Risk and Compliance Manager

**Where you would add value**

As Risk and Compliance Manager, you will report to and support the Head of Risk and Compliance to drive, execute and manage the end-to-end Risk Management Framework and its effective implementation across business and in accordance with the Board and regulatory requirements.

**How you would make a difference**

1. Risk and Compliance Governance:

- Support the Head of Risk and Compliance to drive implementation and continuously enhance Amplify Health’s Risk Management Framework as well as lead and embed Risk Management Framework by working as a second line of defence, for all categories of risk, in all parts of the business.
- Establish and assess the adequacy of internal risk controls and monitor that the Business is operating within limits and policies.

2. Strong Risk and Compliance Culture:

- Instil risk ownership amongst functional leaders to promote proactive, positive, risk culture, which is embedded and aligned with the business, and contributes to protecting company’s reputation and assets.
- Work closely with the Group Compliance and Functions to deliver Compliance and ethics training and awareness activities; facilitate ethics awareness; drive risk culture enhancement programmes to foster and embed a resilient risk-aware, culture of ethics and compliance.
- Develop and implement compliance training programs to educate employees and increase their awareness of the latest legal and ethical standards that apply.

3. Risk and Compliance Management:

- Provide second line review and advice on new initiatives, key projects from risk and compliance perspectives. This includes, but is not limited to, providing information security and data controls review on major technology initiatives to ensure that the security and data protection standards and requirement are met, and risk mitigation are appropriately implemented.
- Perform the responsibilities of the organisation’s Data Privacy Officer and work closely with internal stakeholders to ensure adequate information security and protection of confidential data in accordance with Personal Data Privacy Act.
- Identify and proactively manage the key risks, with the corresponding controls embedded in the respective policies & standards. Work with business functions on risk treatment plans and monitor execution status.
- Assess the impact of new/revised regulatory and conduct impact and gap analysis on the changes. Partner with functional teams on the implementation.
- Embed technology risk framework and processes for governance, risk and control, and help establish a forward looking / proactive view on emerging technology risks and opportunities.
- Conduct annual risk & controls assessment and review Amplify Health’s key risks and controls within the business to ascertain their operating effectiveness. Continuously evaluate the effectiveness of the risk and compliance program by measuring and monitoring key risk and compliance activity and trends, participating in Risk and Compliance forums.
- Effective communication of risk and compliance matters including timely, complete, and accurate reporting and/or escalation in accordance with relevant protocols, including regular reporting to board and relevant management committees.
- Manage and support internal/external audit engagement. Oversee and guide business units in the development and management of action plans in response to audit findings.
- Provide oversight and support on general compliance matters/Group initiatives, including localisation of Group Compliance policies, standards and guidelines where required.
- Be involved in new initiatives/projects and provide compliance advisory to business units to address regulatory and Group requirements.
- Support Group Compliance in investigation of cases reported through “Ethics Hotline” till closure and manage any personal data protection-related queries and complaints.

**What you need to be successful**
- At least 8 years of relevant work experience in Technology Risk, Compliance and Data Privacy, preferably in Financial Institution or Health Care related area
- Good technology risk and compliance understanding on emerging and current standards and best practices regarding Data privacy, protection, security and technology platforms including enterprise technologies (Cloud, DevOps etc.).
- Strong knowledge of Technology Risk Standards and Industry Standards frameworks as well as relevant of regulatory requirements, e.g. Data privacy laws
- Ability to work independently as well as in a team
- Experience in a startup an advantage
- Substantial stakeholder management experience
- Relevant certifications an advantage, i.e. Certified information Privacy Professional (CIPP), Certified Information Privacy Manager (CPIM), Certified in Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC).