Risk Manager

  • 10K
  • Kuala Lumpur, Malaysia
  • Permanent, Full time
  • Standard Chartered Global Business Services Sdn Bhd
  • 19 Sep 17

The Risk Manager role is responsible for and has oversight over Operational Risk management, control management and audit management across the function that has been assigned to the role. This role is key and responsible for continuing improvements in the function’s approach to risk identification and mitigation, control management and audit engagement within the framework set out by the relevant authorities. This operations role ensures a constant state of preparation, readiness and continuous improvement across process, risk management and reduction, audit success, documentation, MIS systems and reporting.

Risk Reviews

  • Scope and plan thematic risk / control reviews aligning with the function’s key objectives, Group Internal Audit themes and key risk areas (may include suppliers where appropriate)
  • Scope and plan risk / control reviews of significant new projects
  • Provide guidance to Risk Controllers on execution of risk / control reviews
  • Track material actions and risks arising from the reviews
  • Provide support and guidance on control design to Risk Controller and Process Owner. Review and approve proposed addition of or change in controls
  • Review and agree changes and / or new KRI with ITO R&C / UORM
  • Represent the Function as the Single Point of Contact (SPoC) on internal and external audits and Subject Matter Expert (SME) on the audit working practices
  • Ensure that the affected function (and units within) are sufficiently prepared for upcoming audits
  • Review adequacy of management response to audit findings
  • Review progress and timely closure of audit findings
  • Share thematic risk & audit findings across functions and units.

Process Risk Analysis (PRA)

  • Initiate PRAs as needed to support efforts in reviewing process and control effectiveness and risk identification
  • Review and endorse outcomes of PRA and track material actions and risks that arise from it
  • Provide support and guidance on control design to Risk Controller and Process Owner. Review and approve proposed addition of or change in controls
  • Review and agree changes and /or new KRI with ITO R&C /UORM

Risk Committee Meetings

  • Ensure that all risk committee meetings within the function operates within the approved Terms of Reference (ToR), including membership, agenda, frequency, etc.
  • Facilitation of and pack production for the functional risk committee meetings. Provide challenge to ensure robust Risk Management practice
  • Provide governance support to the Risk Controller at the unit risk committee meetings
  • Submission of risk and control related details to Senior Management risk committee within schedule and at the required quality

Management Information

  • Ensure that management (and any other stakeholder as required) is kept aware of the risk, control & audit profile of the function through periodical reporting
  • Ensure that all management information is produced in line with the defined schedule and quality and should support management decision and action
  • Ensure integrity of source and the processing of data to deliver accurate representation in management information

Validation of Controls: Key Risk Indicators (KRI)

  • Review trend analysis of exceptions and identify systemic failures
  • Identify material exceptions and escalate

Risk Management (records in Enterprise Operational Risk Platform (EORP))

  • Review and endorse new and changed records (including treatment plans and risk ratings)
  • Oversight of completeness and integrity of data.

People Management

  • Manage both the functional delivery as well as people management (employee engagement, remuneration, development, etc) aspects of Risk Controllers in the team

Change Management

  • SPoC for the function on any Risk, Control or Audit change initiatives from Group or Technology Governance
  • Drive implementation and adoption of agreed initiatives across the function including training, communication and awareness.

Requirements : 

  • At least 2 years experience in Operational Risk within technology
  • At least 5 years experience in any (combination of) technology discipline
  • An in-depth understanding of controls required to manage Technology Risk and preferable experience with tools that have been used in the industry to do so
  • An understanding of technology Project Lifecycle and the associated controls required through project delivery to manage and mitigate risk
  • Knowledge of approaches, tools, techniques for recognising, anticipating, and resolving operational or process problems
  • Confident and self-motivated leader with experience in effectively negotiating with and influencing others in a matrix environment
  • Ability and confidence to operate across a wide range of seniority levels, functional divides, locations and businesses
  • Be able to create and tailor clear and concise verbal and written communications to different audiences, fluent written and spoken English language skills
  • Possess a pro-active posture and committed to continuous improvement
  • Good presentation skills
  • Demonstrable analytical thinking
  • Data analysis and reporting skills
  • A team player who enjoys working with people on all levels as well as being able to work independently and under pressure to meet tight deadlines.


The following skills are not a pre-requisites, but will be advantageous:

  • Practical experience in engaging / managing technology audit engagement or being a member of a technology audit team
  • Experience in implementing ITIL or Cobit
  • Organizational Change Management experience. Plan for and overcome the issues encountered with change, deliver sustainable change
  • Project management experience / background, ideally with distributed teams
  • Experience in any other risk management discipline (Credit, Market..etc)
  • Experience working in a financial institution industry
  • Tertiary qualifications in IT, Business Administration or Commerce
  • ITIL Foundation certified
  • Certification in CRISC (Certified in Risk and Information Systems Control certification), Certification in CISA (Certified Information System Auditor) or any other related qualification would be beneficial
  • Any Cobit related certification would be beneficial