Enterprise Risk Manger

BOM BANK•Natchitoches, LA

About The Position

Responsible for planning, implementing, directing, and administering risk management and loss programs. This may include establishing risk tolerance guidelines and policies and ensuring the risk exposure of the organization is within these guidelines and/or ensuring maximum protection of the organization's assets. Focus on overseeing the bank’s approach to identifying, assessing, mitigating, and monitoring risks across the enterprise that support business objectives, resilience, and value creation. Apply structured techniques to handle uncertainties that could affect objectives, finances, operations, reputation, compliance, or strategy. Reports to COO/CFO Key duties include: •Developing and Maintaining the ERM Framework — Design, implement, update, and sustain the organization’s enterprise risk management architecture, policies, procedures, and governance structures. •Risk Identification — Systematically discover and catalog potential risks(threats and opportunities) across all categories: strategic, operational, financial, compliance, reputational, cyber, third-party, model, emerging, etc., through workshops, data analysis, and collaboration with departments. •Risk Assessment and Analysis — Evaluate identified risks by analyzing likelihood, potential impact (financial, operational, reputational), velocity, and interconnectivity; perform quantitative and qualitative assessments; compare against the organization’s risk appetite and tolerance levels. •Risk Prioritization and Response — Prioritize risks based on severity and alignment with strategy; develop and recommend mitigation strategies (avoid, reduce/mitigate, transfer via insurance/contracts, accept); create contingency plans, business continuity measures, and crisis response protocols. •Risk Monitoring, Reporting, and Assurance — Continuously track risk exposures, control effectiveness, key risk indicators (KRIs), and emerging threats; prepare and deliver tailored risk reports/dashboards to senior management, the board, and stakeholders; facilitate risk and control self-assessments (RCSAs); provide assurance on risk management processes. •Integration with Strategy and Decision-Making — Embed risk considerations into strategic planning, budgeting, performance management, new initiatives, mergers/acquisitions, and major projects; advise on risk-reward trade-offs and support informed business decisions. •Compliance, Regulatory, and Governance Oversight — Ensure adherence to laws, regulations, industry standards, and internal policies; conduct audits, policy reviews, and compliance assessments; manage relationships with regulators, auditors, and external advisors. •Building Risk Culture and Awareness — Promote a risk-aware culture through training, communication, and engagement; educate employees, managers, and leaders on risk responsibilities; foster accountability by designating risk owners in business units. •Data Collection, Analysis, and Tools — Gather and analyze internal/external risk data (e.g., loss events, market trends, incident reports);utilize risk management software, models, and analytics to support quantification and forecasting. •Continuous Improvement — Review and refine risk management processes; conduct post-event analyses; stay current on emerging risks (e.g., AI, climate, geopolitical, cyber threats) and best practices. Model Risk Management- Plan for identifying, assessing, mitigating, and monitoring risks arising from the use of models—quantitative tools (e.g., statistical, machine learning, AI, econometric, or simulation-based) that support decision-making in areas like credit risk, market risk, pricing, forecasting, stress testing, fraud detection, compliance, and operations. •Develop, Maintain, and Own the Model Risk Framework and Policies Design, implement, update, and continuously improve the enterprise-wide MRM program, including policies, standards, procedures, guidelines, execution manuals, and templates. Ensure alignment with regulatory requirements, evolving risks (e.g., AI/ML models, generative AI, climate/ESG modeling), and the organization’s risk appetite. •Establish and Oversee Governance StructuresDefine roles/responsibilities, set model risk appetite, key risk indicators (KRIs),thresholds, and tolerance levels; oversee model inventory management(identification, classification/tiering by materiality/complexity, attestation, andupdates for new/changed/retired models). •Lead Independent Model Oversight and ValidationDirect or coordinate independent validation activities (conceptual soundnessreview, data quality/assumption assessment, implementation verification,outcome analysis, back-testing, benchmarking, sensitivity/stress testing). Ensurevalidations are rigorous, risk-based, timely, and well-documented; challengemodel developers/owners effectively while maintaining independence. •Monitor Model Performance and Ongoing Risk Oversee continuous/ongoing model monitoring frameworks, performance tracking, and early warning mechanisms; assess adequacy of model use restrictions, compensating controls, or remediation when issues arise; monitor emerging model risks (e.g., bias in AI models, third-party/vendor models, ethical considerations). •Manage Remediation and Issue Resolution Evaluate remediation plans from model owners for identified limitations/issues; track progress on findings from validations, audits, or regulatory exams; escalate material model risks or non-compliance to senior management, risk committees, or the board. •Regulatory, Audit, and Stakeholder EngagementServe as primary contact for model risk matters with regulators, internal/externalauditors, and examiners; lead interactions during reviews/exams; prepare andpresent model risk reporting (individual models, aggregate exposures, frameworkeffectiveness) to senior management or board committees. •Promote Risk Culture and AwarenessFoster a strong model risk culture through training, communication, andcollaboration with business units; promote responsible model use, ethical AIpractices, and integration of model risk into broader ERM and decision-makingprocesses. •Resource and Team LeadershipAllocate resources proportionate to model risk exposure; ensure high standardsfor documentation, independence, and effective challenge. •Strategic Leadership and Continuous ImprovementDefine and execute a multi-year MRM strategy (e.g., modernizing for AI/MLcoverage); assess framework effectiveness; identify improvement areas; adapt to regulatory changes, technological advancements, and business needs

Responsibilities

Developing and Maintaining the ERM Framework — Design, implement, update, and sustain the organization’s enterprise risk management architecture, policies, procedures, and governance structures.
Risk Identification — Systematically discover and catalog potential risks(threats and opportunities) across all categories: strategic, operational, financial, compliance, reputational, cyber, third-party, model, emerging, etc., through workshops, data analysis, and collaboration with departments.
Risk Assessment and Analysis — Evaluate identified risks by analyzing likelihood, potential impact (financial, operational, reputational), velocity, and interconnectivity; perform quantitative and qualitative assessments; compare against the organization’s risk appetite and tolerance levels.
Risk Prioritization and Response — Prioritize risks based on severity and alignment with strategy; develop and recommend mitigation strategies (avoid, reduce/mitigate, transfer via insurance/contracts, accept); create contingency plans, business continuity measures, and crisis response protocols.
Risk Monitoring, Reporting, and Assurance — Continuously track risk exposures, control effectiveness, key risk indicators (KRIs), and emerging threats; prepare and deliver tailored risk reports/dashboards to senior management, the board, and stakeholders; facilitate risk and control self-assessments (RCSAs); provide assurance on risk management processes.
Integration with Strategy and Decision-Making — Embed risk considerations into strategic planning, budgeting, performance management, new initiatives, mergers/acquisitions, and major projects; advise on risk-reward trade-offs and support informed business decisions.
Compliance, Regulatory, and Governance Oversight — Ensure adherence to laws, regulations, industry standards, and internal policies; conduct audits, policy reviews, and compliance assessments; manage relationships with regulators, auditors, and external advisors.
Building Risk Culture and Awareness — Promote a risk-aware culture through training, communication, and engagement; educate employees, managers, and leaders on risk responsibilities; foster accountability by designating risk owners in business units.
Data Collection, Analysis, and Tools — Gather and analyze internal/external risk data (e.g., loss events, market trends, incident reports);utilize risk management software, models, and analytics to support quantification and forecasting.
Continuous Improvement — Review and refine risk management processes; conduct post-event analyses; stay current on emerging risks (e.g., AI, climate, geopolitical, cyber threats) and best practices.
Develop, Maintain, and Own the Model Risk Framework and Policies Design, implement, update, and continuously improve the enterprise-wide MRM program, including policies, standards, procedures, guidelines, execution manuals, and templates. Ensure alignment with regulatory requirements, evolving risks (e.g., AI/ML models, generative AI, climate/ESG modeling), and the organization’s risk appetite.
Establish and Oversee Governance StructuresDefine roles/responsibilities, set model risk appetite, key risk indicators (KRIs),thresholds, and tolerance levels; oversee model inventory management(identification, classification/tiering by materiality/complexity, attestation, andupdates for new/changed/retired models).
Lead Independent Model Oversight and ValidationDirect or coordinate independent validation activities (conceptual soundnessreview, data quality/assumption assessment, implementation verification,outcome analysis, back-testing, benchmarking, sensitivity/stress testing). Ensurevalidations are rigorous, risk-based, timely, and well-documented; challengemodel developers/owners effectively while maintaining independence.
Monitor Model Performance and Ongoing Risk Oversee continuous/ongoing model monitoring frameworks, performance tracking, and early warning mechanisms; assess adequacy of model use restrictions, compensating controls, or remediation when issues arise; monitor emerging model risks (e.g., bias in AI models, third-party/vendor models, ethical considerations).
Manage Remediation and Issue Resolution Evaluate remediation plans from model owners for identified limitations/issues; track progress on findings from validations, audits, or regulatory exams; escalate material model risks or non-compliance to senior management, risk committees, or the board.
Regulatory, Audit, and Stakeholder EngagementServe as primary contact for model risk matters with regulators, internal/externalauditors, and examiners; lead interactions during reviews/exams; prepare andpresent model risk reporting (individual models, aggregate exposures, frameworkeffectiveness) to senior management or board committees.
Promote Risk Culture and AwarenessFoster a strong model risk culture through training, communication, andcollaboration with business units; promote responsible model use, ethical AIpractices, and integration of model risk into broader ERM and decision-makingprocesses.
Resource and Team LeadershipAllocate resources proportionate to model risk exposure; ensure high standardsfor documentation, independence, and effective challenge.
Strategic Leadership and Continuous ImprovementDefine and execute a multi-year MRM strategy (e.g., modernizing for AI/MLcoverage); assess framework effectiveness; identify improvement areas; adapt to regulatory changes, technological advancements, and business needs