About Oceanpayment
Oceanpayment (OP) is a fast-growing cross-border payment institution licensed by the Monetary Authority of Singapore (MAS) as a Major Payment Institution (MPI), providing domestic money transfer, cross-border money transfer, and merchant acquisition services across Singapore, Hong Kong, and European markets.
We are building a Risk & Compliance function that is genuinely fit for a regulated, technology-driven, multi-jurisdictional payments business. Many of the frameworks, processes, and reporting rhythms you will be responsible for are being built or matured — and that is exactly the opportunity this role offers.
The Role
As Enterprise & Operational Risk Manager, you will own the ERM and ORM lifecycle at Oceanpayment — from risk identification and assessment through issue management, remediation tracking, business continuity, outsourcing governance, and Board reporting. You will be the internal expert on operational resilience, BCM/DR, third-party risk, working closely with the CRO, MLRO, Regulatory Compliance Manager, IT/Operations, and legal counsel.
What You'll Do
Enterprise Risk Management
- Build and maintain the ERM framework: risk appetite, risk taxonomy, risk register, KRIs, and risk reporting for Board and senior management
- Conduct enterprise-wide risk identification and heat map assessments on a regular and event-driven basis
- Support the MLRO in the AML/CFT enterprise-wide risk assessment; lead broader enterprise and operational risk assessments across relevant non-financial risk areas
- Drive scenario analysis and operational resilience testing across the business
Operational Risk Management
- Own the issue management lifecycle — identification, root cause analysis, remediation ownership, escalation, and closure verification
- Facilitate Risk and Control Self-Assessments (RCSAs) and maintain KRI/KCI frameworks with defined escalation thresholds
- Provide operational risk input into new products, processes, and market entry assessments
BCM & Disaster Recovery
- Design and maintain a BCM programme aligned to relevant regulatory Guidelines
- Develop and maintain Business Impact Analyses, Business Continuity Plans, and Crisis Management Plans
- Coordinate and execute BCM/DR testing exercises; document results and drive gap remediation
- Ensure critical systems meet defined RTO and RPO
Third-Party & Outsourcing Risk
- Own the Third-Party and Outsourcing Risk Management framework in line with MAS Outsourcing Guidelines
- Maintain the outsourcing register covering material and non-material arrangements; ensure regulatory notification, consultation, or disclosure requirements are identified and met where applicable
- Conduct vendor due diligence and periodic reviews of critical service providers, including cloud and technology vendors
- Ensure intra-group outsourcing arrangements are appropriately documented, risk-assessed, and disclosed
Governance & Reporting
- Produce risk reports for the Board, Risk Governance Committee, and senior management
- Coordinate with external auditors and internal audit on risk-related findings and remediation
- Prepare management responses to audit findings on ORM, BCM, outsourcing, and ERM governance
What We're Looking For
Beyond the technical profile, we are looking for someone who:
- Energized in building and enhancing ERM/ORM frameworks
- Continuously updates their risk practice as regulatory expectations and operational environments evolve
- Is curious about how AI and emerging tools can improve risk monitoring, RCSA processes, issue management, and reporting
- Can engage credibly with regulators, auditors, and industry bodies on operational risk topics
- Stays close to industry developments in operational resilience, outsourcing, and technology risk
- Brings structure and discipline without losing sight of what is proportionate for a scaling fintech
Experience & Qualifications
Essential
- 8–12 years in enterprise risk, operational risk, or a related discipline within financial services, with at least 3 years in payments, fintech, or banking
- Hands-on experience building or operating BCM/DR programmes, including BIA, BCP development, and live test coordination
- Strong working knowledge of MAS Technology Risk Management Guidelines and MAS Outsourcing Guidelines in a payment institution context
- Experience designing third-party/outsourcing risk frameworks, including vendor due diligence and outsourcing registers
- Proven track record managing issue tracking, root cause analysis, and remediation across complex environments
- Clear, confident risk reporting to Board and senior management audiences
Advantageous
- Exposure to HKMA or CSSF/DORA operational resilience requirements
- CRISC, CISA, CBCP, ISO 22301 Lead Implementer or equivalent
- Experience with GRC tools (e.g., Archer, MetricStream)
- Mandarin proficiency for regional stakeholder engagement
What We Offer
- Full ownership of the ERM/ORM function at a licensed, scaling payment institution
- Broad scope across enterprise risk, BCM, outsourcing governance, and operational resilience
- Direct reporting line to the CRO with genuine influence over risk strategy
- Regional exposure across Singapore, Hong Kong, and Luxembourg
- Competitive compensation commensurate with experience
- Support for professional development and risk certifications
