Job Description – Group Risk Officer
Job title: Group Risk Officer (maternity leave cover)
Grade or Grade range: E
Department: Governance and Finance
Main purpose of the job:

The job holder is primarily responsible for maintaining and developing the risk
governance framework and managing and reporting risk across all risk drivers
for CAF and all CAF group entities. This includes providing assurance to
trustees, board committees and executive management as to the effectiveness
of risk management processes and management information.
Specific focus is required for business continuity; group insurance
arrangements; group data and IT security risks; and the Magique platform.
Your remit will extend to cover all responsibilities held by others working within
the Risk Function, such that as experience is gained over time, you will work
interchangeably with risk colleagues.
While CAF continues reorganisation of its compliance function, you will
maintain responsibility for oversight of Group compliance arrangements,
particularly in the areas of Information Security and Data Handling. You will also
lead on an interim basis compliance work in the non financially regulated areas
of the organisation.
Responsible to: Group Chief Risk Officer
Budgetary responsibilities: None
Responsible for (staff/jobs): None
Job Responsibilities
Strategic

Maintain and develop further the firms’ risk governance strategies taking into
account regulatory guidance, developments in corporate governance, and
industry best practice.

Support the development of the firms’ risk culture as an enabler of business
development within a sound framework of systems and controls.

Provide support for executive management and all other colleagues on a CAF
wide basis in the development of risk management strategies.

Support the development of the firms’ policy framework and risk appetite,
including where appropriate updating individual policies.
Operational

Maintaining CAF and CAF group entities risk management frameworks
including the identification, assessment, measurement, review, monitoring and
reporting of risks and issues.

To propose and gain agreement of risk appetite with executive management for
approval by trustees or relevant board committees.

Development and maintenance of risk policy.












To identify with risk owners and highlight to executive management significant
emerging or crystallising risk issues.
Conduct risk investigations and provide risk assessments, reporting to the Chief
Risk Officer and executive management.
Support the business in the development of risk mitigation and action plans to
address risk issues. Track action plans and review progress with risk owners.
Maintain CAF and CAF group entities risk registers for review with risk owners,
executive management, audit and appropriate regulatory authorities.
Develop and enhance risk management information and KRI monitoring
including full data review and periodic checking of MI accuracy to ensure
systems and data are of sufficient quality to be useful to management.
Prepare reports and papers for consideration by trustees, board committees
and executive management.
Develop and undertake risk related presentations to trustees, board
committees, executive management and other internal and external meetings.
Support the delivery of projects, initiatives and new/changed products/services,
ensuring the type, level and mix of risks remain consistent with the firms’
appetite for risk and aligned to business strategy.
Provide a framework for the sign-off of projects, initiatives and new/changed
products/services, ensuring new and changed risks are recognised and
recorded by project teams
To maintain a close working relationship with alternate Group Risk Officer(s),
deputising for each other when required and providing support for each other’s
specific areas of responsibility.
Provide support to the MLRO team as required to maintain regulatory
monitoring and in the assessment and management of AML and CTF risks.
To work collaboratively with the Group Compliance, Legal and MLRO teams to
develop a joined up approach to group governance which engenders a culture
that supports business development within a framework of robust systems and
controls.
For Group

Lead review and renewal of CAF and CAF group entities insurance
arrangements.

Ensure CAF and CAF group entities business continuity and disaster recovery
plans remain effective, maintained up to date and regularly tested.

Lead development and embed use of the Magique risk management platform
across the business as the key tool for recording, managing and reporting risk
across the business.

Maintain consolidated risk reporting, including aggregation of risk and
comparison to risk appetite.

Provide support for risk owners, departmental risk champions and risk groups
across the business.

Lead completion of the annual risk self assessment and confirmation by senior
management.

Provide support for the fraud function as required in the identification and
management of fraud trends and, exceptionally, investigation of significant
incidents.

Management of data and Information Security risks, working in collaboration
with the Head of IT Security. You will be nominated as the Group Data
Protection Officer.
Compliance

While reorganisation of the Group compliance function continues, you will
maintain responsibility for oversight of compliance arrangements in non
financially regulated areas of CAF. This includes providing direction and
support for the Group Compliance Analyst:




in maintaining the Group compliance programme and framework;
completion of the group compliance monitoring plan;
maintenance of the compliance policy framework;
maintaining data security and responding to third party data
requests; and ensuring ongoing PCI-DSS compliance.
Line Management

Recruitment and appointment of employees within approved budget and
headcount as approved by executive management.

Discuss and agree performance objectives with direct reports, including regular
review of performance and appraisals.

Identification of training needs for direct reports and agreement of personal
development plans.

Provide support and coaching for direct reports.

Ensure compliance with CAF Health and Safety Policy, maintaining safe
working practices for all staff, colleagues and visitors.
Personal

Maintain compliance with all legal, regulatory and procedural requirements,
including CAF Health and Safety Policy.

Maintain up to date knowledge of regulatory and legislative developments
across all areas of responsibility.

Maintain up to date knowledge of industry fraud trends and anti-fraud initiatives.
CAF Behaviour Framework
The CAF behaviour framework sets out in a transparent and consistent manner the
explanation of the performance expectations of all CAF People. Through the use of
common language and common standard, it combines a set of behaviours with the
required technical skills and knowledge needed to effectively perform in any given
role with us. This framework is used for the assessment, management and
development of performance of all our people.
Please refer to ‘Work the CAF Way’ booklet for the CAF behaviour framework.
Job description dated: June 2015
Person Specification
Job title: Group Risk Officer
Date: June 2015
Attributes
Experience
Either strong knowledge of risk/compliance or relevant
business experience.
Qualifications
3 A levels (or equivalent) or significant relevant business
experience.
Training
Training in risk/compliance or significant relevant on the
job training.
Specialist skills/ability/knowledge
Track record in risk/compliance or substantial relevant
business experience.
Communication
Ability to give presentations, write reports and
communicate effectively to staff and management.
Personal qualities
High integrity, honesty, and real desire to support the
business in moving forward.
Prior to Appointment
All posts:
 Credit check
 Basic Criminal Records Check
 Employment references
 Medical clearance
*FCA approved posts:
 Standard Criminal Records Check
Essential

Desirable


How Evidenced *
R/C

E
A/C


C

C

C


R/E
R/E
R/E
R/E


R/E

*Key: R= References E= Evidence/certificates A= Application C= Competency interview
T=Testing/assessment