FIND YOUR BETTER AT AIA
If you believe in better, we'd love to hear from you.
About the Role
Supports the Board, the 3 Risk Committees (Risk Oversight, Financial Risk and Operational Risk), the AIA Group and AIAF Executives in developing and maintaining an appropriate Risk Management Framework.
Operational Risk
- Develop and implement the operational risk and control framework and the policy governance framework.
- Draft and maintain AIA risk management policy and the underlying standards.
- Review, challenge, and report on the operational risk profile.
- Monitor material incidents, control weaknesses, key risk indicators, key operational risks, and emerging operational risks.
- Develop enterprise governance, risk and compliance (e-GRC) system to support key control functions activities.
- Work closely with first line of defense subject matter experts, and second and third line of defense control functions to ensure key operational risks are effectively managed.
- Review key initiatives, products and projects from a risk perspective to support business strategic objectives.
- Monitoring draft and new regulation issued by regulator and ensure that the requirement has been adopted.
- Liaise with regulators for regulatory reporting, socialization and correspondences.
- Actively in the association of Indonesian life insurance (called as AAJI) and OJK.
- Managing Risk Oversight Committee (ROC) and Executive Risk Committee (ERC) in regular basis.
- Review signs off circulation: policy/procedure/guidance/working instruction issued by first line.
- To set up, review and monitor company's risk appetites, risk tolerances and risk limits.
- To provide second opinion on the core company activities: Strategic IT, Information Security, Data projects and Strategic Plan.
- To set up Risk Management plan for a whole year and keep the progress update.
- Involvement in the risk culture program to increase awareness on risk among all staff. Furthermore, assess the risk maturity level after the risk culture programs are rolled out.
- To ensure implementation of Third-Party Management (TPM) has aligned with governances by increasing awareness to all staff, reviewing vendor engagement, performing assurance and running TPM committee in monthly basis.
Technology Risk
- To develop, establish, and implement policies and frameworks for IT security and risk management (internal and external requirements).
- To conduct thorough assessments to identify potential risks and vulnerabilities within the organization's IT systems.
- Work closely with IT and business teams to ensure that IT risks are managed effectively
- To monitor closely the result of Security Assessment Framework (SAF).
- To analyse the financial, safety, and security threats that the company may face.
- To provide expert advice to the organization on IT Risk Management matters.
- Keep abreast of industry trends, threats, and vulnerabilities to ensure the organization's IT systems are adequately protected.
Business Continuity Management (BCM)
- Continuity planning and event management, development and facilitation of enterprise-wide event exercises, relationship management with external vendors, and development of corporate policy, standards, and guidelines.
- Design and outline the organisation's BCM goals, objectives and scope for business plans and Crisis Management
- Support and assist in the development of BC planning and goals through Business Impact Assessment (BIA) and Business Continuity Planning (BCP).
- Contribute to developing and maintaining the enterprise-wide business continuity management program, including developing tools and instructional guides.
- Participates as an independent BC professional in support of various other initiatives to achieve the risk management objectives.
- Subject matter expert for business continuity management.
- Report to Management defining ongoing goals, objectives and initiatives.
- Participates in external BCM organizations and keeps abreast of industry best practices and trends.
- Design and facilitate test and exercise on the business plans execution.
