Enterprise Risk Management Professional
The role of an Enterprise Risk Management Professional is to oversee the organisation's risk framework and ensure that it aligns with the company's risk appetite. This involves leading initiatives to embed enterprise risk frameworks, driving improvements in risk reporting and analytics, and supporting the operationalisation of risk appetite statements.
1. Key Responsibilities:
* Embed enterprise risk frameworks aligned with the company's risk appetite and delegation framework.
* Drive improvements in risk reporting, analytics, and visualisation to support decision-making.
* Support the operationalisation of risk appetite statements and guide risk owners in embedding controls into business processes.
* Champion the integration of the GRC platform and contribute to system optimisation efforts.
2. Assurance and Control Testing:
* Lead the delivery of assurance activities including RCSA (risk control self-assessments), walkthroughs across Lines 1 and 2, and control testing.
* Use data insights to identify control gaps and improvement opportunities, collaborating with control owners to implement enhancements.
* Guide stakeholders on effective control design and foster a culture of continuous improvement.
3. Audit Planning and Remediation:
* Assist in scoping the annual audit plans in line with enterprise risks and business priorities across licenses and entities.
* Support coordination of internal and external audit engagements, ensuring timely information flow between business units and auditors.
* Track audit actions and drive remediation plans with stakeholders.
4. Business Continuity Planning (BCP):
* Lead the update of Business Impact Analyses (BIA) and the implementation of business continuity testing.
* Support documentation and training programs to ensure readiness across global functions.
* Collaborate with business units/teams to assess disaster recovery capabilities and test outcomes.
5. ICT Risk:
* Collaborate with IT, Cybersecurity, and Compliance to strengthen ICT risk monitoring and enhance third-party risk management practices.
* Support key risk reviews, coordinate penetration testing, and contribute to cybersecurity control enhancements.
* Maintain oversight of ICT risk indicators and associated risk treatment plans.
6. Incident and Issue Management:
* Lead cross-functional business process incident reviews, ensuring swift resolution and clear post-incident analysis.
* Promote a lessons-learned culture by helping teams identify root causes and implement preventative measures.
* Maintain oversight of the issue register and contribute to reporting on emerging risks and systemic themes.
7. Audit and Risk Committee Secretary:
* Assist in preparing board and committee reports, particularly for the Audit and Risk Committee.
* Draft meeting minutes for committee approval and regulatory engagements.
* Track actions and activities arising from committee meetings to ensure progress and delivery of outcomes.