Group Process Owner – Operational Risk

Group Process Owner (Operational Risk, Enterprise Risk, Policy Governance & Internal Control Management) (1-2 positions)

Roles & Responsibilities

During Project Implementation

  • Define and standardize ORM, ERM, Policy Governance, and Internal Control Management frameworks, methodologies, and taxonomies.
  • Design and align end-to-end processes, including:
  • ORM (RCSA, incident management, KRI)
    • ERM (risk appetite, aggregation, scenario analysis)
    • Policy Governance (lifecycle, approval, attestation)
    • Internal Control Management (control library, testing, issue management)
  • Provide business requirements and validate system design/configuration.
  • Ensure alignment of data models, process, and workflows across entities.
  • Support data migration, cleansing, and validation (risk, control, and policy data).
  • Lead UAT execution, including scenario design and validation.
  • Review integration outputs and ensure data completeness and accuracy.
  • Provide go-live readiness and sign-off.
  • Drive chang management across the group through training, knowledge transfer, and group wide communication.

 

After Go-Live (BAU)

Operational Risk Management (ORM)

  • Perform risk identification, assessment, and monitoring (RCSA cycles).
  • Monitor incident reporting and root cause analysis.
  • Track and analyze KRIs and risk trends.
  • Ensure control effectiveness and timely remediation.

Enterprise Risk Management (ERM)

  • Conduct enterprise-wide risk assessments and scenario analysis.
  • Aggregate and analyze risk exposures across entities and domains.
  • Monitor risk appetite and escalate breaches.
  • Provide risk insights to senior management and Board.

Policy Governance

  • Manage policy lifecycle (creation, review, approval, renewal, retirement).
  • Ensure policy compliance, attestation, and exception tracking.
  • Coordinate policy updates aligned with regulatory changes.
  • Drive policy awareness and communication across the organization.

Internal Control Management (ICM)

  • Monitor control execution and effectiveness across entities.
  • Perform control testing and validation activities.
  • Track and manage control deficiencies and remediation actions.
  • Support audit activities and provide control evidence.

Cross-Domain Responsibilities

  • Drive adoption and long-term sustainability and end-to-end process adoption through training, knowledge transfer, and group wide communication.
  • Ensure data quality, consistency, and governance across ORM, ERM, Policy, and Controls.
  • Analyze risk, control, and compliance trends to identify systemic issues.
  • Support audit and regulatory reviews, ensuring readiness and evidence availability.
  • Drive continuous improvement, process optimization, and risk culture enhancement.
  • Conduct training and awareness programs across stakeholders.

 

Competencies / Experience

  • 6–8 years of experience in Operational Risk Management, Enterprise Risk Management, risk aggregation, scenario analysis, Policy Governance, and Internal Control Management
  • Experience in financial services, fintech, insurance (preferred)
  • Strong data governance and risk analytics capabilities
  • Stakeholder management and cross-entity coordination skills
  • In-depth understanding of relevant risk and compliance processes, risk frameworks (e.g., Basel, COSO, COSO ERM), system integration, data flows,
  • Familiarity with GRC tools related to Operational Risk Management, Enterprise Risk Management, and/or Policy & Compliance modules
  • Experience in process design and continuous improvement
  • High level of accountability, attention to detail, good communication skills, strong analytical and problem-solving skills
  • Professional certifications such as CIA, CFA, CRMA, or GRCP are an advantage
  • Excellent written and verbal communication skills in Thai and English