Director of Enterprise Risk Management

Job Summary: The Risk and Regulatory function at Vistra is responsible for the oversight and management of the Enterprise Risk Management framework and ensuring compliance with relevant regulations and company policies. The function must meet the expectations of multiple stakeholders, including boards of directors, regulators and front line business units with the aim of ensuring that enterprise risks including regulatory compliance risks are appropriately identified, mitigated, managed and monitored.

Vistra is seeking a detail-oriented and proactive Director of Enterprise Risk Management to join our second line risk function and be part of our Legal, Risk and Regulatory Centre of Excellence in Poland where you will gain a unique opportunity to work across risk areas with our global network of colleagues. 

A key focus of the role will be to take the lead in executing and developing the Enterprise Risk Management framework for Vistra’s corporate business unit. This is a key role in ensuring that the Enterprise Risk Management function is operating effectively and continuously developing in line with industry best practice and regulatory expectations.

The role will be responsible for performing risk reviews to identify, evaluate and manage key risks impacting the business with a focus on the risks impacting Vistra’s business objectives. The role will support on risk matters, producing regular management information on risk initiatives.

This role is crucial in maintaining a robust risk management culture and ensuring that Vistra effectively manages its risk exposures globally. If you are a strategic thinker with a passion for risk management and a track record of success in a global environment, we encourage you to apply.

Summary of Key Responsibilities:

• Proactively implementing and enhancing global risk management policies, frameworks and second line monitoring procedures in an integrated manner that enables the proactive identification of risks and trends across Vistra using automated solutions wherever possible.
• Providing training and awareness on the 3 lines of defence roles and responsibilities and Vistra's risk management framework.
• Interpreting and disseminating information to management and staff about emerging risks.
• Managing a risk monitoring and reporting team ensuring timely and insightful reporting to management on key risks.
• Maintaining key risks register.
• Developing standardised risk identification, assessment, mitigation and reporting templates across Vistra.
• Preparing materials for risk monitoring and testing over systems, processes and tools and monitoring resolution of identified issues.
• Promoting and encouraging a culture of compliance and ethics. 

Risk Oversight and Governance

• Assist in the development and maintenance of a comprehensive risk management framework including policies, templates and second line monitoring and reporting procedures that facilitates the early identification of risks and trends.
• Being responsible for the co-ordination and implementation of the internal control framework. This will involve working closely with relevant internal stakeholders to support completion of various internal control tasks such as:
  • Testing design and operational effectiveness of controls.
  • Discussing and communicating control deficiencies identified with control owners.
  • Agreeing on appropriate action plans to enhance controls and monitoring progress of the actions.
  • Preparing internal control updates for governance committees at executive and board level.
• Supporting execution of operational risk assessment across business units. This will involve:
  • Carrying out operational risk assessments with the risk owners.
  • Developing scenarios for testing.
  • Completing the testing and documentation requirements.
  • Collating and analysing operational risk incidents on a quarterly basis.
  • Liaising with business risk owners to discuss and challenge results of operational risk assessments.
• Provide oversight and challenge to the first line of defence on risk management practices.
• Assist business units comply with regulatory requirements and internal policies across all jurisdictions.
• Provide guidance to the business on risk requirements and Group and local policy.
• Provide insights and awareness on risk matters that could impact the business.
• Act as a trusted advisor, providing practical insights and awareness on risk matters and aligning risk initiatives with business goals and operational processes. 
• Report on risk exposures and mitigation strategies to senior management and relevant boards/committees.

Risk Identification and Assessment 

• Working with business units to identify, assess and prioritise key and emerging risks and assess their potential impact on Vistra's global operations.
• Conduct risk assessments and scenario analysis to evaluate the effectiveness of risk controls used by first line teams.
• Collaborate with business units worldwide to ensure risks are identified, assessed, and managed appropriately in a consistent manner.

Risk Monitoring and Reporting 

• Monitor key risk indicators and escalate issues as necessary.
• Prepare and present accurate and insightful risk reports to senior management and the boards (based on risk reports received from 1st line teams).
• Ensure timely and accurate risk reporting to regulatory bodies.

Training and Awareness

• Develop and deliver risk management training and awareness programs regularly, including on new emerging risk, ethical behaviour and on accountability in ensuring that 1st line are aware of their responsibilities for identifying, owning and managing risks and controls.
• Facilitate risk workshops and discussions with business units.
• Provide guidance and support to the first line of defence on risk management practices including assisting the implementation of risk controls.
• Promote a culture of compliance by promoting transparency, ethical behaviour and accountability.
• Update training and awareness materials regularly to reflect changing regulatory requirements and emerging risk areas.

Automation and Standardisation 

• Lead initiatives to automate manual risk management tasks.
• Promote and enhance the use of Vistra's governance, risk, and compliance (GRC) SaaS platform.
• Standardise risk management processes and risk assessment templates globally as a key business priority while ensuring regulatory compliance.

Qualifications and Experience

• Educated to degree level in law, risk management or a related field.
• Minimum of 7 years risk experience in financial or corporate services or other relevant.
• Extensive experience in enterprise risk management frameworks, preferably in a global financial services environment.
• Experience in risk analysis and internal controls, including the setting of control objectives and control procedures to be put in place.
• Experience in risk control self-assessments (“RCSAs”) including testing of internal controls and reporting on output.
• Experience in the field of audits of general controls or related field.
• Experience with automation and GRC platforms.

Skills:

• Strong analytical and regulatory technical skills.
• Good inter-personal skills and ability to work collaboratively in team environment and build positive professional relationships.
• Robust organisational, multitasking, time management and follow up skills.
• Demonstrate high levels of integrity.
• Good understanding of local and global regulatory landscape.
• Skilled in identifying regulatory and risk-related challenges and developing innovative solutions.
• Excellent written and oral communication skills.
• Excellent leadership skills.
• Effective analysis skills (both quantitative and qualitative).
• Thorough data interpretation skills and attention to detail are a must.
• Ability to work under pressure and meet tight deadlines.
• Take the lead in the delivery of comprehensive yet succinct MI to Vistra’s senior management.