Senior Director, Head of Corporate Risk

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

At Visa, risk management is everybody’s job, every day. The Senior Director, Head of Corporate Risk, will be instrumental in driving effective risk management practices in region, enabling cross-functional teams to manage Visa’s Strategic, Regulatory, Enterprise, Operational and Third-Party risks effectively. The individual will be a strong leader and thought partner responsible for maturing, advancing and implementing Corporate Risk roadmap initiatives.

This position reports into the Head of CEMEA Risk Strategy Operations (RSO), and the role requires frequent interactions with senior internal stakeholders in region: Business, Finance, Legal, Compliance, Controllership, Processing, Government Relations, Products, Risk and other functions and globally with the Corporate Risk teams. External engagements with payment system regulators and stakeholders in the wider payment ecosystem may also be required. The role will provide leadership and guidance to a team of 4 members supporting CEMEA.

Key outcomes expected

• Regional execution of Enterprise Risk Management initiatives as agreed with corporate risk and regional leadership balancing evolving business needs and prioritizing programs as required.
• Establishing effective risk management processes, frameworks, governance structure in region reenforcing 1st line ownership of risks.
• Embedding the 3LoD model in day to day business decisions thereby advancing risk-based decision making and maturity.
• Collaborating with the 1st line to drive risk assessments in a transparent and collaborative manner highlighting emerging issues in the regional risk profile for timely mitigation.
• Leading the Third-Party risk assessment and due diligence processes, both at on-boarding and throughout the lifecycle as part of Visa’s Supplier Risk Management Program (SRMP).
• Providing visibility and regular reporting on the overall Third Party risk profile to the regional management teams and risk committees. Working with local risk and regulatory teams, to make sure the program meets regional regulatory requirements where applicable. 
• Setting up the regional framework for identifying, monitoring and managing supervisory relationships, coordinating Global input for regulatory reporting obligations and inquiries from regulators, which continues to increase across the CEMEA region.
• Leading Risk assessments as required for high priority initiatives in collaboration with country and risk teams.
• Leadership, coordination and execution of CEMEA RCSAs (Risk and Controls Self Assessment) for processes in scope as well as management of regional risk events and issues.
• Support special projects and initiatives: special projects vary from strategic initiatives to day to day operations. Support needs will vary by project and will require, excellent written and verbal communications, and ability to multi-task and prioritize effectively.
• Manage the performance objectives, performance reviews, coaching and all other personnel matters for the direct reports.

Responsibilities

1. Enterprise Risk Management Lead efforts to manage Enterprise Risk, Governance, Risk Training and Communications, and Regulatory Liaison including but not limited to

• Regional execution of comprehensive ERM framework and generation of reports to provide transparency and visibility to trends, issues, risks across the region. Monitor and escalate risks to the appropriate governing body as necessary in region or global.
• Provide comprehensive reporting on CEMEA Top Risks, offering insights to CEMEA Leadership Team, Global Risk and Visa Executive Leadership.
• Execute on quarterly Key Risk Indicators dashboard providing qualitative insights on metrics triggering amber and red thresholds.
• Lead and coordinate Regional Risk Committee meetings, responsible for consistent execution and governance of this important leadership forum and follow up action items towards closure.
• Facilitate the Quarterly CEMEA Control Scorecard ensuring the regional business accurately and consistently report on performance and progress against key control environment scorecard actions. Partner with Compliance, Controllership and Internal Audit to provide an objective assessment of the region as a second line function highlighting improvements and gaps.
• Engage cross-functional stakeholders and build relationships at various levels of the organization to execute on program objectives and deliverables.
• Provide leadership across the 2nd line of defense ensuring control program alignment, use of a single language (risk taxonomy) and common scoring methodology for regional scorecards.
• Facilitate sub-regional Risk Assessments process, manage central repositories built on key risk themes enabling aggregation and monitoring of emerging threats.
• Actively participate in global ERM roadmap planning and prioritization getting fully integrated into global ERM discussions.

2. Third-Party Risk Management

• Lead the third-party risk assessment and due diligence process in region to ensure inherent third-party risks are accurately identified and selected suppliers have effective controls and strong overall health.
• Support stakeholder facilitation to ensure risk issues are addressed according to mitigation plans and solicit executive approvals where needed to ensure compliance with the SRMP’s governance structure.
• Manage the periodic risk reviews and updates of regional high risk suppliers during the supplier lifecycle, including reviewing risks at the supplier level across all engagements.
• Ensure constant alignment of SRMP with regional regulatory requirements and prepare any requested SRMP reporting for regulators.
• Ensure Service Level Agreements are met, identify and close any gaps between policies and procedures and processes.
• Responsible for updating the Risk Committee and the CLT on the status of the Program and any significant risk issues.
• Proactively identify and solve complex problems that impact the SRMP and the business. Meet regularly with business executives to seek feedback and inform of any modifications to SRMP affecting business lines.

3. Regulatory Risk Management

• Partner with business and functional teams to engage with government stakeholders, to foster sound conditions to operate across the region, obtain Visa operating licenses in key markets (as necessary), and maintain compliance with requirements to secure or renew Visa’s local operating licenses.
• Ensure regulatory requests are addressed in a timely and consistent manner, and proactively manage multiple inquiries and coordinate deliverables to meet expectations of regulators and internal clients (for example, Government Engagement, Legal, Compliance, Products, Finance).
• Create insights on regulatory and supervisory topics for effective business response and mature risk governance practices in region to support supervisory engagements and to manage the growing interest from multiple regulators.
• Provide regular and ongoing reporting, metrics and information related to regulatory and supervisory management, and support the RRO in identifying key regulatory and supervisory topics to disclose to the regional leadership team.

4. Operational Risk Management

• Perform second line oversight of the Risk and Control Self Assessment (RCSA) programs across CEMEA and manage risks associated with operational processes and associated controls. Ensure compliance with risk and control self-assessment procedure, control testing guidelines and standards.
• Lead kick off meetings with key stakeholders including Business Owner and Risk Champion per program schedule, provide guidance and effective challenge to ensure a comprehensive RCSA is submitted by the 1LoD.
• Ensure any new region-specific local processes identified are assessed with the business for appropriate risk tiering and registered with an RCSA in GORO with timelines for refresh established. Collaborate closely with the Global Operational Risk Business Partner ensuring global alignment.
• Support training needs for the 1st LoD Risk Champions and Process owners as required on the Operational Risk Module in GORO to ensure program requirements are met on a timely basis.
• Support to log Operational Risk events in GORO (as and when they occur) and report an informed Operational Risk profile for the region articulating trends and observations indicating areas requiring focus.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Qualifications

• Bachelor’s degree required with 15+ years of progressive experience working in the payment services or financial industry.
• Strong understanding of, and experience with, Enterprise, Operational, Regulatory, Strategic and Reputational Risks.
• Understanding of current and emerging payment system regulatory trends in CEMEA
• Ability to influence at an executive level both internally and externally.
• Excellent written, oral and presentation skills and an ability to synthesize complex and technical information into clear recommendations on course of action.
• Demonstrated understanding of the inherent risks associated with engaging suppliers to perform services and support projects/initiatives.
• Detail orientation and strong analytical skills, willingness to offer thought leadership, to think creatively, and to offer new ways to approach old problems.
• Flexibility and ability to think creatively and to identify new ways to approach old problems.
• Ability to identify and pursue multiple initiatives simultaneously and deliver superior results.
• Exceptional project management and reporting skills. Strong proficiency with project management tools (i.e. Microsoft Project, Visio, PowerPoint). Proven ability to prioritize deliverables and projects to meet timelines efficiently, to adapt to changes in priorities quickly and manage multiple initiatives simultaneously to drive projects to completion and deliver quality materials under tight deadlines.
• Experience determining when to escalate to management and identify the right stakeholders for decision making.
• Excellent collaboration and communications skills with experience in influencing, communicating and driving change through cross functional groups, including the ability to diplomatically build consensus across disparate views.
• Positive, proactive, solution oriented problem solver who gets things done within a matrix organization.
• Experience in preparing, and reviewing, and delivering (concise) executive level communications.

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.