Group Process Owner – Business Continuity Management

Group Process Owner (Operational Risk, TPRM (Non-IT) & Business Continuity Management) (1-2 positions)

Roles & Responsibilities

During Project Implementation

  • Define and standardize ORM, TPRM (Non-IT), and BCM frameworks, methodologies, and taxonomies. Design and align end-to-end processes, including:
    • ORM (RCSA, incident management, KRI)
    • TPRM (vendor onboarding, due diligence, risk assessment, monitoring)
    • BCM (BCP lifecycle, testing, crisis management)
  • Provide business requirements and validate system design/configuration.
  • Ensure alignment of data models, process, and workflows across entities.
  • Support data migration, cleansing, and validation (risk, vendor, and BCP data).
  • Lead UAT execution, including scenario design and validation.
  • Review integration outputs and ensure data completeness and accuracy.
  • Provide go-live readiness and sign-off.
  • Drive chang management across the group through training, knowledge transfer, and group wide communication.

 

After Go-Live (BAU)

Operational Risk Management (ORM) – Group Oversight & Entity Execution

  • Perform risk identification, assessment, and monitoring (RCSA cycles).
  • Monitor incident reporting and root cause analysis.
  • Track and analyze KRIs and risk trends.
  • Ensure control effectiveness and timely remediation of issues.

Third-Party Risk Management (Non-IT TPRM) – Group Oversight & Entity Execution

  • Oversee third-party lifecycle management (onboarding, due diligence, risk assessment, ongoing monitoring, exit).
  • Monitor vendor risk profiles and enforce remediation actions.
  • Ensure compliance with outsourcing and vendor risk regulations.
  • Maintain accurate and complete vendor risk data.

Business Continuity Management (BCM) – Group Oversight & Entity Execution

  • Ensure BCP lifecycle management (plan development, review, approval, testing, and maintenance).
  • Monitor BCP testing results and recovery readiness.
  • Manage incident/disruption response and lessons learned.
  • Ensure alignment with regulatory and resilience requirements.

Cross-Domain Responsibilities

  • Drive adoption and long-term sustainability and end-to-end process adoption through training, knowledge transfer, and group wide communication.
  • Ensure data quality, consistency, and governance across ORM, TPRM, and BCM.
  • Analyze risk, vendor, and disruption trends to identify systemic issues.
  • Support audit and regulatory reviews, ensuring readiness and evidence availability.
  • Drive continuous improvement, process optimization, and risk culture enhancement.
  • Conduct training and awareness programs across stakeholders.

 

Competencies / Experience

  • 6-8 years of experience in Risk Management, Compliance, BCM, or Third-Party Risk
  • Experience in financial services, fintech, insurance (preferred)
  • In-depth understanding of Operational Risk Management (ORM) frameworks (e.g., Basel, COSO), Third-Party Risk / Outsourcing Risk Management, Business Continuity Management (BCM) standards (e.g., ISO 22301)
  • Familiarity with GRC tools related to Operational Risk Management, Third Party Risk Management, and/or Business Continuity Management modules
  • High level of accountability, attention to detail, good communication skills, strong analytical and problem-solving skills
  • Experience in process design and continuous improvement
  • Strong data governance and risk analytics capabilities
  • Stakeholder management and cross-entity coordination skills
  • Professional certifications such as CIA, CRMA, or GRCP are an advantage
  • Excellent written and verbal communication skills in Thai and English