Business Risk Control Officer

The Business Risk Control Officer at a midsize bank is responsible for overseeing risk, compliance, and operational control frameworks to ensure regulatory adherence and financial stability. Key responsibilities include conducting risk assessments, monitoring business activities, and enhancing internal controls. The role collaborates closely with business units, audit teams, and senior management to mitigate risk and drive process improvements, while fostering a strong control environment. Additionally, the officer engages with stakeholders to support business performance, compliance, and operational efficiency, in alignment with the bank's goals and risk appetite.

The position exercises a high level of independent judgment and decision-making in areas that directly impact the bank's operational integrity, risk exposure, and strategic business objectives.

Principal Duties & Responsibilities:

Ensure Operational Risk Events ("OREs") and complaints are promptly captured, documented, and reported through the appropriate risk systems.

• Independently review and analyze operational risk events above a defined threshold that impact or originate from the Line of Business ("LOB"); identify root causes, document findings, and support the development of corrective action plans. Where applicable, record material control deficiencies in the system of record (Archer).

• Map OREs and complaints related to control deficiencies to impacted controls in the Risk and Control Self-Assessment (RCSA); reassess residual risk levels and escalate when residual risk exceeds the Bank's risk appetite.

• Evaluate external events (e.g., industry or regulatory incidents) to assess relevance to the LOB and recommend control enhancements or additions when needed to mitigate similar risks.

• Monitor and communicate the status of RCSAs to the supported LOB, identifying risks outside of appetite, new or open issues, and changes in risk exposure.

• Maintain an accurate and updated inventory of business processes executed by the assigned LOB and ensure those processes are properly reflected in the RCSA and associated system of record.

• Track risks related to LOB products, services, and processes; identify inherent risks and monitor internal or external changes that may affect the risk profile.

• Collaborate with product and service owners to assess risk in new or modified offerings; ensure appropriate controls are identified and incorporated into the RCSA.

• Engage with Risk Subject Matter Experts (SMEs) such as BSA/AML, Compliance, Information Security, Technology, Third Party Risk, and Fraud to validate risks and controls associated with LOB activities.

• Assess documentation and control coverage for models, vendors, tools, and applications used by the LOB by collaborating with Model Risk Management (MRM), Third Party Risk Management (TPRM), and Technology teams to ensure appropriate inclusion and alignment within risk frameworks.

• Ensure controls mitigating LOB risks are accurately documented and evaluated for design and effectiveness, including key control designation, in alignment with the Controls Standard.

• Independently review RCSA control testing results provided by the First Line of Defense (1LOD) QA team for completeness and adherence to control testing standards; identify any gaps or inconsistencies and escalate or follow up as needed.

• Conduct Quality Assurance (QA) checks related to control testing, by verifying that required elements (e.g., sample size, frequency, evidence) meet applicable standards, and escalate findings or inconsistencies for resolution as needed.

• Monitor control performance data to ensure controls are functioning as intended and identify any gaps or weaknesses requiring remediation.

• Serve as the Issues Management Coordinator for the LOB, ensuring consistent issue documentation, SLA tracking, and timely escalation through designated risk systems, while collaborating with appropriate SMEs to support resolution efforts.

• Collaborate with issue sources to identify finding owners, confirm severity ratings, and map issues to corresponding RCSA controls.

• Perform Quality Control (QC) on issues owned by the supported LOB to confirm accuracy, completeness, and proper classification.

• Reassess residual risks when issues impact controls, ensuring accurate risk reflection and working with stakeholders to determine if mitigation is required when risk exceeds appetite.

• 5-7 years experience in risk management, internal controls, compliance, or business operations within the banking or financial services industry.
• Knowledge of banking regulations, risk management frameworks, financial reporting, and control methodologies.
• Familiarity with banking systems, risk management software, and data analytics tools (e.g., Excel, Power BI, SQL).
• Ability to apply critical thinking to identify the strengths and weaknesses and propose effective solutions to control weaknesses.
• Excellent verbal and written communication skills to engage with stakeholders at all levels.
• High level of accuracy in risk assessment and compliance monitoring.
• High reasoning skills including the ability to define problems, collect data, establish facts, and draw valid conclusions.
• Ability to read, comprehend, analyze, and interpret legal documents, governmental regulations, and professional publications, especially guidance issued by regulatory authorities on the issues.

• Bachelor's Degree in Business, Finance, Business Administration, Risk Management or related field.

• Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
• Please view Equal Employment Opportunity Posters provided by OFCCP here.
• The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
• Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at employment@citynational.com.