Job Descriptions:
- Develop, maintain, and continuously improve the Enterprise Risk Management framework, policies, procedures, and manuals.
- Coordinate annual Enterprise Risk Assessments and quarterly Management Control Assessments for key business processes.
- Facilitate risk identification, analysis, evaluation, treatment, and monitoring across business units.
- Develop and monitor Key Risk Indicators (KRIs), thresholds, and escalation triggers.
- Prepare risk reports and dashboards for management and Risk Management Committee meetings.
- Work closely with senior managers, process owners, Internal Audit, Compliance, and other stakeholders to address emerging risks.
- Conduct risk reviews for business initiatives, projects, new products, and process changes.
- Strengthen risk control practices and evaluate effectiveness of mitigating controls.
- Maintain and administer the Delegation of Authority (DOA) framework and coordinate periodic reviews and updates.
- Support governance over Data Protection, Business Continuity Planning (BCP), Information Security, and Third-Party Risk Management.
- Track remediation plans and follow up on risk issues until closure.
- Support regulatory reviews and internal/external audits related to enterprise risk.
- Promote risk awareness and provide guidance and training on ERM and internal controls.
Qualifications:
- Bachelor's degree in Risk Management, Finance, Business Administration, Accounting, Economics, Law, or a related field.
- Master's degree and/or professional certification (e.g., FRM, CRM, CIA, CRISC) is an advantage.
- At least 8–10 years of experience in Enterprise Risk Management, Operational Risk, Internal Control, Internal Audit, Compliance, or related functions.
- Minimum 3 years of experience in a managerial or supervisory role.
- Experience in developing risk frameworks, risk assessments, control reviews, KRIs, and governance reporting.
- Hands-on experience with Delegation of Authority (DOA), policy governance, and cross-functional stakeholder management.
- Experience working with regulatory requirements and coordinating with internal/external auditors is preferred.
- Excellent communication skills, both written and oral (Both of Thai and English)
Knowledge & Technical Competencies:
- Enterprise Risk Management (ERM) principles and frameworks
- Risk assessment methodologies and Management Control Assessment.
- Risk and control design and effectiveness evaluation.
- Delegation of Authority (DOA) governance and policy management.
- Key Risk Indicators (KRIs) and risk reporting.
- Business Continuity Planning (BCP).
- Data Protection, Information Security, and Third-Party Risk concepts.
- Analytical skills and proficiency with reporting tools (Excel, Power BI or similar).
Attributes & Soft Skills:
- Risk-based thinking and analytical mindset.
- Strong communication and stakeholder management.
- Consultative and collaborative approach.
- Problem-solving and sound judgment.
- Attention to detail and high integrity.
- Planning, organization, and project coordination skills.
- Ability to manage multiple priorities and meet deadlines.
- Teamwork and people development mindset.