Risk Management Enterprise
Resume:
TAHIR RAO
MBA, CIA, CRMA, ORM, CRISC
**********@*****.*** +1-916-***-**** Sacramento, CA USA Green Card Holder
EXECUTIVE SUMMARY
Seasoned Enterprise Risk Manager with extensive experience in banking and insurance risk management, regulatory compliance, and internal control assessments. Proven expertise in implementing robust operational risk frameworks, conducting comprehensive Risk and Control Self-Assessments (RCSAs), and developing effective risk reporting mechanisms. Demonstrated success in managing enterprise-wide risk identification, assessment, monitoring, and mitigation strategies while ensuring alignment with regulatory requirements and risk appetite. Adept at providing critical challenges to first-line defense activities, analyzing root causes, and tracking remediation efforts to strengthen control environments. Skilled in collaborating with executive leadership, business partners, and cross-functional teams to cultivate a strong risk culture and enhance governance structures. Experienced in third-party risk management, issue tracking, and developing key risk indicators (KRIs) to support decision-making at all organizational levels.
PROFESSIONAL EXPERIENCE
GOLDEN1 CREDIT UNION SACRAMENTO, USA
Risk Governance Program Manager October 2024 – Present
2LOD role to Support the Director Enterprise Risk Management in managing enterprise risk, operational risk, and resiliency, ensuring alignment with the Bank’s risk appetite and regulatory requirements.
Led strategic risk initiatives, supporting the Enterprise Risk Management (ERM) team in implementing enterprise-wide risk frameworks and enhancing risk awareness across the Bank. Assisted in transitioning risk management from point-in-time assessments to continuous event-driven monitoring.
Completed enterprise-wide risk assessments, implementing methodologies to quantify and mitigate operational, compliance, and strategic risks, ensuring alignment with the Bank’s risk appetite and regulatory expectations.
Developed and maintained risk dashboards and reports, supporting risk-based prioritization and tracking Key Risk Indicators (KRIs), Risk Indicators (RIs), and Key Performance Indicators (KPIs) to monitor risk trends and exposures. Provided periodic risk reporting to executive leadership and the Board.
Provided independent review and challenge of first-line risk management activities, escalating key risk issues to senior leadership and regulatory bodies, while ensuring alignment with Enterprise and Operational Risk policies.
Analyzed trends in operational losses, near-miss events, audits, and regulatory findings to identify emerging risks and recommend process improvements. Integrated findings into governance and strategic decision-making to enhance risk resilience.
Served as a key liaison with business and support units to facilitate risk and control assessments, process mapping, and identification of control gaps. Worked collaboratively to strengthen internal controls and operational efficiencies.
Developed and enforced Third-Party and Vendor Risk Management policies, implementing due diligence processes, risk assessments, and ongoing vendor performance monitoring to ensure compliance with regulatory expectations.
Participated in risk training initiatives to enhance awareness, fostering a risk-aware culture across the organization by providing advisory services and targeted education to business partners.
Worked with cross-functional teams to develop action plans addressing key risk gaps, ensuring objective and consistent risk assessments. Supported remediation tracking and risk mitigation efforts.
Provided input on control structures and risk methodologies to support alignment among the three lines of defense. Assisted in implementing operational risk tools and enhancing the Bank’s Governance, Risk, and Compliance (GRC) platform.
Continuously evaluated the Bank’s risk framework, identifying opportunities to improve governance, compliance, and risk reporting methodologies.
Collaborated with stakeholders to integrate risk-based decision-making into business processes and strategic planning, supporting the ERM team in executing key initiatives outlined in the annual ERM plan.
SECURIAN CANADA TORONTO, CANADA
Director Operational Risk & Control - Insurance Operations February 2023 – July 2024
1LOD role to support the Chief Administrative Officer in managing enterprise risk, operational risk, and operational resiliency for claims, underwriting, customer service, technology operations and third party relationship management.
Oversaw operational risks across claims, underwriting, customer service, and other departments, ensuring stringent compliance with OSFI’s E-21 and other regulatory guidelines
Served as a pivotal escalation point for risk-related matters and diligently managed regulatory inquiries and audits
Developed and implemented training programs to increase awareness and adherence to OSFI’s E-21 within the organization
Identified, quantified, reported, and effectively managed risks within Securian Canada's established risk appetite and tolerances
Led operational risk and control initiatives within Insurance Operations, ensuring stringent compliance with regulatory requirements
Offered expert guidance on policy implementation, control efficacy, and quality assurance measures.
Implemented OSFI TPRM Guideline B-10 across businesses and worked as a central point of contact between ERM and business in ongoing management of vendors/ third parties’ relationship
Designed and delivered training programs to prepare teams for organizational changes, enhancing employee readiness and accelerating the adoption of new processes and technologies
Orchestrated and participated in various risk management activities, including Risk Control Self-Assessments (RCSA), risk reporting, loss analysis/root cause evaluation, key risk indicator reporting, and post-implementation reviews
Led crisis response initiatives, providing real-time guidance and support to international teams during significant risk events, ensuring continuity of business and minimizing operational disruptions
Developed and implemented comprehensive change management strategies that aligned with organizational goals, resulting in improved adoption rates and enhanced operational efficiency.
SECURIAN CANADA TORONTO, CANADA
Manager Enterprise Risk Management November 2019 – January 2023
2LOD role to Support the Chief Risk Officer in managing enterprise risk, operational risk, and resiliency, ensuring alignment with the Bank’s risk appetite and regulatory requirements.
Led the development and enhancement of Enterprise Risk Management (ERM), Operational Risk, and Business Continuity policies and frameworks, ensuring a consistent approach to risk identification, assessment, monitoring, and reporting.
Facilitated risk and control assessments (RCSAs), process mapping, and control evaluations to identify operational inefficiencies and implement remediation strategies.
Developed and refined the Bank’s Risk Appetite Statement, ensuring alignment with regulatory expectations and business objectives.
Provided strategic guidance to business units, ensuring risk management practices align with the Bank’s Enterprise and Operational Risk policies.
Strengthened the organizations’s risk culture by promoting awareness and integrating risk-based decision-making into business operations.
Developed and maintained risk governance frameworks, advising senior management on key enterprise risk issues and providing regular risk reporting to the Board and executive leadership.
Led the identification, investigation, and reporting of operational risk events, including root cause analysis and tracking remediation efforts to ensure timely resolution.
Evaluated control design and effectiveness, collaborating with senior leadership and governance committees to strengthen internal controls.
Developed and maintained Key Risk Indicators (KRIs) and risk dashboards to monitor risk exposures and trends, supporting proactive risk management.
Monitored emerging risks, analyzing audit and regulatory findings to identify trends and recommend process improvements.
Led crisis response initiatives, providing real-time guidance and support to teams during significant risk events to minimize operational disruptions and ensure business continuity.
Engaged with stakeholders across the Bank, fostering transparency and collaboration to enhance risk management practices and regulatory compliance.
Designed and delivered training programs to improve employee readiness, ensuring effective adoption of risk frameworks, processes, and technologies.
ECONOMICAL INSURANCE WATERLOO, CANADA
Manager Operational Risk Oversight October 2017 – November 2019
2LOD role directly reporting to VP, Enterprise Risk Management to oversee the development and reinforcement of the enterprise-level operational risk governance framework.
Designed and implemented the Operational Risk Governance Framework following OSFI E 21guidelines and international best practices, covering strategy, policies, RCSA, KRIs, operational event loss monitoring, and conducted exposure tracking
Facilitated and coordinated periodic risk workshops and RCSA sessions for operational and strategic project
Collected KRIs quarterly and integrated them into the enterprise risk appetite statement dashboard
Analysed Operational Risk Events (OREs), identifying root causes and reported significant OREs to the Management Risk Committee
Prepared an annual Emerging and Strategic Risk report to align senior management's strategic initiatives with emerging risks
Conducted walkthrough sessions with process owners with processes, risks, and controls within documented business process flow
Compiled quarterly enterprise operational risk reports for the Management Risk Committee (MRC) and the Risk Review Committee (RRC) of the Board of Directors; Generated monthly enterprise operational risk profiles for the Chief Risk Officer
BANK OF MONTREAL (BMO) TORONTO, CANADA
Operational Risk Consultant – Global Information & Technology Risk November 2016 – April 2017
2LOD role to support to the Director of Information Risk and Corporate Support Areas, responsible for strengthening Information Management and Information Security Risk (IM/IR) governance documentation
Built a Quality Assurance (QA) framework to complement the Operational Risk Management Framework
Guided the development of Quality Assurance Manuals for IM/IR governance documentation, including KRIs monitoring tools, Scenario Analysis, Events Capture process, Issue Management, Risk Control Assessments (RCAs), Aggregated Risk Reporting, and Initiative Assessments & Approval Process (IAAPs) in alignment with OSFI and the bank’s enterprise risk management program
Drafted and finalized the QA Program document, defining objectives, success criteria, and effective challenge templates
ARAB NATIONAL BANK RIYADH, KSA
Senior Manager Operational Risk – Commercial & Business Banking September 2012 – June 2016
1LOD role, directly reported to the Head of Business Banking, responsible for implementing an operational risk & compliance assurance framework in accordance with Central Bank regulations and the Bank's Enterprise risk management framework
Designed, implemented, and operationalized the Operational Risk Framework for products and processes to ensure compliance
Implemented the Operational Risk and Incident reporting process, taking charge of significant events
Ensured all products, both new and existing, met internal legal and Compliance standards and obtained necessary regulatory approvals
Conducted process and procedure reviews to assess control effectiveness and proposed changes to align with the organization's Operational Risk and Compliance Framework
Coordinated with internal, external, and regulatory auditors to facilitate documentation review and consolidate information/documentation requirements for audit submissions
EMIRATES ISLAMIC BANK DUBAI, UAE
Head of Operational Risk, Business Continuity August 2011 – September 2012
2LOD role, reported directly to the Chief Risk Officer (CRO)responsible for the implementation of operational risk and business continuity governance framework under the directive of the Chief Risk Officer (CRO), aligning with Basel II Accord and central bank regulations
Formulated and refined the operational risk strategy, policies, procedures, methodology, risk appetite, active risk capital charge, risk capital, RCSA, KRIs, loss database, and embedded risk controls
Crafted and executed the Operational Risk Governance Framework, meticulously adhering to Basel II Accord, Central Bank regulations, and international best practices
Conducted thorough reviews of insurance policies to ensure comprehensive coverage and appropriate insured amounts
Engaged in rigorous challenge sessions with the 1st line during operational risk management processes, encompassing risk identification, measurement, reporting, and mitigation, especially in Consumer Banking and Credit Card business.
Spearheaded the development of the Crisis and Business Continuity Management Policy Framework
Executed comprehensive Business Impact Analyses for critical business units
Led operational enterprise-wide risk awareness training sessions, ensuring a robust understanding of risk management practices across the organization
UNION NATIONAL BANK ABU DHABI, UAE
Assistant Vice-President Operational Risk May 2007 – July 2011
2LOD role, reported directly to the Chief Risk Officer (CRO), entrusted with implementing the operational risk framework across the organization including wealth management, Consumer Banking and Credit Card business, and its subsidiaries in alignment with Basel II accord and Central Bank regulations
Designed and implemented the Operational Risk Governance Framework, meticulously following Basel II Accord recommendations, Central Bank regulations, and international best practices. This comprehensive framework included strategy, policies, procedures, methodology, RCSA, KRIs, event loss monitoring, exposure tracking, Operational Risk Appetite Statement, operational risk calculations for ICAAP, and alignment with the Advance Measurement Approach (AMA)
Spearheaded the implementation project for the operational risk system, ensuring seamless integration and functionality
Reviewed and sanctioned all bank products and procedures to ensure compliance with Central Bank regulations, operational risk standards, internal controls, and Fraud Risk protocols
Provided robust challenge to the 1st line during the operational risk management process, encompassing risk identification, measurement, reporting, and mitigation activities
Prepared operational risk profiles and dashboards, presenting comprehensive insights to the Risk Management Committee
Conducted operational enterprise-wide risk awareness training sessions to enhance organizational risk understanding and mitigation efforts
Collaborated on a project evaluating insurance policies' adequacy for risks and coverage, presenting findings to senior management for informed decision-making
STANDARD CHARTERED BANK KARACHI, PAKISTAN
Business Operational Risk Manager (BORM) - Global Technology and Operations (GTO) July 2005 – May 2007
1LOD role directly reported to the Chief Operations Officer (COO) with a dotted line to the Chief Information Officer (CIO).
Ensured correct communication and implementation of the bank’s Technology and Consumer Banking and Credit Card Operations policies, procedures, and regulations
Provided quality assurance in designing control measures and monitoring plans
Challenged processes and projects, recommending and implementing appropriate controls to mitigate risks.
Conducted comprehensive strategic and process-level Risk and Control Assessments (RCAs) and Key Risk Indicator (KRI) monitoring
Monitored operational event losses and designed control measures and monitoring plans for Compliance and IT Operational Risk management
Ensured actions were taken to address gaps in key regulations, Compliance standards, and internal risk standards
Coordinated with internal, external, and regulatory auditors for documentation review, information consolidation, and audit submissions
UNITED BANK LIMITED KARACHI, PAKISTAN
Vice-President - Internal Audit Manager January 2000 – July 2005
Responsible for risk-based audits for the UBL group's corporate and retail banking including Credit Card portfolio in Pakistan and overseas operations
Provided Group Internal Audit (GIA) stakeholders with credit audit need/risk assessments, an assessment of the appropriateness of the audit plans from a geographic perspective, and an anticipatory approach to risk assessment by highlighting issues through stakeholder communication to improve audit planning
Provided periodic independent and objective assurance to the Audit Committee and the Regulators, highlighted key risks, and escalated issues requiring the Board's attention
Conducted complex risk-focused audits following Internal Audit Review policies, practices, and standards
Lead members of the audit team on more extensive audit engagements by assigning activities, providing functional advice, and monitoring the quality and completion of work to ensure adherence to the bank's audit methodologies, policies, and requirements
Measured the degree of risks associated with products and processes and assigned an appropriate audit rating to processes
Prepared annual audit plans/ activities and timelines of individual audits and managed the audit team during the audit engagement and testing process by providing coaching and informal and formal feedback to junior team members
Completes first-level review and sign-off on audit reports and key findings and ensures that proper supporting documentation is provided, and any issues are correctly identified. Prepared summary audit reports for the board audit committee
Communicated findings and recommendations to Business Unit Management and developed an action plan for addressing any audit deficiencies; followed up on issues identified to ensure timely completion of essential action plan items
Provided consultation and advice to Business Unit leaders on designing, implementing, and enhancing internal controls to mitigate risks and control gaps and potential areas of risks
Liaised with internal and external stakeholders, including Business Unit Management and Internal Audit Management, as well as external auditors, to maintain effective communication and support the ongoing mitigation of any audit risks and control groups
Participated in the annual risk assessment process by reviewing completed business unit risk assessments, evaluating any residual risks to determine areas of priority, and summarising findings and recommendations to the Senior Audit Management and board audit committee
CORE COMPETENCIES
Enterprise Risk Leadership & Frameworks: Proven experience leading ERM programs and oversight committees while designing, implementing, and managing comprehensive operational risk frameworks with robust identification, assessment, and mitigation
Regulatory Compliance, Audit & Fraud Risk: In-depth knowledge of financial regulations and compliance best practices with strong experience in fraud detection collaboration, ensuring adherence to industry and regulatory standards
Executive Stakeholder Engagement & Change Management: Demonstrated ability to advise senior leadership and board committees while managing change for risk systems, new process initiatives, and post-merger integrations
Third-Party & Vendor Risk Management: Expertise in vendor due diligence, contract review, and ongoing monitoring with a focus on privacy and security to minimize third-party risks
EDUCATION
PHILIPPINE CHRISTIAN UNIVERSITY Completed: 1995
Master of Business Administration - MBA, Business Administration and Management, General
CERTIFICATIONS & INTERESTS
Certifications: Certified in Risk and Information Systems Control (CRISC), Operational Risk Manager (ORM) Certificate, Certificate in Risk Management Assurance (CRMA), Operational Risk Manager (ORM), Certified Internal Auditor (CIA)
Interests: Cooking (Chinese & Seafood), Hiking (Bruce Trail), Kayaking, and Spending time with Family
Contact this candidate