Deputy Manager - Risk Management Division

I. Risk Management

- Lead, develop and maintain Enterprise Risk Management Framework: Risk Appetite Framework (RAF), Capital Management Plan (CMP), Stress Testing, Sensitivity Analysis, Key Risk Indicator/Key Control Indicator (KRI/KCI) assessment, Own Risk and Solvency Assessment (ORSA) process;

- Manage the preparation of the Head Office Excel Model annually;

- Monitor and escalate Emerging risks and urgent issues leading to changes in risk exposure;

- Promote and embed risk culture and conduct Risk Management trainings to equip relevant officers and staff with skills, knowledge and support required to discharge their responsibilities effectively;

- Identify training needs for Risk Management and oversee development of enterprise risk competence and awareness across the Company;

- Liaise with Division Leaders in ensuring completion of quality departmental Risk Registers: prepare and maintain Company’s Risk Register, Key Business Risk Profile, Risk Map;

- Evaluate the adequacy of the Company’s Internal Control framework in addressing risks and accomplishing the Company’s goals and objectives;

- Work with Internal Audit, Enterprise Risk Management Committee and Compliance Committee in ensuring the identification and prioritization of risks and reporting of the same;

- Monitor implementation of action plans to ensure risk mitigation efforts are proceeding as required;

- Monitor and report on compliance with regulatory requirements in Risk Management;

- Any other duty assigned by Division Leader/Management.

II. Information Security (IS)

- Develop and maintain IS Control Framework, including the Annual IS key activities and/or initiatives;

- Facilitate the liaison among related Divisions/Branches to remediate IS deficiencies and mitigating information risks at all areas of operation;

- Promote IS awareness and practice via trainings and campaigns.

- Support Data Protection Officer (DPO) for related activities to ensure compliance with Personal Data Protection regulations

III. Business Continuity Management

- Develop and maintain Business Continuity Management Framework;

- Develop and implement annual BCP key activities, including Business Impact Analysis (BIA), scenarios Response plan and Drill Testing;

- Liaise with Incident Response Team (IRT) and Functional Response Team (FRT) in case of emergencies or incidents to ensure the continuity of business and operation.

IV. Cyber Security (CS)

- Develop the CS Strategy and Roadmap for the Company;

- Develop the Roadmap/Action Plans and Initiatives for CS of the Company;

- Co-operate with relevant Divisions to derive & maintain a holistic CS incident response plan;

- Conduct training and enhance awareness on CS to all staffs.

• University graduation with background in Risk Management and/or insurance business is preferred

• Finance Risk Management or globally recognized Risk Management qualification is a plus

• English fluency, especially speaking and presentation

• At least 3 years of working experience. Experience in Internal Control or Risk Management is preferred

• Innovative mind-set. Tech-savvy is highly welcomed

• Knowledge and experience in ERM; Internal Control, Corporate Governance…

• Excellent in interpersonal, presentation and communication skills

• Well understanding in Insurance industry is a plus;

• Extensive knowledge and experience in Corporate Governance issues, related Internal Controls;

• Understand the financial mechanics as well as the operations of the business