Head of Operational Risk (Virtual Bank)

About Ascend Money

Ascend Money is a leading fintech company providing innovative payment and financial services across 7 countries in the Southeast Asian Region.

Established in 2013, Ascend Money became Thailand's first fintech unicorn in 2021. Its flagship service TrueMoney today has become the most popular digital financial application that enables ease of payments and convenient financial lifestyle.

TrueMoney's extensive agent network as well as offline and online payment services also enable millions of users across the region to access innovative financial services, leading them to better lives.

Job Summary

The Head of Operational Risk Management will lead the design, implementation, and oversight of the Operational Risk Management Framework (ORMF) for the virtual bank, ensuring compliance with Basel III's Standardized Approach (SA) for Operational Risk Capital Calculation and Bank of Thailand's (BoT) risk management guidelines. This role will proactively identify, assess, mitigate, and monitor operational risks, ensuring a strong risk culture and effective internal controls across the bank's digital operations.

Key Responsibilities:

1. Operational Risk Strategy & Framework (ORMF) Basel III & BoT Compliance

• Develop and implement a comprehensive Operational Risk Management Framework (ORMF) aligned with Basel III and BoT regulations.
• Establish operational risk policies, procedures, and governance structures.
• Embed a Three Lines of Defense (3LoD) risk governance model across all functions.
• Ensure risk aggregation across business units, considering internal and external risk factors.

2. Risk Identification, Assessment & Mitigation

• Oversee Risk and Control Self-Assessments (RCSA) to systematically identify and mitigate operational risks.
• Develop and monitor Key Risk Indicators (KRIs) with defined escalation thresholds.
• Conduct scenario analysis and stress testing, incorporating extreme but plausible risk events.
• Ensure risk control measures are embedded in business processes, technology, and vendor relationships.

3. Capital Calculation Basel III Standardized Approach (SA)

• Implement the Standardized Approach (SA) for Operational Risk Capital Calculation as per Basel III.
• Monitor and report the Business Indicator Component (BIC) and Internal Loss Multiplier (ILM) to determine risk-weighted capital adequacy.
• Work with finance and risk teams to validate operational risk loss events for capital allocation.

4. Incident Management, Loss Data Collection & Regulatory Reporting

• Establish and oversee the Operational Loss Event Database (LED) for tracking financial and non-financial risk events.
• Conduct root cause analysis (RCA) for major risk incidents and recommend remedial actions.
• Report operational risk exposures to senior management, risk committees, and regulators (BoT, Basel III requirements).

5. Business Continuity Management (BCM) & Crisis Response

• Develop and implement Business Continuity Planning (BCP) and Disaster Recovery (DR) frameworks, ensuring resilience against cyber threats, fraud, and system failures.
• Ensure compliance with BoT's Business Continuity Management (BCM) policy, including regular BCP testing and crisis simulations.
• Establish incident response procedures for major cyber risks, fraud, and system disruptions.

6. Third-Party & Outsourcing Risk Management

• Monitor risks related to outsourcing agreements, third-party vendors, and cloud service providers, ensuring compliance with BoT's Outsourcing Risk Management Guidelines.
• Conduct vendor due diligence, risk assessments, and contract risk reviews.
• Ensure data privacy, cybersecurity, and fraud risk controls are in place for third-party engagements.

7. Technology & Cyber Risk Management

• Oversee IT, digital banking, and cybersecurity risks by working closely with IT security teams.
• Ensure compliance with BoT's Cyber Resilience Framework (CRF) and Basel III's Principles for Operational Resilience.
• Implement risk controls for AI-driven credit decisions, mobile banking, and digital fraud prevention.

8. Governance, Regulatory Compliance & Stakeholder Engagement

• Lead operational risk committee meetings, ensuring alignment with the Board Risk Committee (BRC).
• Ensure compliance with BoT regulations, Basel III ORMF requirements, and local risk governance laws.
• Work with internal and external auditors, regulators, and compliance teams for periodic reviews and assessments.

9. Culture, Leadership & Training

• Drive a risk-aware culture across all business units through structured training and engagement programs.
• Provide ongoing ORM training for risk champions, business units, and senior leadership.
• Lead, mentor, and develop a high-performing operational risk team.

Qualifications:

• Bachelor's or Master's degree in Business Administration, Finance, Economics, Risk Management, or a related field.

• Minimum 10+ years of experience in Operational Risk, Risk Management, Internal Audit, or Banking Operations, with at least 5 years in a leadership role.

• Strong knowledge of Bank of Thailand regulations, AMLO, OIC, and international operational risk frameworks (e.g., Basel, ICAAP).

• Proven ability to lead teams, influence senior stakeholders, and establish risk governance across complex organizations.

• Excellent analytical, problem-solving, and communication skills with the ability to translate risk insights into actionable recommendations.

• Strong leadership, negotiation, and stakeholder management skills with a collaborative mindset.

Your Skills:

• Strategic mindset with the ability to balance regulatory compliance and business growth.
• Strong ability to analyze complex risks, design practical controls, and implement solutions.
• Excellent communication and presentation skills to influence senior management and regulators.
• Leadership that inspires risk-aware culture and cross-functional collaboration.
• High adaptability and resilience in a fast-changing digital banking environment.