Risk Manager  

Role Summary:

As part of the second line of defense, the Risk Manager is responsible in assisting the Head of Risk Management to identify, assess, mitigate, report, and monitor financial and non-financial risks in ATRAM Group in accordance with the risk policy and procedures. The role holder is accountable for designing, developing, and implementing the Risk and Control Self-Assessment (RCSA), Key Risk Indicators (KRI), Key Control Indicator (KCI), and risk event management together with the relevant stakeholders. The responsibility includes coordinating with compliance/internal and external audit to address all concerns on regulatory requirements and findings.

Main Duties and Responsibilities:

• Act as a second line of defense to proactively manage the enterprise risks and losses. The risk comprises of financial and non-financial such as but not limited to operational, reputational, compliance/regulatory, strategic, investment, information & cyber security
• Provide training on new risk framework, policy and procedures to the first line of defense
• Communicate changes in risk framework, policy, and procedures to the first line of defense and ensure that this is understood by all stakeholders
• Provide constructive feedback to the Head of Risk Management and Senior Management on improvement to risk framework, policy, and procedures
• Work closely with stakeholders to design, develop, and improve the Risk and Control Self-Assessment (RCSA) and to update the Key Risk Indicator (KRI), Key Control Indicator (KCI), and its tolerance/threshold levels
• Identify emerging risk exposures and trends
• Revisit RCSA, KRI/KCI when there is a new emerging risk/audit or regulatory finding and perform RCSA and KRI refreshment on yearly basis
• Ensure periodic RCSA testing and KRI collection wherein pieces of evidence are retained within timelines to assess the proper function and adequacy of existing controls
• Review launch of new products, services, and other initiatives against the strategic plans of the year to assure that material risks are appropriately identified and mitigated by input action plans
• Engage with the stakeholder to identify risk/loss and determine if it is unique to the area or have wider upstream or downstream implications
• Provide guidance to stakeholders who assesses the identified risk/loss to ensure risk rating as prescribed in the Risk Management Manual
• Ensure that action plans are directed at the root cause of the identified risk/loss/exception on RCSA testing/KRI & KCI trigger and are appropriate, prioritized, and sustainable to mitigate residual risks.
• Assure that the risk/process owner of each action is clearly assigned, and realistic target dates are set in order to protect the overdue issue
• Accurately, completely, and timely record operational errors that result in financial losses and near miss, exceptions on KRI/KCI trigger in risk system
• Report significant risk/loss to Head of Risk Management and Senior Management
• Propose control improvements, enhancements and simplifications where appropriate
• Implement, maintain, and update the Business Continuity Management (BCM) Program to ensure critical business functions can continue and provide for the safety of employees and overall organization following an incident or business disruption
• Coordinate with compliance/internal and external audits to solve regulatory/audit findings, track aging, periodic follow up to ensure that all findings are remediated by committed timeliness and that the actual root cause are being addressed
• Monitor and record significant risk and loss events, audit & regulatory finding, and conduct lessons learned to create awareness
• Assist the Head of Risk Management in the end-to-end Risk Management Committee process ensuring high quality risk dashboards and minutes are drafted on a timely basis with all actions clearly documented and proactively followed up
• Handle the operational risk incident reporting by Business Units and review using comprehensive root cause analysis
• Handle the risk management activities in support with the Investments Unit on determining and monitoring investment risk exposures

• Bachelor or higher degree in Risk Management, Finance, Accounting, Financial Engineering or a related field is required
• Minimum 5 years’ experience in operational risk and/or internal audit in a banking or financial industry/technology business or BIG4 auditing firms
• Professional certifications (e.g., CIA, CISA, CISM, CRISC, CISSP, CPA, ISO 31000 CRM) are required
• Strong communication skills (i.e., speaking, reading, and writing)
• Strong proven analytical/reporting skills and attention to details