Director of Operational Risk Management – Risk Governance Division

Job Description

• Propose and advise the Division’s Board on developing internal policies, regulations, procedures, and guidelines for enterprise-wide operational risk management: operational risk management framework; operational risk limits; regulations, procedures, and guidance on operational risk tools, outsourcing risk, IT risk, fraud risk; business continuity management.
• Conduct research and maintain in-depth knowledge of operational risk, fraud risk, IT risk, and outsourcing risk; benchmark against the market and refer to international standards (Basel Committee, ISO 27001, COBIT) to identify and comprehensively assess risks across all products, business activities, operational processes, IT systems, and other management systems.
• Collaborate with business units to identify and assess operational risk, IT risk, fraud risk, and outsourcing risk, ensuring compliance with the operational risk framework, risk appetite, and the organization’s strategic direction.
• Develop, guide, and monitor the implementation of methods and tools for identifying and measuring operational risk, IT risk, fraud risk, and outsourcing risk, including: leveraging internal and external audit findings, collecting internal and external loss events, conducting Risk and Control Self-Assessments (RCSA), monitoring Key Risk Indicators (KRI) and business performance metrics, scenario analysis, and process mapping.
• Monitor, supervise, and report on risk status, including operational risk, outsourcing risk, IT risk, and fraud risk, to provide early warnings and identify potential breaches of risk limits.
• Develop monitoring criteria and fraud risk warning indicators: propose criteria and scenarios to suggest preventive measures and mitigate internal and external fraud risk.
• Develop, guide, and monitor the implementation of fraud risk measurement models and tools.
• Coordinate and guide business units in developing/updating business continuity plans and monitor their execution.
• Issue alerts regarding operational risk events, IT risk, fraud risk, and outsourcing risk.
• Prepare internal and external reports on operational risk management in accordance with internal regulations.
• Communicate and provide training on issued policies, regulations, and procedures related to operational risk management.
• Collect feedback and address issues arising from the implementation of operational risk management policies, proposing timely adjustments or updates.

Requirements

• Education:
  • Bachelor’s degree or higher in Economics, Banking & Finance, Actuarial/Mathematical Economics, Economic Law, or Information Technology.
• Skills:
  • Strategic planning, work organization, task delegation, and project management.
  • Leadership, decision-making, and talent development.
  • Effective communication and presentation skills.
  • Negotiation and persuasion skills to coordinate with relevant units.
• Experience:
  • Minimum 10 years of experience in the Finance/Banking sector, including at least 5 years in risk management.
  • Strong knowledge of operational risk, fraud risk, IT risk, outsourcing risk, and business continuity planning (BCP).
  • Understanding of methodologies for building fraud risk measurement models.
  • Knowledge of international standards and best practices (Basel, COBIT, ISO27001).
  • Ability to conduct independent research, organize, and coordinate project implementation.
  • Preference for candidates with proven experience in successfully implementing IT risk management and fraud risk management.