Posted By
Posted in
Banking & Finance
Job Code
1409758
VP-Enterprise Risk Management
Enterprise Risk Management - VP/Reporting To CAO Ideation of the Role
- This role is a global role of Enterprise risk, Compliance and Business Continuity. Responsible for the development, implementation and oversight of the global ERM program including to identify, measure, monitor, and improve the risk posture of the company.
- Vision of the Role Role Spectrum: A. Set up the ERM function encompassing Enterprise risk, Compliance and Business Continuity. B. Establish and communicate ERM vision across the organization C. Define risk governance structure with clear roles and responsibilities
- Improve risk information needed to support strategic decision making throughout the organization.
- Understand risks and interrelationships to help drive performance, value, and brand.
- Consistently identify and assess risk. Objectives and Responsibilities of ERM VP/ Sr. VP Leadership/Supervisory Role:
- Set up the overall risk appetite for the company and drive the measurement of risks against the risk appetite.
- Integrate & Align strategic objectives and organizational Risk management policies in respect to strategic management process.
- Facilitate sharing of risk management best practice across the organization
- Develop monitoring methods to highlight performance of ERM Framework.
- Monitor the application and effectiveness of risk management processes
- Ensure that a comprehensive and continuous risk identification process is in place
- Identify Risk Ownership. Strategy: Instrumental in designing the ERM Strategy leading to:
- Integrate Risk management with strategic management process.
- Develop and communicate ERM policies.
- Establish, communicate, and facilitate use of appropriate ERM methodologies, tools & techniques
- Establish and follow-up an appropriate framework to facilitate collection and analysis of data and information.
- Implement appropriate risk reporting to the Audit Committee and CEO.
- Align companies risk management framework to COSO / ISO31000 risk management standards Developing risk registers conducting RCSAs, defining KRIs
- Drive automation/ process efficiency in managing risk registers and monitoring KPIs identified to help business understand early signals and act. Collaboration:
- Plays a highly collaborative role, building solid cross-functional relationships with all business units and management across the business spectrum.
- Partners with other operations, clients, L&D and HR function to determine Risk program priorities, roll-out plans, set program deadlines, ROI and analytics.
- Collaborates with departmental heads and managers, to identify areas that requiring training and to develop program requirements unique to each department in respect to ERM.
- Experience working closely with the Technology team to secure information, create, and implement strategies to minimize the variety of risks that could threaten the firm s key information. - Track the risk metric no. of risks identified risks materialized predict risk severity Reporting & Analytics:
- Ensure effective data governance, reporting and measures ERM program delivery quality, which ensures continuous improvement, maintenance, and adjustment in program delivery.
- Facilitate periodic enterprise wide risk assessment.
- Ensure Comprehensive Mitigation Action Planning. - Monitor and report the progress of Mitigation Action Plans.
- Ensure that cultural issues with respect to Risk Management are effectively managed. - Monitor the Top entity level risks.
- Periodically review risk policies, procedures, reporting templates and framework to ensure everything is up to date.
- Operationalize the risk register into measurable business KPIs. Put in place digitisation plans for tracking such measurable KPIs.
- Track such KPIs on a monthly basis and flash the same to the leadership for needful attention and action.
- Annual refresh of the risk registers across all business units. Monitors and analyses risks within the company's business units and reports action planning on these risks to the Board.
- Ensures the organization's risk management policies and strategies are in compliance with applicable regulations, rating agency standards, and strategic imperatives of the organization. Knowledge:
- Good knowledge of infosec principles such as ISO 27001, NIST, COBIT, etc. - Knowledge of GDPR requirements and experience in related projects.
- Ownership of the Enterprise Risk Management architecture for the company.
- Experience in Disaster recovery.
- Be part of key business reviews and understand overall business risk landscape. Note: The above statements are intended to indicate the general nature and level of work being performed by employees within this classification. They are not intended to be an exhaustive list of all responsibilities, duties and skills required of employees assigned to this job. Employees in this job may perform other duties as assigned.
Experience & Competencies:
- CA / MBA- Premier Institute, or related field
- 15+ years' experience in relevant experience in risk management and operations, with at least 10 years in a leadership/management capacity
- Enterprise Risk Management Certified Professional (ERMCP) or equivalent.
- Thorough understanding of ISO 31000 and COSO Framework.
- Set up a quarterly/ monthly review to identify new and emerging risks with the key business leaders and create an effective review cadence.
- Oversees or monitors all operational risk management activities of the organization.
- Help build a risk-based audit program.
- Candidate must be from Internal Audit + ERM Background.
- ISO qualification is Mandatory.
- CBCP (business continuity) is an added advantage.
- Previous experience in auditing, risk assessment and finance are plus.
- Ability to write / revise policies and guidelines and maintain Risk Register.
- Possesses refined communication skills and advanced speaking capabilities.
- Be empathic, enthusiastic, and passionate about working in ERM culture.
- Big4 experience preferred.
- Good grasp of the COBIT fundamentals which underpin IT audits.
- Exposure to SOX-related IT reviews, including automated controls, IT general controls reviews, and baselining system-generated reports
Didn’t find the job appropriate? Report this Job
Posted By
Posted in
Banking & Finance
Job Code
1409758