Job Posting Title Director - Operational Risk Management
StoneX Group, Chicago, IL, United States
Overview
Connecting clients to markets – and talent to opportunity.With 5,400+ employees and over 80,000 institutional, commercial, and payments clients, we operate from more than 80 offices spread across six continents. As a Fortune 100, Nasdaq-listed provider, we connect clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors.Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, StoneX Group is made up of four business segments that offer endless potential for progression and growth.
Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to risk and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.
Business Segment Overview:
Corporate:
Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.
Position Purpose:
The Director of Operational Risk Management (ORM) is responsible for the design, execution, and continuous enhancement of the firm’s Operational Risk Management framework. This role provides independent Second Line of Defense (2LOD) oversight across business lines and support functions, ensuring that operational risks are identified, assessed, monitored, and managed in line with the firm’s risk appetite, regulatory expectations, and industry best practices.
The Director acts as a senior risk advisor to executive management, risk committees, and the Board, while partnering closely with First Line of Defense (1LOD) stakeholders to strengthen risk culture, control discipline, and governance.
Responsibilities Primary duties will include:
Own and oversee the firm’s Operational Risk Management framework, including policies, standards, methodologies, and governance processes.
Ensure consistent execution of core ORM activities, including Risk and Control Self-Assessments (RCSAs), control design and operating effectiveness assessments, operational incident and loss event management, and issue remediation tracking.
Maintain alignment with enterprise risk frameworks (e.g., COSO ERM, ISO 31000) and applicable regulatory standards.
Support the definition, monitoring, and ongoing refinement of the operational risk appetite and tolerance statements.
Provide independent review and challenge of 1LOD risk assessments, control evaluations, and remediation plans.
Escalate material risk issues, control weaknesses, or emerging themes to senior management and risk governance forums in a timely and transparent manner.
Lead thematic reviews and deep‑dive risk assessments on key operational risk areas (e.g., technology, third‑party risk, client assets, business continuity, fraud, or model/process risk).
Oversee the operational incident and loss event management process, including event intake, classification, root cause analysis, and impact assessment.
Monitor remediation actions and ensure timely and effective closure of risk issues and control gaps.
Perform trend and root cause analysis to identify systemic issues and inform risk mitigation strategies.
Develop and deliver high‑quality operational risk reporting, dashboards, and materials for executive management, risk committees, and the Board.
Translate complex risk information into clear, actionable insights to support decision‑making.
Serve as a key point of contact for Internal Audit, Compliance, and other risk functions on operational risk matters.
Support regulatory examinations, supervisory engagements, and internal/external audits by providing ORM documentation, analysis, and management responses.
Monitor regulatory developments related to operational risk and assess impacts to the firm’s ORM framework and practices.
Assist in remediation of audit and regulatory findings related to operational risk and internal controls.
Lead, mentor, and develop ORM team members, fostering strong technical capability and professional judgment.
Drive continuous improvement of ORM tools, data, and risk analytics, including GRC systems and reporting capabilities.
Promote a strong, sustainable risk culture through training, guidance, and ongoing engagement with the business.
Qualifications Required Qualifications
Solid understanding of operational risk concepts, risk and control frameworks, and the Three Lines of Defense model
Experience assessing control design and operating effectiveness
Familiarity with GRC tools, risk systems, or structured risk documentation processes is a plus
Strong attention to detail and documentation discipline
Clear written and verbal communication skills, with the ability to challenge constructively
Ability to manage multiple workstreams and meet deadlines
Collaborative mindset with the confidence to engage with senior stakeholders
Demonstrated experience leading RCSAs, control assessments, incident management, and 2LOD oversight activities
Strong regulatory awareness and experience engaging with auditors, regulators, and senior governance bodies
Education / Certification Requirements:
Bachelor’s degree in Risk Management, Finance, Accounting, Business, Economics, or a related discipline
Experience
10+ years’ experience in operational risk, enterprise risk, compliance, internal audit, or a related control function within a regulated financial services environment
Practical experience supporting RCSAs, control assessments, incident management, or 2LOD oversight
Working environment:
4 days onsite, 1 day remote per week
Hiring Salary Range $180,000 - $190,000. Salary to be determined by the education, experience, knowledge, skills and abilities of the applicant, internal equity and alignment with market data.) Subject to business performance and recommendations of management, this role may be eligible to participate in an incentive compensation plan. This compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position, is offered.
#J-18808-Ljbffr
Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to risk and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.
Business Segment Overview:
Corporate:
Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.
Position Purpose:
The Director of Operational Risk Management (ORM) is responsible for the design, execution, and continuous enhancement of the firm’s Operational Risk Management framework. This role provides independent Second Line of Defense (2LOD) oversight across business lines and support functions, ensuring that operational risks are identified, assessed, monitored, and managed in line with the firm’s risk appetite, regulatory expectations, and industry best practices.
The Director acts as a senior risk advisor to executive management, risk committees, and the Board, while partnering closely with First Line of Defense (1LOD) stakeholders to strengthen risk culture, control discipline, and governance.
Responsibilities Primary duties will include:
Own and oversee the firm’s Operational Risk Management framework, including policies, standards, methodologies, and governance processes.
Ensure consistent execution of core ORM activities, including Risk and Control Self-Assessments (RCSAs), control design and operating effectiveness assessments, operational incident and loss event management, and issue remediation tracking.
Maintain alignment with enterprise risk frameworks (e.g., COSO ERM, ISO 31000) and applicable regulatory standards.
Support the definition, monitoring, and ongoing refinement of the operational risk appetite and tolerance statements.
Provide independent review and challenge of 1LOD risk assessments, control evaluations, and remediation plans.
Escalate material risk issues, control weaknesses, or emerging themes to senior management and risk governance forums in a timely and transparent manner.
Lead thematic reviews and deep‑dive risk assessments on key operational risk areas (e.g., technology, third‑party risk, client assets, business continuity, fraud, or model/process risk).
Oversee the operational incident and loss event management process, including event intake, classification, root cause analysis, and impact assessment.
Monitor remediation actions and ensure timely and effective closure of risk issues and control gaps.
Perform trend and root cause analysis to identify systemic issues and inform risk mitigation strategies.
Develop and deliver high‑quality operational risk reporting, dashboards, and materials for executive management, risk committees, and the Board.
Translate complex risk information into clear, actionable insights to support decision‑making.
Serve as a key point of contact for Internal Audit, Compliance, and other risk functions on operational risk matters.
Support regulatory examinations, supervisory engagements, and internal/external audits by providing ORM documentation, analysis, and management responses.
Monitor regulatory developments related to operational risk and assess impacts to the firm’s ORM framework and practices.
Assist in remediation of audit and regulatory findings related to operational risk and internal controls.
Lead, mentor, and develop ORM team members, fostering strong technical capability and professional judgment.
Drive continuous improvement of ORM tools, data, and risk analytics, including GRC systems and reporting capabilities.
Promote a strong, sustainable risk culture through training, guidance, and ongoing engagement with the business.
Qualifications Required Qualifications
Solid understanding of operational risk concepts, risk and control frameworks, and the Three Lines of Defense model
Experience assessing control design and operating effectiveness
Familiarity with GRC tools, risk systems, or structured risk documentation processes is a plus
Strong attention to detail and documentation discipline
Clear written and verbal communication skills, with the ability to challenge constructively
Ability to manage multiple workstreams and meet deadlines
Collaborative mindset with the confidence to engage with senior stakeholders
Demonstrated experience leading RCSAs, control assessments, incident management, and 2LOD oversight activities
Strong regulatory awareness and experience engaging with auditors, regulators, and senior governance bodies
Education / Certification Requirements:
Bachelor’s degree in Risk Management, Finance, Accounting, Business, Economics, or a related discipline
Experience
10+ years’ experience in operational risk, enterprise risk, compliance, internal audit, or a related control function within a regulated financial services environment
Practical experience supporting RCSAs, control assessments, incident management, or 2LOD oversight
Working environment:
4 days onsite, 1 day remote per week
Hiring Salary Range $180,000 - $190,000. Salary to be determined by the education, experience, knowledge, skills and abilities of the applicant, internal equity and alignment with market data.) Subject to business performance and recommendations of management, this role may be eligible to participate in an incentive compensation plan. This compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position, is offered.
#J-18808-Ljbffr