Professional Documents
Culture Documents
• Develop, implement and maintain the framework (policies and procedures, templates) for Operational
Risk Management (“ORM”) and its underlying sub-risk types; and monitor the adequacy of the
framework. Examples of ORM sub-risk types include business resilience, technology, third party and
outsourcing, data governance, and new product
• Act as subject matter expert (SME) and advise on the implementation of the ORM framework including
risk assessments, due diligence assessments and policy dispensations
• Initiate and oversee risk and control activities such as business process mapping, risk and control self-
assessment (“RCSA”) and Business Continuity Management (“BCM”) testing
• Conduct risk assessments of technologies or processes where required, e.g. Business Impact Analysis
(“BIA”), third party and outsourcing due diligence, new product assessment, etc.
• Facilitate the risk acceptance process that evaluates risk and compensating controls, identify risk
owners and set conditions on risk acceptance and obtain approval for the same
• Work with the Organisation’s “Alpha Risk” team in implementing Fraud rules, using a combination of
best practices, AI and ML tools. Monitor changes to fraud landscape, industry (e.g. digital banking,
fintech and payment) practices and technologies; and enhance the fraud risk strategy to ensure the firm
implements adequate controls across FRM to address these changes
• Monitor new regulatory requirements, conduct gap analyses against new regulations/ guidelines and
the ORM framework, to ensure compliance
• Assign and communicate the responsibilities and authorities of relevant roles
• Participate in IT, information and cyber security incident responses and review related incident reports
submitted to regulators
• Develop and provide training for employees to promote risk awareness and ensure relevant
employees are trained on the policies for OR and its sub-risk types
• Define and propose risk management metrics (e.g. key risk indicator/ key control indicator) to monitor
the risk and control environment; and periodically report to the risk committees to support senior
management in risk oversight and governance
• Monitor that employees / personnel and service providers implement controls that achieve the ORM’s
objectives and is sustainable; including the appropriateness and effectiveness of processes for the
identification, management and control of OR risks
• Monitor and provide oversight on issues and remediations
• Identify and report high risk, emerging risk trends and key issues to risk committees
• Design, implement and maintain risk management tools
• Support internal and external audit/ assessment engagements
Job Requirements: