Job Description:
1. GRC Implementation - PMO / GRC Champion
- Act as the primary liaison with Group GRC COE and ensure alignment with group standards
- Oversee data governance, configuration integrity, and cross-entity consistency
- Monitor platform adoption, usage, and data quality, and drive issue resolution
- Consolidate feedback and support continuous improvement and BAU embedding
2. GRC Implementation - Process Owner / Data Owner
- Own end-to-end processes across 7 GRC modules (Master, Incident, ERM, ORM, ITRM, TPRM, BCM)
- Define entity-specific requirements, standards, and access controls
- Ensure data accuracy through validation, cleansing, and integration oversight
- Lead UAT, provide go-live sign-off, and drive ongoing performance and improvement
3. Other Risk Oversight & Management Activities (if applicable)
- In addition, support broader risk oversight and management activities across the entity, including:
- Ongoing risk monitoring to ensure alignment with internal policies and regulatory requirements
- Oversight of risk management practices and execution across key functions
- Identification of emerging risks, with timely mitigation and escalation
- Management reporting and provision of risk insights to support decision-making
Qualification:
- At least 5-7 years work experience with Enterprise risk management, GRC implementation, and risk governance within a group‑wide environment.
- Proven track record in leading end‑to‑end GRC platform implementation as PMO, Process Owner, and Data Owner, ensuring alignment with Group standards, data governance, and cross‑entity consistency.
- Strong expertise across multiple GRC domains including ERM, ORM, ITRM, TPRM, BCM, incident management, and master data, with hands‑on experience in UAT, go‑live execution, BAU embedding, and continuous improvement.
- Experienced in broader risk oversight activities, including ongoing risk monitoring, emerging risk identification, regulatory alignment, and senior management reporting to support informed decision‑making.
- Understanding of core risk management principles and enterprise risk management frameworks
- Knowledge of GRC concepts and governance structures across group‑wide environments
- Understanding of Enterprise Risk Management (ERM), including risk identification, assessment, and monitoring
- Knowledge of Operational Risk Management (ORM) processes, controls, and incident management
- Understanding of Information Technology Risk Management (ITRM) and technology‑related risk considerations
- Knowledge of Third Party Risk Management (TPRM) and risk oversight of outsourced and vendor relationships
- Understanding of Business Continuity Management (BCM) principles, including impact assessment and resilience planning
- Familiarity with risk appetite, risk limits, and escalation mechanisms
- Basic understanding of regulatory expectations related to risk management and governance
- Ability to interpret risk information and support effective risk reporting and decision‑making
