The Risk Manager is responsible for developing, implementing, and maintaining the organisation's Enterprise Risk Management (ERM) framework to identify, assess, monitor, and mitigate strategic, operational, financial, compliance, cybersecurity, and sustainability-related risks. The role supports management in strengthening governance, risk awareness, internal controls, and business resilience.
This role reports to the Head of Group Risk Management.
Key Responsibilities
- Enterprise Risk Management
- Develop and maintain the organisation's ERM framework, policies, and procedures
- Facilitate periodic risk assessments across business units and functions
- Maintain and update the corporate risk register
- Monitor key risk indicators (KRIs) and emerging risks
- Coordinate risk reporting to senior management, risk committees, and the Board/Audit Committee
- Ensure risk appetite and tolerance levels are clearly defined and monitored
- Governance & Compliance
- Promote a strong risk and governance culture across the organisation
- Support compliance with regulatory, legal, and corporate governance requirements
- Review adequacy of internal controls and recommend improvements
- Coordinate with Internal Audit, Compliance, Legal, and business units on risk-related matters
- Support whistleblowing, ethics, and fraud risk management initiatives where applicable
- Operational & Business Risk Management
- Identify operational, safety, security, procurement, financial, and IT risks
- Facilitate root cause analysis and corrective action tracking for significant incidents
- Support business continuity planning (BCP) and crisis management exercises
- Assess risks relating to new projects, investments, systems, and strategic initiatives
- Sustainability & Emerging Risks
- Monitor emerging risks such as cybersecurity, AI, climate change, ESG, and geopolitical developments
- Support sustainability risk assessments and reporting initiatives
- Conduct environmental scanning and global risk sense-making activities
- Risk Reporting Analysis
- Prepare risk dashboards, heat maps, and management reports
- Analyse risk trends and provide insights to management
- Track mitigation action plans and report overdue items
- Training & Awareness
- Conduct risk management workshops and awareness programmes
- Train risk owners on risk identification, assessment, and reporting methodologies
- Promote accountability and risk ownership across the organisation
Qualifications & Experience
- Degree in Risk Management, Finance, Accounting, Business, Engineering, Law, or related discipline.
- Professional certifications (preferred)
- Institute of Internal Auditors Certified Internal Auditor (CIA)
- Certified Risk Management Professional (CRMP)
- ISO 31000 Risk Management certification
- Chartered Accountant / CPA (advantageous)
- 5-10 years of experience in risk management, internal audit, governance, compliance, or related fields
Key competencies
- Strong analytical and problem-solving skills
- Knowledge of ERM frameworks and internal controls
- Good understanding of governance and compliance requirements
- Strong communication and stakeholder management skills
- Ability to influence senior management
- Report writing and presentation skills
- Data analytics and risk reporting capability
- High integrity and professional judgement
KPIs
- Timeliness of risk reporting
- Completion rate of mitigation actions
- Reduction in overdue high-risk findings
- Risk assessment coverage across business units
- Effectiveness of risk awareness programmes
- Improvement in governance/risk maturity scores
The successful candidate is also expected to assist in insurance works.
