• The role of Internal Controls & Resilience, Group Operations is responsible for leading and strengthening internal control, governance, risk, and assurance framework across Group Operations. The role acts as a 1.5 Line of Defense, serving as a strategic conduit between first-line operations and second/third-line functions (Risk, Compliance, Finance, Audit), ensuring robust control design, effective execution, and continuous improvement in the operational risk landscape.

• The role is accountable for driving enterprise-grade governance, control assurance, and risk management practices, including proactive identification of control gaps, systemic risk mitigation, and embedding a strong risk-aware culture across operations.

• In addition to core GRC responsibilities, the role has evolved to include:

  • Enterprise Governance Leadership: Structuring and operationalizing the Operations Group Risk Management Forum (OGRM), enabling data-driven risk discussions, thematic insights, and escalation into enterprise forums such as Operational Risk & Resiliency Committee (ORRC).

  • Control Transformation & Integration: Active role in cross-functional initiatives such as Identity & Access Management (IAM) and Role-Based Access Control (RBAC), representing Group Operations, ensuring alignment with enterprise security and regulatory expectations.

  • Operational Risk Event (ORE) Governance: Strengthening end-to-end governance of operational risk events in collaboration with Technology GRC and Risk teams, ensuring high-quality root cause analysis, ownership clarity, and closure discipline.

  • Enterprise Reconciliation Assurance: Providing oversight of reconciliation control effectiveness under the Enterprise Reconciliation Framework (ERF), including direct leadership of the Quality Assurance & Proofing Unit, ensuring independent validation, exception monitoring, and closure governance across all reconciliation types (Nostro / Inter Branch, GL, VAT, internal accounts, etc.).

  • Resilience & Risk Alignment: Representing Operations in enterprise resilience and risk forums, aligning operational risk insights with BCP/BIA, incident management, and systemic resilience priorities.

  • The role requires strong cross-functional leadership, balancing partnership with business units while maintaining independent assurance rigor, ensuring that operational controls are not only compliant but also effective, scalable, and aligned with the bank’s strategic and regulatory objectives.  

Dimensions

• Enterprise-wide coverage across Group Operations (UAE + IBG locations)
• Ownership of OGRM governance structure, outputs, and escalation mechanisms
• Active participation in enterprise risk and resilience forums

• Oversight of GRC reviews, thematic control assessments, and audit action tracking

• Independent assurance via QA & Proofing Unit under ERF

• Coverage across financial and non-financial processes

Control Transformation Initiatives

• Leadership of IAM / RBAC alignment across operations
• Integration of technology, automation, and analytics into control frameworks
• Continuous improvement of governance and control methodologies

• Data-driven risk identification and decision-making

• Development of dashboards, KPIs, and early warning indicators

• Automation of GRC reporting and governance outputs

Reconciliation Assurance

• Enterprise-wide proofing coverage (Nostro, Vostro, GL, VAT, internal accounts...)
• Monitoring of reconciliation SLAs (T+0, T+3, aging thresholds)
• Exception management governance, thematic analysis, and escalation discipline

Operational Risk Governance

• Standardization of Operational Risk Event (ORE) lifecycle

• Strengthening root cause analysis and systemic issue identification

• Integration with Technology GRC, Finance and Risk teams

Key Result Areas

1. Comprehensive GRC Reviews

• Plan, execute, and report GRC reviews across operations units
• Ensure alignment with enterprise risk frameworks and regulatory expectations

2. Risk Identification & Reporting

• Identify, assess, and communicate risks, control gaps, and thematic issues
• Drive remediation in collaboration with business and support functions

3. Audit & Regulatory Management

• Translate audit findings into structured action plans
• Ensure timely and sustainable closure of audit observations

4. Governance Forum Management 

• Lead structuring and execution of OGRM
• Enable high-quality risk insights and decision-making
• Support escalation into ORRC / ExCo where required

5. Operational Risk Event (ORE) Governance

• Strengthen end-to-end ORE lifecycle management
• Ensure ownership clarity, RCA quality, and closure effectiveness

6. Enterprise Reconciliation Assurance (ERF)

• Oversee reconciliation control framework across all account types
• Ensure adherence to reconciliation policies, timelines, and control standards
• Drive reduction in aged and unreconciled items

7. Quality Assurance & Proofing Oversight

• Lead and govern the QA & Proofing Unit
• Ensure independent validation of reconciliation activities
• Drive thematic reviews, exception tracking, and closure governance

8. Identity & Access Management Governance

Lead operations alignment for IAM and RBAC initiatives

Ensure compliance with least privilege and access control standards

9. Thematic Risk & Control Management

• Identify systemic control weaknesses and emerging risks
• Drive cross-functional remediation and continuous improvement

10. Data-Driven GRC & Automation

• Leverage analytics to enhance risk insights and control effectiveness
• Drive automation of reporting and governance processes
  
   

Operating Environment

• Multi-country, multi-functional operations environment (UAE, India, Egypt, Pakistan, IBG)
• High-volume transaction environment across payments, trade, cards, treasury, retail, and corporate banking
• Strong regulatory and audit scrutiny

Framework

• Operates within enterprise GRC, ERF, and operational resilience frameworks
• Maintains independence as a 1.5 Line of Defense while partnering with business

Working Relationships

Internal:

• Group Operations leadership and unit heads
• Technology, ISG, and Technology GRC
• Finance (CAD), Risk, Compliance
• Central Reconciliation Unit (CRU)
• Head of Ops across IBG Locations

External:

• Internal and external auditors
• Regulators
• External consultants and system vendors

Problem Solving

• Resolve complex and unstructured control issues across operations, technology, and finance
• Address systemic and thematic risks through data-driven insights
• Bridge ownership gaps across functions and ensure accountability
• Diagnose control failures and recommend scalable, sustainable solutions
• Balance control rigor with operational efficiency in a high-risk, high-volume environment

Decision Making Authority & Responsibility

• Authority to recommend and enforce control frameworks across operations
• Escalate systemic risks and control failures to senior governance forums
• Challenge risk acceptance decisions and inadequate remediation actions
• Approve GRC methodologies, QA frameworks, and governance standards
• Recommend process and technology changes to mitigate operational risk
• Oversee reconciliation assurance and approve proofing outcomes

Knowledge, Skills and Experience

Knowledge

• GRC frameworks, operational risk management, and audit methodologies

• Enterprise Reconciliation Frameworks and QA/proofing concepts

• Identity & Access Management and control governance

• Banking operations across payments, trade, cards, treasury, and retail
  
   

Skills

• Strong analytical and problem-solving capability

• Excellent stakeholder management and influencing skills

• Ability to operate across multiple lines of defense

• Governance structuring and executive communication

• Data analytics and reporting (Power BI, dashboards, automation tools)

   

Experience

• 20+ years in banking operations, internal controls, risk, or audit

• Proven experience in leading GRC or control assurance functions

• Experience managing cross-functional, multi-country teams

• Exposure to reconciliation, regulatory frameworks, and large-scale transformation initiatives