Chief Risk Officer
Microsoft
Dublin, Ireland
Empower every person and every organization on the planet to achieve more. That is what inspires us, drives our work, and pushes us to challenge the status quo every day.
Microsoft Treasury supports the digital transformation journey of Microsoft’s customers, partners & vendors by providing competitive credit and payment solutions to support revenue growth while managing credit risk.
We are a compliance first organization with customer obsession and deal economics focus. We support over $150B in trade and receivables and $11B in payment solutions per year in global markets. The team is also charged with managing over $130B of investment portfolio, currency risk, bank account infrastructure and business risk insurance.
The Risk Management Senior Manager will serve as Chief Risk Officer of a newly created payments institution based in Dublin, Ireland. This role will lead risk management for the licensed entity, design, implement and operationalize a risk governance framework, and ensure risks are tracked and managed within the regulated business model.
This position is a high impact role that will serve as a leader in this field, build and lead an expert Risk team to support the growth of the business, and sit as a non-director member on the regulated entity board’s Risk Committee. A successful candidate will quickly establish oneself as a credible subject matter expert, leveraging consultative papers, proposed regulatory changes, payment scheme rules, emerging technologies, trends, and standards and practices in the payments risk arena and update the risk governance framework to ensure it is current and optimal for the business.
Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As employees we come together with a growth mindset, innovate to empower others, and collaborate to realize our shared goals. Each day we build on our values of respect, integrity, and accountability to create a culture of inclusion where everyone can thrive at work and beyond.
Responsibilities
Design and launch a continuous risk assessment of the regulated entity's operating business model, platforms, processes and people to identify risks and points of vulnerability based on performance, capacity, availability, dependability, speed and other key operating metrics. Recommend improvements and enhancements to the regulated entity’s operations, to ensure that the risk function is a strong second line of defence as part of a three lines of defense model.
Manage fraud risk effectively by conducting risk assessments of regulated products to identify current and emergent fraud risks, ensuring appropriate fraud policies, procedures, and technology and operational controls are in place, and ensuring risks related to payment disputes, and the management and chargeback response process are appropriately addressed and managed for the regulated entity's provided services.
Manage product risk by conducting assessments of the regulatory, commercial and market risks for regulated product offerings, providing input to product design, carrying out periodic product reviews and business monitoring, and providing risk advice in relation to proposed or anticipated changes to the design or markets for these products.
Implement and oversee the regulated entity's Risk and Control Register and with the Chief Information Officer, design, implement, communicate and oversee a comprehensive business continuity and disaster recovery plan.
Ensure appropriate operational controls are in place, serve as main point of contact when alerts are triggered, and, with functional heads, address the root cause of operational performance issues and assess internal control effectiveness. This includes maintenance of a Risk Incident Log to capture the occurrence, management, remediation and reporting of significant and major risk incidents and handling escalations and actions with the card schemes and any investigations by law enforcement agencies.
Provide independent oversight and challenge of operational resilience activities , including classification of critical services, resilience assessments, remediation oversight, and risk reporting, ensuring robust resilience governance and timely escalation to senior committees and the Board.
Ensure sufficient and effective oversight, including regular and ad hoc risk reporting, of outsourcing relationships from a risk perspective, and ensure any third-party outsourcing relationships are compliant with the company's risk appetite and policies.
Qualifications
Required Qualifications
-
Demonstrable experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance OR Bachelor's Degree AND demonstrable experience in Risk Management, Privacy, Security, Compliance, Government Intelligence, Operations, Auditing, and/or Finance
OR equivalent experience
Must be or willing to be granted the PCF-14 role as established by the Central Bank of Ireland
Preferred Qualifications
Bachelor's Degree in Risk Management, Engineering, Government Intelligence, Security, Cybersecurity, or Information Technology, or related field AND demonstrable experience in Risk Management in the context of Operations, Engineering, Information Technology, Business Analyst, Consulting, Auditing, Privacy, Security, Compliance, Government Intelligence, and/or Finance OR Master's Degree in Risk Management, Engineering, Government Intelligence, Security, or Information Technology, or related field AND demonstrable experience in Risk Management in the context of Operations, Engineering, Information Technology, Business Analyst, Consulting, Auditing, Privacy, Security, Compliance, Government Intelligence, and/or Finance
Demonstrable people management experience
Current or prior experience holding a PCF-14 role recognized by the Central Bank of Ireland within a regulated Payments Institution business, or similar
Membership with a relevant risk domain area association including: International Association of Privacy Professionals (IAPP), International Information System Security Certification Consortium (ISC)2, and Information Systems Audit and Control Association (ISACA), Certified Internal Auditor (CIA), Society for Corporate Compliance and Ethics (SCCE), Disaster Recovery Institute (DRI), Certified Business Continuity Professional (CBCB), Committee of Sponsoring Organizations of the Treadway Commission (COSO) and Institute of Internal Auditors (IIA)
This position will be open for a minimum of 5 days, with applications accepted on an ongoing basis until the position is filled.
Microsoft is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, citizenship, color, family or medical care leave, gender identity or expression, genetic information, immigration status, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran or military status, race, ethnicity, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance with religious accommodations and/or a reasonable accommodation due to a disability during the application process, read more about requesting accommodations.