The Business Risk and Control Lead (“BRCL”) is responsible for helping the Product/Business owner manage the risk that they own over the product/business. The BRCL manages and executes risk processes that (will) exist in the first line, such as risk identification, risk assessment, risk and control evaluation, management and resolution of issues and incidents, Annual Risk and Compliance Plan (“ARCP”) output, and risk reporting for products, functions, and jurisdictions (as applicable). This role is also responsible for managing product/business-specific risk forums, and interfacing with the Second Line of Defense to understand and apply risk frameworks and protocols.

The Role

The Business Risk and Control Lead (“BRCL”) is responsible for helping the Product/Business owner manage the risk that they own over the product/business. The BRCL manages and executes risk processes that (will) exist in the first line, such as risk identification, risk assessment, risk and control evaluation, management and resolution of issues and incidents, Annual Risk and Compliance Plan (“ARCP”) output, and risk reporting for products, functions, and jurisdictions (as applicable). This role is also responsible for managing product/business-specific risk forums, and interfacing with the Second Line of Defense to understand and apply risk frameworks and protocols.

Key Responsibilities

• Responsible for the execution of risk management activities within each their Operational Unit and coordinating with the Business Control Services Center (“BCSC”) for additional execution support.
  • Perform and refresh risk assessment including risk identification, documentation, rating & control evaluation
  • Create and maintain risk and control inventories including: Capabilities, Products, Processes, Legal Entity, Risks, and Controls
  • Manage the annual control testing program and execution through the BCSC
• Drive execution of issue, incident, complaint, and ARCP remediation
• Accountable for ensuring adequate Business Continuity Plans
• Identify product changes with associated control impacts and ensure appropriate implementation through the Product Development Lifecycle
• Maintenance of Governance, Risk, Compliance (GRC) tool data for areas of responsibility
• Responding to Internal and External Audit and Testing Engagements (eg. Second Line of Defense reviews, Internal Audits, Regulatory Examinations)
• Management and execution of risk programs for functional areas
• Support business needs surrounding documentation (eg. Desktop procedures)
• Review and derive insights from key risk metrics for their business area, interpreting the data provided through dashboards and reporting (such as reg exams, complaints, incidents, etc.) from centralized teams.
• Provide assertions on risk exposure and articulate and present escalated risks to management.
• Maintain strong understanding of key risk management principles and PayPal products and services within area of responsibility.  
• Represent business line in first line risk forums.

• Bachelor’s degree or equivalent.
• 5-8+ years of Audit, Risk, Compliance, Regulatory, banking or similar experience
• Experience in managing risks, controls, and/or compliance obligations, preferably in the financial industry including managing or supporting the following:
  • The identification, assessment, control, and response to risks;
  • Execution of risk response plans, including the development, prioritization, and communication of;
  • Driving adherence to risk and compliance policies and procedures;
  • Monitoring key risks and identifying emerging risks; and
• Navigating within a three lines of defense model to address risk matters.
• Experience in control and/or process design
• Track record of driving action to support business results