Role Definition
| Field | Value |
|---|---|
| Job Title | Operational Risk Analyst |
| Seniority Level | Mid-Level |
| Primary Function | Works within the 2nd line of defence in banking/financial services. Conducts Risk & Control Self-Assessments (RCSAs), monitors Key Risk Indicators (KRIs), investigates operational loss events, ensures Basel III/IV compliance, and reports to risk committees. Translates operational failures into quantified risk exposures. |
| What This Role Is NOT | Not a senior risk manager/director who sets risk appetite and owns framework strategy. Not a credit or market risk analyst. Not a compliance officer (though overlap exists). Not an entry-level data gatherer. |
| Typical Experience | 3-7 years. FRM or PRM certification common. Basel III/IV knowledge essential. Often holds a finance, economics, or quantitative degree. |
Seniority note: Junior operational risk assistants (0-2 years) focused on data collection and loss event logging would score Red. Senior operational risk managers who own the framework, set risk appetite, and present to the board would score Yellow (Moderate) to Green (Transforming).
Protective Principles + AI Growth Correlation
| Principle | Score (0-3) | Rationale |
|---|---|---|
| Embodied Physicality | 0 | Fully digital, desk-based. No physical component. |
| Deep Interpersonal Connection | 1 | Regular stakeholder engagement with business units — facilitates RCSA workshops, challenges risk owners on control effectiveness. But the core value is analytical, not relational. |
| Goal-Setting & Moral Judgment | 2 | Interprets risk appetite in ambiguous situations, judges scenario plausibility, determines materiality thresholds, and decides when operational events warrant escalation. Operates within a defined framework but makes consequential judgment calls. |
| Protective Total | 3/9 | |
| AI Growth Correlation | 0 | AI adoption creates new operational risks (model risk, AI bias, algorithmic failures) which adds demand for oversight. But AI tools also automate the analytical/reporting work these analysts do. Offsetting forces. |
Quick screen result: Protective 3 + Correlation 0 = Likely Yellow Zone. Proceed to quantify.
Task Decomposition (Agentic AI Scoring)
| Task | Time % | Score (1-5) | Weighted | Aug/Disp | Rationale |
|---|---|---|---|---|---|
| RCSA facilitation & risk identification | 20% | 3 | 0.60 | AUG | AI pre-populates risk registers from historical data and drafts RCSA templates. Human leads workshops, applies judgment to inherent/residual risk ratings, and challenges business units on control effectiveness. Human-led, AI-accelerated. |
| KRI monitoring & threshold management | 15% | 4 | 0.60 | DISP | GRC platforms (Archer, ServiceNow, MetricStream) auto-monitor KRIs, flag breaches, generate alerts, and track trends across hundreds of indicators continuously. Human reviews exceptions but doesn't perform the monitoring. |
| Loss event analysis & root cause investigation | 15% | 3 | 0.45 | AUG | AI categorises loss events, identifies patterns, and suggests root causes from historical loss databases. But investigating novel operational failures — interviewing stakeholders, understanding unique process breakdowns, determining causation in ambiguous situations — requires human judgment. |
| Regulatory reporting & capital calculation | 15% | 4 | 0.60 | DISP | Basel III/IV SMA calculations are formulaic. SAS OpRisk, IBM OpenPages, and Workiva automate capital calculations, regulatory report generation, and data aggregation end-to-end. Human validates output but doesn't perform the calculations. |
| Risk committee reporting & dashboards | 10% | 4 | 0.40 | DISP | AI generates risk dashboards, heat maps, trend analyses, and board-ready presentations from GRC platform data. Human reviews and adds narrative context but the report generation itself is automated. |
| Scenario analysis & stress testing | 10% | 2 | 0.20 | AUG | Facilitating scenario workshops with senior stakeholders, defining tail-risk scenarios for unprecedented situations, and challenging assumptions requires business understanding and licensed judgment. AI assists with quantitative modeling but humans define scenarios and assess plausibility. |
| Policy/framework review & stakeholder engagement | 10% | 2 | 0.20 | AUG | Embedding risk culture across business units, advising on emerging operational risks, and interpreting ambiguous regulatory guidance for novel situations. Trust-based relationships and contextual judgment. |
| Regulatory change monitoring & horizon scanning | 5% | 4 | 0.20 | DISP | NLP tools scan regulatory publications, flag relevant changes, and summarise impacts. Production tools do this end-to-end. Human reviews prioritised output. |
| Total | 100% | 3.25 |
Task Resistance Score: 6.00 - 3.25 = 2.75/5.0
Displacement/Augmentation split: 45% displacement, 55% augmentation, 0% not involved.
Reinstatement check (Acemoglu): Yes. AI creates new tasks: validating AI-generated risk assessments, assessing AI/ML model risk as a new operational risk category, evaluating algorithmic bias exposure, and interpreting AI-specific regulatory requirements (EU AI Act risk classifications). The role is transforming to include AI oversight as a core function.
Evidence Score
| Dimension | Score (-2 to 2) | Evidence |
|---|---|---|
| Job Posting Trends | 0 | BLS projects 6% growth for Financial Analysts (13-2051) 2024-2034. Operational risk postings stable across major banks (JPMorgan, Citi, HSBC, Barclays). No clear growth or decline at mid-level specifically. Competition increasing as efficiency gains reduce headcount needs. |
| Company Actions | -1 | European banks plan to cut 200,000 jobs as AI takes hold (TechCrunch, Jan 2026). Back- and middle-office risk roles targeted for 30% efficiency gains. JPMorgan CEO Dimon: "displaced people from AI." 54% of banks have AI in production. But redeployment, not mass elimination — 2026-2028 is the projected inflection point. |
| Wage Trends | -1 | Glassdoor average $109,393. Some sources show operational risk analyst median declining from $68,222 (2023) to $67,318 (2025). Stagnating in real terms when adjusted for inflation. No premium growth signal for mid-level analysts. |
| AI Tool Maturity | -1 | Production tools performing 50-80% of core analytical tasks with human oversight: Archer AI, ServiceNow GRC, MetricStream, IBM OpenPages, SAS OpRisk, Workiva. Automated KRI monitoring, loss event categorisation, regulatory reporting, and dashboard generation. 48% of banks expect AI in risk within two years. |
| Expert Consensus | 0 | CFA Institute (Feb 2026): "AI is reshaping bank risk." Deloitte/ORX: augmentation not elimination. Fortune (Dec 2025): experts say AI finance job takeover is "more hype than takeover — for now." Mixed — transformation is clear, displacement timeline uncertain. |
| Total | -3 |
Barrier Assessment
Reframed question: What prevents AI execution even when programmatically possible?
| Barrier | Score (0-2) | Rationale |
|---|---|---|
| Regulatory/Licensing | 1 | FRM/PRM certifications desirable but not legally mandated. Basel framework requires "qualified" risk professionals for compliance — not a hard licensing barrier like medicine or law, but creates moderate regulatory friction for full automation. |
| Physical Presence | 0 | Fully remote capable. Desk-based analytical work. |
| Union/Collective Bargaining | 0 | Financial services sector, at-will employment. No significant union protection for risk analysts. |
| Liability/Accountability | 2 | Operational risk failures can result in regulatory fines, enforcement actions, and personal accountability under the Senior Managers & Certification Regime (SM&CR in the UK) and similar frameworks globally. Someone must sign off on risk assessments and be accountable for capital adequacy. AI has no legal personhood. |
| Cultural/Ethical | 1 | Regulated financial institutions expect human risk professionals to present risk assessments to boards and regulators. Risk appetite decisions carry institutional weight that requires human accountability. But acceptance of AI-assisted analysis is growing rapidly among CROs. |
| Total | 4/10 |
AI Growth Correlation Check
Confirmed at 0 (Neutral). AI adoption creates new operational risk categories — model risk, algorithmic bias, AI system failures, prompt injection attacks on banking AI — which theoretically increases demand for operational risk oversight. But AI tools simultaneously automate the analytical, monitoring, and reporting work that constitutes the bulk of this role. The net effect is neutral: new risk categories expand scope while automation compresses headcount. The surviving analyst covers more ground with AI tools; the total number of analysts shrinks.
JobZone Composite Score (AIJRI)
| Input | Value |
|---|---|
| Task Resistance Score | 2.75/5.0 |
| Evidence Modifier | 1.0 + (-3 x 0.04) = 0.88 |
| Barrier Modifier | 1.0 + (4 x 0.02) = 1.08 |
| Growth Modifier | 1.0 + (0 x 0.05) = 1.00 |
Raw: 2.75 x 0.88 x 1.08 x 1.00 = 2.6136
JobZone Score: (2.6136 - 0.54) / 7.93 x 100 = 26.1/100
Zone: YELLOW (Green >=48, Yellow 25-47, Red <25)
Sub-Label Determination
| Metric | Value |
|---|---|
| % of task time scoring 3+ | 80% |
| AI Growth Correlation | 0 |
| Sub-label | Yellow (Urgent) — >=40% task time scores 3+ |
Assessor override: None — formula score accepted. Score sits 1.3 points above the Red boundary. This is a borderline role. The barriers (4/10, primarily liability/accountability) are the difference between Yellow and Red. See Step 7a.
Assessor Commentary
Score vs Reality Check
The 26.1 score sits just 1.3 points above the Red zone boundary. This is a borderline assessment. Barriers are doing meaningful work: liability/accountability (2/10) reflects the structural reality that someone must sign off on operational risk assessments under regulatory regimes like SM&CR — but this protects the function, not necessarily the headcount. A team of 8 operational risk analysts becoming a team of 3 with AI tools still requires human sign-off. The formula captures this correctly: the role survives in transformed form, but most current practitioners face displacement or redeployment within their institutions.
What the Numbers Don't Capture
- Function-spending vs people-spending. Banks are investing heavily in GRC platforms and AI risk tools — Archer, ServiceNow, MetricStream deployments are accelerating. This spending on risk technology does not translate to spending on risk headcount. The CRO's budget grows; the analyst headcount shrinks. ProSight's finding that 54% of banks have AI in production and 48% expect AI in risk within two years is a leading indicator of team compression.
- The 30% efficiency gains signal. Multiple sources cite 30% efficiency gains as the target for middle-office risk roles. A 30% efficiency gain in a team of 10 means 3 fewer analysts, not 10 analysts working 30% less. Banks optimise for cost, not leisure.
- Bimodal distribution. The 80% of task time scoring 3+ masks the fact that the remaining 20% (scenario analysis and stakeholder engagement) scores a 2 — deeply human work. The average of 2.75 understates both the displacement risk on the analytical side and the protection on the judgment side.
- Delayed trajectory. The 2026-2028 inflection point identified by Deloitte, Citigroup, and Bloomberg Intelligence means current evidence (stable postings, mixed consensus) may understate a building threat. The tools are in production; the workforce restructuring lags.
Who Should Worry (and Who Shouldn't)
If your daily work is pulling data from GRC platforms, generating KRI dashboards, compiling regulatory reports, and categorising loss events against Basel taxonomies — you are functionally Red Zone regardless of the Yellow label. This is exactly what Archer, ServiceNow, and IBM OpenPages automate end-to-end. The analyst whose value is data handling and report production is being replaced by the platform itself.
If you facilitate scenario workshops that make senior executives uncomfortable, investigate novel operational failures that don't fit existing categories, and interpret ambiguous regulatory guidance for your institution's specific risk profile — you are safer than Yellow suggests. The analyst who can walk into a room of business unit heads and challenge their control assumptions provides value AI cannot replicate.
The single biggest separator: whether you are a data processor who happens to work in risk, or a risk thinker who happens to use data. The data processors are being absorbed into GRC platform workflows. The risk thinkers are being promoted to cover more ground with fewer people.
What This Means
The role in 2028: The surviving operational risk analyst is a "bionic" risk professional — using AI-powered GRC platforms for all monitoring, reporting, and pattern detection while spending their time on scenario analysis, stakeholder challenge, emerging risk identification (especially AI/ML model risk), and regulatory interpretation. Teams of 8-10 compress to 3-4 covering the same scope.
Survival strategy:
- Master GRC platform AI capabilities. Become the analyst who configures and interprets Archer/ServiceNow/MetricStream AI outputs, not the one replaced by them. Platform expertise becomes a moat.
- Specialise in AI/ML operational risk. Model risk management, algorithmic bias assessment, and AI governance are new risk categories that didn't exist 3 years ago — and they require operational risk methodology applied to novel territory.
- Build scenario facilitation and stakeholder challenge skills. The 20% of the role that scores 2 (scenario analysis + stakeholder engagement) is where the human value concentrates. Invest there.
Where to look next. If you're considering a career shift, these Green Zone roles share transferable skills with this role:
- AI Auditor (Mid) (AIJRI 64.5) — Risk assessment methodology and regulatory knowledge transfer directly to auditing AI systems for bias, fairness, and compliance
- Actuary (Mid-to-Senior) (AIJRI 51.1) — Quantitative risk modeling and scenario analysis skills map to actuarial work, though FSA/FCAS exams require significant investment
- Cybersecurity Risk Manager (Senior) (AIJRI 55.4) — Operational risk framework experience translates to cyber risk management, especially with Basel/regulatory background
Browse all scored roles at jobzonerisk.com to find the right fit for your skills and interests.
Timeline: 2-4 years for significant team compression. The tools are in production now; the workforce restructuring is the lagging indicator. 2026-2028 is the inflection point identified across multiple analyst firms.
