment

  • Support the preparation, coordinate, and monitor the timely execution and submission of risk assessments
  • Ensure quality and documentation of risk assessment in relevant tooling

Control Design

Support process control design, considering effectiveness, efficiency, and “customer” experience criteria

  • Advise business on the design of generic controls, considering effectiveness and efficiency and ensuring automation where possible
  • Support business with control definition and documentation, including the definition of control indicators and/or test plans

Control Implementation / Execution

  • Facilitate gap analysis/impact assessment and monitor the remediation of gaps related to global policies, control standards, and regulatory requirements
  • Ensure the timely and proper documentation of controls in the system
  • Coordinate execution of applicable entity wide and/or process specific controls

  • Coordinate and advise on the analysis of control requirements to identify any required changes
  • Ensure correct pushing of controls in the system
  • Document/update risk assessment, risk and control owners, control description, waivers/deviations, test dates, and test plans, among others, in the system
  • Together with risk and control owners, ensure timely and proper execution of controls in the entity or within the specific departments/business lines

Control Evaluation

  • Perform and/or coordinate Key Control Testing and/or other alternative methods
  • Facilitate and document testing results and control evaluation
  • In consultation with 2LoD, identify scope and plan of testing of key controls
  • Monitor progress on key control testing and/or other alternative methods (e.g., Risk Measurement Model)
  • Coordinate and provide input for the timely control evaluation (sign-off on control effectiveness) in the system

Event Management

  • Ensure timely capturing, analysis, follow up, and reporting on events
  • Support the documentation of lessons learned and facilitate the sharing with/learning from other units
  • Embed event reporting process in the local set-up
  • Advise departments and business lines on immediate event reporting requirements
  • Ensure proper documentation and updates of incidents in the system
  • Agree with event owners on follow up actions and track these until closure
  • Support root cause analysis and lessons learned delivery
  • Monitor timely delivery of lessons learned and share with relevant stakeholders

Issue and Action Management

Execute and/or coordinate the timely definition, capturing, monitoring, and reporting of issues

  • Advise on issue risk ratings, action owners, management actions, and timelines to mitigate control deficiencies
  • Ensure timely recording of issues and actions in the system with correct linkage to relevant controls and/or regulatory requirements
  • Monitor and track progress of issues and facilitate requests of risk rating and target date changes and issue acceptance
  • Support business in CAS close out meetings
  • Coordinate timely closure of issues

Management Information and Reporting

Prepare dashboards providing management insight on control effectiveness, issues, events, among others

  • Report on NFR framework execution as well as on the effectiveness and efficiency of overall control environment to the local NFR Committee and relevant Operations Management Teams
  • Support the preparation and reporting of quarterly NFR Dashboard
  • Prepare and release reports on NFR Targets

Mandate, roles, and responsibilities are the same except that C&R Officers are assigned as local control and risk owners while C&R Business Partners work with the Delivery Teams in managing 1LOD risk and control activities.

Work experience/skills required:

  • At least 3 years of banking experience, specifically in the fields of Business Control, Operational Risk Management, Compliance, and/or Audit

(Note: This increases depending on the GJA level. Specialized function (i.e., Fraud, BCM, DPE) will require at least 5 years of experience in the specific field/area of expertise.)

  • Demonstrable understanding of and experience with various risk management tools and processes
  • Fluent in English (written and spoken); with good communication and presentation skills
  • Able to liaise and collaborate with a broad range of individuals, including Senior Management and Global stakeholders
  • Capable to train others, transfer knowledge, and share expertise
  • Able to work well, apply sound judgment, and make timely decisions under pressure
  • Proactive, self-starter, and requires minimal supervision
  • Able to establish a good working relationship among colleagues
  • Experience with international/global financial institution is an advantage

Apply

Back to top

Please be aware that the recruitment procedures, (labour) regulations and labour agreements of Philippines apply.

Yes No
project.cyortDownloadPDFButton project.cyortDownloadZIPButton
Listen