PURPOSE:
- Support to implement Enterprise Risk Management, Information Security, Business.
- Continuity Plan and Cyber Security
KEY OUTPUTS:
I. Enterprise Risk Management:
- Support in promoting and implementing the Company’s Enterprise Risk Management (ERM) Framework including: Risk Appetite framework, Capital Management plan, Stress testing, Sensitivity Analysis, KRI/KCI assessment, Own Risk and Solvency Assessment (ORSA) process;
- Support in preparing and maintaining Company’s Risk Register, Key Business, Risk profile, Risk Map;
- Support in providing advices to Risk Owners on risk treatments with follow-up risk mitigating actions;
- Support in promoting Risk Culture via: training, coaching, knowledge sharing to other divisions and risk owners;
- Provide Company’s Risk reports to Senior Management Team, Member of Council and Regional Holding Company with timely and accurate information for business decision-making.
- Monitor and escalate emerging risks and urgent issues leading to Company’s
potential risk exposure. - Secretary for ERM Committee meeting
II. Information Security (IS):
- Support to develop and maintain Information Security Control Framework, including the annual Information Security key activities and/or initiatives;
- Facilitate the liaison among related divisions/branches to remediate information security deficiencies and mitigating information risks at all areas of operation;
- Promote information security awareness and practice via trainings and campaigns.
- Secretary for IS Committee meeting.
III. Business Continuity Management:
- Support in developing and maintaining Business Continuity Management Framework;
- Support in developing and implementing annual Business Continuity Planning (BCP) key activities, including business impact analysis, scenarios response plan and drill testing;
- Liaise with Incident Response Team (IRT) and Functional Response Team (FRT) in case of emergency.
