Location
Riyadh
Manager | Risk, Regulatory & Forensic| Regulatory & Financial Risk
About Deloitte
When you work for us, you commit to a career at one of the largest and most prestigious
professional services firms in the world. We have received numerous awards over the last few years,
including Best Employer in the Middle East, and Best Consulting Firm, and the Middle East Training &
Development Excellence Award.
Our Purpose
Deloitte makes an impact that matters. Every day we challenge ourselves to do what matters most—
for clients, for our people, and for society. We serve clients distinctively, bringing innovative insights,
solving complex challenges and unlocking sustainable growth. We inspire our talented professionals
to deliver outstanding value to clients, providing an exceptional career experience and an inclusive
and collaborative culture. We contribute to society, building confidence and trust in the markets,
upholding the integrity of organizations and supporting our communities.
Our shared values guide the way we behave to make a positive, enduring impact:
• Lead the way
• Serve with integrity
• Take care of each other
• Foster inclusion
• Collaborate for measurable impact
During your tenure as a Manager, you will demonstrate and develop your capabilities in the
following areas:
1. Framework & Governance:
• Update ORM Policy: review and enhance alignment with CMA Prudential Rules (Pillar 2/3).
• Risk Taxonomy: Standardize risk categories (Fraud, ICT, Process, Legal) and scoring scales (1
5).
2. Risk Assessment (RCSA):
• Risk Registers: Refresh or create registers for all departments.
• Workshops: Conduct sessions with business owners to identify risks and map existing
controls.
• Heatmaps: Produce visual 5x5 matrices showing Inherent vs. Residual risk levels.
3. Monitoring & Metrics (KRI/KCI):
• KRI Library: Establish Key Risk Indicators with specific "Red/Amber/Green" thresholds.
• KCI Mapping: Define Key Control Indicators to monitor if critical controls are actual working.
4. Incident Management (RCA):
• Loss Database: Build/update a log for tracking operational losses and "near-misses."
• Root Cause Analysis (RCA): Provide a methodology to analyze why major failures occurred
and how to fix them.
5. Validation (The "Accuracy" Check):
• Challenge Sessions: Consultant acts as the 2nd Line to "challenge" and verify that the risk
scores provided by departments are realistic.
• Control Testing: Sample testing to prove that the controls listed in the registers exist and are
effective. A consultant should have an IT background.
• Back-testing: Cross-check the registers against the Incident Log to ensure all past failures are
now captured as risks.
6. Reporting & Training:
• Risk Reporting: Create a concise semi-annually operational risk dashboard for the Risk
Committee.
• Capacity Building: Train staff on how to report incidents and update their own registers
moving forward.
Leadership Capabilities:
• Builds own understanding of our purpose and values; explores opportunities for impact.
• Demonstrates strong commitment to personal learning and development; acts as a brand
ambassador to help attract top talent.
• Understands expectations and demonstrates personal accountability for keeping
performance on track.
• Actively focuses on developing effective communication and relationship-building skills.
• Understands how their daily work contributes to the priorities of the team and the business.
Qualifications:
• Should have experience working with Operational Risk Systems; familiarity with the
BenchMatrix Risk Nucleus System would be an added advantage.
• We are looking for candidates with 10–12 years of relevant experience.
• Proficiency in Arabic is mandatory.