Group Process Owner – Technology Risk

Group Process Owner (Technology Risk Management, Cybersecurity Risk Management & IT Third-Party Risk Management) (1 position)

Roles & Responsibilities

During Project Implementation

  • Define and standardize ITRM, Cybersecurity Risk, and IT TPRM frameworks, methodologies, and taxonomies.
  • Design and align end-to-end processes, including:
    • ITRM (IT risk assessment, control frameworks, risk register)
    • Cybersecurity Risk (threat/vulnerability management, incident response, security controls)
    • IT TPRM (vendor onboarding, IT due diligence, risk assessment, continuous monitoring)
  • Align with cybersecurity frameworks and standards (e.g., ISO 27001, NIST, CIS).
  • Provide business and technical requirements and validate system design/configuration. Ensure alignment of data models, integrations, and workflows across systems (e.g., IAM, SOC, vulnerability tools).
  • Support data migration, cleansing, and validation (IT assets, risks, vulnerabilities, vendor data).
  • Lead UAT execution, including scenario design and validation.
  • Review integration outputs and ensure data completeness, accuracy, and security compliance.
  • Provide go-live readiness and sign-off.
  • Drive chang management across the group through training, knowledge transfer, and group wide communication.

 

After Go-Live (BAU)

Technology Risk Management (ITRM) & Cybersecurity Risk Management

  • Perform IT risk identification, assessment, and monitoring across systems and applications.
  • Maintain and monitor IT risk registers and control effectiveness.
  • Track and analyze technology risk trends and exposures.
  • Ensure timely remediation of identified IT risks and control gaps.
  • Monitor cyber threats, vulnerabilities, and security incidents.
  • Oversee vulnerability management, patching, and security control effectiveness.
  • Analyze cyber risk trends and incident root causes.
  • Ensure alignment with cybersecurity policies, standards, and regulatory requirements.

IT Third-Party Risk Management (IT TPRM)

  • Oversee IT vendor lifecycle management (onboarding, due diligence, risk assessment, monitoring, exit).
  • Assess and monitor technology risks associated with third-party providers.
  • Ensure compliance with outsourcing, data security, and technology risk regulations.
  • Maintain accurate and complete IT vendor risk data.

Cross-Domain Responsibilities

  • Drive adoption and long-term sustainability and end-to-end process adoption through training, knowledge transfer, and group wide communication
  • Ensure data quality, consistency, and governance across IT risk, cyber, and vendor domains.
  • Analyze technology, cyber, and vendor risk trends to identify systemic issues.
  • Support audit and regulatory reviews, ensuring readiness and evidence availability.
  • Drive continuous improvement, process optimization, and cyber risk awareness.
  • Conduct training and awareness programs for IT and business stakeholders.

 

Competencies / Experience

  • 6–10 years of experience in IT Risk, Cybersecurity, IT Controls (e.g., ISO, NIST), and IT Third Party Risk Management
  • Familiarity with GRC tools related to Risk Management, Cybersecurity & Vulnerability Management, and Third-Party Risk Management
  • In-depth understanding of relevant risk and compliance processes, system integration and data flows
  • High level of accountability, attention to detail, good communication skills, strong analytical and problem-solving skills
  • Experience in process design and continuous improvement
  • Strong data governance and risk analytics capabilities
  • Stakeholder management and cross-entity coordination skills
  • Professional certifications such as Certified Information System Auditor (CISA), Certified Data Privacy Solutions Engineer (CDPSE), ISO27001:2022 Lead auditor – Provisioning, ISO 22301:2012 – Implementation, or GRCP are an advantage
  • Excellent written and verbal communication skills in Thai and English

 

 

Job Description : Non-Tech PMO (1 Position) – Contract

 

Roles & Responsibilities

During Project Implementation

  • Establish and manage project governance structure, frameworks, and reporting standards.
  • Develop and maintain integrated project plans, including timelines, milestones, and dependencies.
  • Track and manage deliverables, risks, issues, and interdependencies across workstreams, and escalate critical issues to senior management for timely resolution.
  • Coordinate across Group, entities, vendors, and internal teams
  • Facilitate governance forums, including Steering Committees and working group meetings.
  • Manage project communications, status reporting, and documentation control. Support budget tracking, procurement processes (PR/PO), and financial reporting. Govern change request process, including tracking, documentation, and approvals.
  • Ensure alignment between business, functional, and technical teams.

 

After Go-Live (BAU)

Project & Enhancement Governance

  • Manage and track enhancement backlog, change requests, and delivery pipeline.
  • Ensure prioritization aligns with business needs, regulatory requirements, and system capacity.

Performance Monitoring & Reporting

  • Track SLA performance, system usage, and operational KPIs.
  • Provide regular reporting to management on system performance and delivery status.

Financial & Vendor Management

  • Monitor AMS budget, vendor performance, and cost tracking.
  • Support procurement, billing validation, and contract management.

Documentation & Audit Support

  • Maintain project and system documentation for governance and audit purposes.
  • Support regulatory and audit requests with required documentation and reporting.

Cross-Functional Coordination

  • Act as central coordination point across business, IT, AMS, and GRC teams.
  • Ensure timely issue resolution and escalation management.

 

Competencies / Experience

  • 8-10 years of experience in Project Management
  • Experience in large-scale transformation or system implementation projects
  • Experience in financial services, fintech, insurance or regulated environments (preferred)
  • Strong knowledge of project management methodologies (e.g., Agile, Waterfall, Hybrid)
  • Experience in PMO governance, planning, and reporting Understanding of GRC implementation lifecycle (preferred)
  • Proficiency in project management tools (e.g., MS Project, Jira, Confluence)
  • Familiarity with financial tracking and procurement processes
  • Understanding of system implementation and integration environments
  • Strong organizational and coordination skills
  • Excellent communication and stakeholder management
  • Ability to manage multiple priorities and work under pressure
  • High attention to detail and problem-solving mindset
  • Excellent written and verbal communication skills in Thai and English

 

 

Job Description : Group GRC Design & Governance Authority (2 Positions)

 

Roles & Responsibilities

During Project Implementation

  • Act as the Group GRC Design Authority, ensuring regulatory alignment, standardization of taxonomy, processes, and controls, as well as governance over centralized master data across all entities.
  • Own Change Governance, including reviewing and approving design changes and deviations from agreed standards, conducting impact assessments (compliance, control, and reporting), validating requirements and fees, prioritizing changes, overseeing AMS, and endorsing UAT prior to production release.
  • Provide quality assurance and advisory oversight on business and functional requirements, test scenarios, and design changes to ensure accuracy, sustainability, and Group-wide alignment.
  • Challenge and validate test scenarios, UAT approach, and key deliverables to ensure readiness and effectiveness.
  • Ensure sustainable cross-entity integration and consistency of GRC processes, data, and system configurations across subsidiaries.
  • Serve as the central accountability point for Group GRC oversight, managing stakeholder alignment, escalations, and continuous capability enhancement.
  • Ensure cross-entity alignment and standardization during implementation.

 

After Go-Live (BAU)

Continuous Improvement & Capability Enhancement

  • Identify systemic issues and structural gaps; drive Group-level improvements and well as AI enhancement.
  • Govern enhancement backlog prioritization to align with regulatory and control needs.
  • Promote best practices and maturity uplift across entities.

Change Governance & Control

  • Own and manage change governance, including:
    • Impact assessment (regulatory, control, reporting)
    • Requirement validation and approval
    • Prioritization and alignment with Group objectives
  • Review and endorse UAT results prior to production release.

Quality Assurance & Independent Oversight

  • Perform independent QA and validation of data, processes, and configurations.
  • Challenge process effectiveness and data reliability across entities.

Regulatory & Audit Alignment

  • Ensure ongoing compliance with regulatory requirements and internal policies.
  • Support audit activities and regulatory reviews with governance oversight.

Cross-Entity Alignment & Escalation

  • Act as central authority to resolve cross-entity inconsistencies and conflicts.
  • Manage stakeholder alignment and escalations across business and IT teams.

Master Data Governance

  • Review and perform a group-wide impact analysis to ensure consistency and identify potential conflicts for each centralized master data request (risk, control standards, process grouping, and organizational structure). Decide whether to proceed with or reject the request.

Competencies / Experience

  • 8-10 years of experience in Risk, Compliance, Internal Audit, or GRC Governance
  • Proven experience in enterprise-wide GRC transformation or system implementation
  • Experience in financial services, fintech, insurance or regulated environments (preferred)
  • Deep expertise in enterprise GRC frameworks and governance models
  • Strong understanding of risk, compliance, audit and control domains
  • Experience in multi-entity standardization and operating models
  • Experience with GRC platforms (e.g., Archer or similar tools)
  • Understanding of data models, workflows, and system configuration principles
  • Familiarity with system integration and reporting structures
  • Strong strategic thinking and decision-making capability
  • Ability to challenge constructively and enforce governance standards
  • Excellent stakeholder management and conflict resolution skills
  • Strong analytical and problem-solving mindset
  • Professional certifications such as CIA, CRMA, or GRCP are an advantage
  • Excellent written and verbal communication skills in Thai and English

 

 

Job Description : Change (1 position) – Contract

 

Roles & Responsibilities

During Project Implementation

  • Owns the overall change strategy, stakeholder engagement, impact assessment, and adoption roadmap across the Group.
  • Develops and executes communication plans, prepares leadership messaging, and manages stakeholder alignment across entities.
  • Designs capability-building programs to ensure business readiness.
  • Coordinate with entities to drive local change execution, gather feedback, manage resistance, and ensure subsidiary-level readiness and adoption.
  • Tracks readiness metrics, monitors adoption KPIs, supports UAT coordination, and identifies areas requiring reinforcement.

 

After Go-Live (BAU)

Adoption & Behavioral Change

  • Monitor and drive sustained system adoption and process compliance across entities.
  • Promote advanced usage and maturity of GRC processes and system capabilities.

Performance Monitoring & Insights

  • Track and analyze adoption KPIs, user behavior, and engagement metrics.
  • Identify adoption gaps and areas requiring reinforcement.

Communication & Reinforcement

  • Execute ongoing communication strategies to reinforce key messages and updates.
  • Maintain alignment with business, risk, and compliance stakeholders.

Training & Capability Development

  • Deliver refresher training and continuous learning programs.
  • Update training materials to reflect system enhancements and process changes.

Change Impact for Enhancements

  • Assess and manage change impacts for new releases, enhancements, and regulatory updates.
  • Ensure smooth rollout and adoption of changes across entities.

Continuous Improvement

  • Gather feedback from users and stakeholders to improve adoption strategies and user experience.
  • Drive continuous improvement in change management practices and GRC maturity.

 

Competencies / Experience

  • 5–7 years of experience in Change Management, Transformation, or Organizational Development
  • Experience in large-scale system implementation or transformation programs
  • Experience in financial services, fintech, insurance or regulated environments (preferred)
  • Strong knowledge of change management frameworks
  • Experience in stakeholder engagement, communication, and training design
  • Understanding of business transformation and adoption challenges
  • Familiarity with GRC systems or enterprise platforms (preferred)
  • Ability to interpret adoption metrics and user analytics
  • Experience with learning platforms or communication tools
  • Strong communication and influencing skills
  • Ability to drive behavioral change and manage resistance
  • Excellent stakeholder management across multiple entities
  • Strong analytical and problem-solving mindset
  • Excellent written and verbal communication skills in Thai and English