Role Purpose

The Operational Risk Manager will be responsible for identifying, assessing, monitoring, and reporting operational risks across Hala Payments’ business lines, functions, and support units. This role will complement the BCM Manager and IT Risk Manager by ensuring comprehensive risk coverage under the ERM framework, aligned with SAMA regulations, ISO 31000, and Hala’s risk appetite.

Key Responsibilities

Operational Risk Framework & Governance

• Implement and maintain the Operational Risk Management Framework (ORMF) in line with SAMA guidelines and best international practices.
• Support the development of policies, procedures, and risk control standards across business and support units.
• Collaborate with BCM and IT Risk functions to ensure holistic enterprise-wide risk management.

Risk Identification, Assessment & Monitoring

• Conduct Risk & Control Self-Assessments (RCSAs) with business units to identify inherent and residual risks.
• Develop and maintain the Operational Risk Register, ensuring timely updates and tracking mitigation actions.
• Perform scenario analysis, stress testing, and emerging risk identification.
• Coordinate with first-line departments to assess process-level risks (e.g., payment processing, customer onboarding, fraud management).

Incident & Loss Event Management

• Establish and oversee a process for operational risk incidents reporting and root cause analysis.
• Track operational loss events, near misses, and develop lessons learned to prevent recurrence.
• Ensure escalation and reporting to CRO, Risk Committees, and SAMA (where applicable).

Control Testing & Assurance

• Conduct periodic testing of key operational controls and report on effectiveness.
• Work with Internal Audit, Compliance, and BCM to strengthen risk-based assurance activities.
• Monitor third-party/vendor operational risks in collaboration with TPRM.

Risk Reporting & Committees

• Prepare and present operational risk dashboards, metrics, and KPIs to ERM leadership and Risk Committees.
• Ensure alignment of operational risk reporting with enterprise-wide risk appetite and tolerance thresholds.
• Contribute to Board and Executive Committee packs on risk exposure, incidents, and remediation progress.

Regulatory & Standards Alignment

• Ensure compliance with SAMA Operational Risk and Resilience regulations, ISO 31000, and Basel III operational risk principles.
• Support readiness for SAMA inspections, audits, and stress tests related to operational risk.
• Collaborate with BCM and IT Risk Managers to demonstrate operational resilience and business continuity.

Key Interfaces

• Internal: CRO/Head of ERM, BCM Manager, IT Risk Manager, Compliance, Internal Audit, Legal, Finance, Technology, and Operations.
• External: Saudi Central Bank (SAMA), external auditors, and third-party vendors.

Qualifications & Experience

• Bachelor’s degree in risk management, Business Administration, Finance, or related field.
• Professional certifications (preferred): ISO 31000 Lead Risk Manager, ORM Certification, or equivalent.
• Minimum 5–7 years of experience in operational risk, ERM, or financial services (preferably payments/fintech/banking).
• Strong knowledge of SAMA regulations, risk governance, and operational resilience frameworks.
• Proven experience in developing and maintaining risk registers, RCSAs, and incident management.

Key Skills & Competencies

• Strong analytical and problem-solving skills.
• Excellent stakeholder management and communication abilities (Arabic & English).
• High attention to detail with the ability to manage multiple priorities.
• Proficiency in risk management tools, data analysis, and reporting dashboards.
• Ability to work collaboratively within a three-pillar ERM structure (Operational Risk, BCM, IT Risk).