Risk and Compliance Manager

at  AIA

Do meaningful work with us. Every day.
At Amplify Health, we’re looking for individuals with ambition, resilience and passion for healthcare, insurance, wellness and digital technology. As a fast-growing business with the ambition of making people and communities across Asia healthier, we have exciting career opportunities available to help us achieve our vision.
As Risk Manager, you will report to and support the Head of Risk and Compliance to drive, execute and manage the end-to-end Risk Management Framework and its effective implementation across business and in accordance with the Board and regulatory requirements.
How you would make a difference

1. Risk and Compliance Governance:

• Support the Head of Risk and Compliance to drive implementation and continuously enhance Amplify Health’s Risk Management Framework as well as lead and embed Risk Management Framework by working as a second line of defense, for all categories of risk, in all parts of the business.
• Establish and assess the adequacy of internal risk controls and monitor that the Business is operating within limits and policies.

1. Strong Risk and Compliance Culture:

• Instill risk ownership amongst functional leaders to promote proactive, positive, risk culture, which is embedded and aligned with the business, and contributes to protecting company’s reputation and assets.
• Work closely with the Group Compliance and Functions to deliver Compliance and ethics training and awareness activities; facilitate ethics awareness; drive risk culture enhancement programmes to foster and embed a resilient risk-aware, culture of ethics and compliance.
• Develop and implement compliance training programs to educate employees and increase their awareness of the latest legal and ethical standards that apply.

1. Risk and Compliance Management:

• Provide second line review and advice on new initiatives, key projects from risk and compliance perspectives. This includes, but is not limited to, operational risks, data privacy and artificial intelligence on major organisation’s initiatives to ensure that the risk are identified timely and are actively managed with risk mitigation are appropriately implemented.
• Support organisation’s Data Privacy Officer and work closely with internal stakeholders to ensure adequate information security and protection of confidential data in accordance with Personal Data Privacy Act.
• Identify and proactively manage the key risks, with the corresponding controls embedded in the respective policies & standards. Work with business functions on risk treatment plans and monitor execution status.
• Assess the impact of new/revised regulatory and conduct impact and gap analysis on the changes. Partner with functional teams on the implementation.
• Embed operational risk framework and processes for governance, risk and control, and help establish a forward looking / proactive view on operational risks and opportunities.
• Conduct annual risk & controls assessment and review Amplify Health’s key risks and controls within the business to ascertain their operating effectiveness. Continuously evaluate the effectiveness of the risk and compliance program by measuring and monitoring key risk and compliance activity and trends, participating in Risk and Compliance forums.
• Effective communication of risk and compliance matters including timely, complete, and accurate reporting and/or escalation in accordance with relevant protocols, including regular reporting to board and relevant management committees.
• Manage and support internal/external audit engagement. Oversee and guide business units in the development and management of action plans in response to audit findings.
• Provide oversight and support on general compliance matters/Group initiatives, including localisation of Group Compliance policies, standards and guidelines where required.
• Be involved in new initiatives/projects and provide compliance advisory to business units to address regulatory and Group requirements.
• Support Group Compliance in investigation of cases reported through “Ethics Hotline” till closure and manage any personal data protection-related queries and complaints.

What you need to be successful

• At least 10 years of relevant work experience in Operational Risk, Compliance and Data Privacy, preferably in Financial Institution or Health Care related area
• Good operational risk and compliance understanding on emerging and current standards, regulations and best practices including but not limited to Data privacy, protection, business continuity, third party risk management. Knowledge on technology platforms including enterprise technologies (Cloud, DevOps etc.) is an added advantage.
• Strong knowledge of Operational Risk Standards, Compliance and Industry Standards frameworks as well as relevant of regulatory requirements, e.g. Data privacy laws
• Ability to work independently as well as in a team
• Experience in a startup an advantage
• Substantial stakeholder management experience
• Relevant certifications an advantage, i.e. Certified information Privacy Professional (CIPP), Certified Information Privacy Manager (CPIM), Certified in Governance of Enterprise IT (CGEIT), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC).

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date

Please refer the Job description for details