Head of Internal Control & Resilience Group Operations

• The role of Internal Controls & Resilience, Group Operations is responsible for leading and strengthening internal control, governance, risk, and assurance framework across Group Operations. The role acts as a 1.5 Line of Defense, serving as a strategic conduit between first-line operations and second/third-line functions (Risk, Compliance, Finance, Audit), ensuring robust control design, effective execution, and continuous improvement in the operational risk landscape.

  
  

• The role is accountable for driving enterprise-grade governance, control assurance, and risk management practices, including proactive identification of control gaps, systemic risk mitigation, and embedding a strong risk-aware culture across operations.

  
  

• In addition to core GRC responsibilities, the role has evolved to include:

  
  

  • Enterprise Governance Leadership: Structuring and operationalizing the Operations Group Risk Management Forum (OGRM), enabling data-driven risk discussions, thematic insights, and escalation into enterprise forums such as Operational Risk & Resiliency Committee (ORRC).

    
    

  • Control Transformation & Integration: Active role in cross-functional initiatives such as Identity & Access Management (IAM) and Role-Based Access Control (RBAC), representing Group Operations, ensuring alignment with enterprise security and regulatory expectations.

    
    

  • Operational Risk Event (ORE) Governance: Strengthening end-to-end governance of operational risk events in collaboration with Technology GRC and Risk teams, ensuring high-quality root cause analysis, ownership clarity, and closure discipline.

    
    

  • Enterprise Reconciliation Assurance: Providing oversight of reconciliation control effectiveness under the Enterprise Reconciliation Framework (ERF), including direct leadership of the Quality Assurance & Proofing Unit, ensuring independent validation, exception monitoring, and closure governance across all reconciliation types (Nostro / Inter Branch, GL, VAT, internal accounts, etc.).

    
    

  • Resilience & Risk Alignment: Representing Operations in enterprise resilience and risk forums, aligning operational risk insights with BCP/BIA, incident management, and systemic resilience priorities.

    
    

  • The role requires strong cross-functional leadership, balancing partnership with business units while maintaining independent assurance rigor, ensuring that operational controls are not only compliant but also effective, scalable, and aligned with the bank’s strategic and regulatory objectives.  

    
    

• Enterprise-wide coverage across Group Operations (UAE + IBG locations)
• Ownership of OGRM governance structure, outputs, and escalation mechanisms
• Active participation in enterprise risk and resilience forums

• Oversight of GRC reviews, thematic control assessments, and audit action tracking

• Independent assurance via QA & Proofing Unit under ERF

  
  

• Coverage across financial and non-financial processes

  
  

Control Transformation Initiatives

• Leadership of IAM / RBAC alignment across operations
• Integration of technology, automation, and analytics into control frameworks
• Continuous improvement of governance and control methodologies

• Data-driven risk identification and decision-making

  
  

• Development of dashboards, KPIs, and early warning indicators

  
  

• Automation of GRC reporting and governance outputs

  
  

Reconciliation Assurance

• Enterprise-wide proofing coverage (Nostro, Vostro, GL, VAT, internal accounts...)
• Monitoring of reconciliation SLAs (T+0, T+3, aging thresholds)
• Exception management governance, thematic analysis, and escalation discipline

Operational Risk Governance

• Standardization of Operational Risk Event (ORE) lifecycle

  
  

• Strengthening root cause analysis and systemic issue identification

  
  

• Integration with Technology GRC, Finance and Risk teams

  
  

1. Comprehensive GRC Reviews

• Plan, execute, and report GRC reviews across operations units
• Ensure alignment with enterprise risk frameworks and regulatory expectations

2. Risk Identification & Reporting

• Identify, assess, and communicate risks, control gaps, and thematic issues
• Drive remediation in collaboration with business and support functions

3. Audit & Regulatory Management

• Translate audit findings into structured action plans
• Ensure timely and sustainable closure of audit observations

4. Governance Forum Management 

• Lead structuring and execution of OGRM
• Enable high-quality risk insights and decision-making
• Support escalation into ORRC / ExCo where required

5. Operational Risk Event (ORE) Governance

• Strengthen end-to-end ORE lifecycle management
• Ensure ownership clarity, RCA quality, and closure effectiveness

6. Enterprise Reconciliation Assurance (ERF)

• Oversee reconciliation control framework across all account types
• Ensure adherence to reconciliation policies, timelines, and control standards
• Drive reduction in aged and unreconciled items

7. Quality Assurance & Proofing Oversight

• Lead and govern the QA & Proofing Unit
• Ensure independent validation of reconciliation activities
• Drive thematic reviews, exception tracking, and closure governance

8. Identity & Access Management Governance

Lead operations alignment for IAM and RBAC initiatives

Ensure compliance with least privilege and access control standards

9. Thematic Risk & Control Management

• Identify systemic control weaknesses and emerging risks
• Drive cross-functional remediation and continuous improvement

10. Data-Driven GRC & Automation

• Leverage analytics to enhance risk insights and control effectiveness
• Drive automation of reporting and governance processes
   

Operating Environment

• Multi-country, multi-functional operations environment (UAE, India, Egypt, Pakistan, IBG)
• High-volume transaction environment across payments, trade, cards, treasury, retail, and corporate banking
• Strong regulatory and audit scrutiny

Framework

• Operates within enterprise GRC, ERF, and operational resilience frameworks
• Maintains independence as a 1.5 Line of