Assistant Vice President, Group Operational Risk

About FWD Group

FWD Group is a pan-Asian life and health insurance business that serves approximately 30 million customers across 10 markets, including BRI Life in Indonesia. FWD’s customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the Main Board of The Stock Exchange of Hong Kong Limited under the stock code 1828.

For more information, please visit www.fwd.com

PURPOSE

Key operational risk management role for the Group Risk team, and subject matter expert in Information Security, Technology, Digital and AI Risk Management. Ensure the development of policies; control procedures and capabilities to ensure the effective identification, assessment and mitigation related risks. Delivering Information Security, Technology, and Digital and AI Risk Management expertise and advise to the business users in Group Office and countries enabling them to manage their information risk efficiently and effectively.  Own the design, execution and delivery of risk management framework and strategy on Information Security, Technology, and Digital and AI Risk Management.

KEY ACCOUNTAIBILITIES

• Manage  second line risk oversight of Technology, Information Security, Data, Digital and AI.
• Define clear 2nd line roles and responsibilities and deliverables on Information Security, Technology, Digital and AI Risk Management.

• Key strategic resource on uplifting of relevant Key Risk Indicators supporting Group Risk Appetite Statement and manage the roadmap design & execution, and subsequently influence countries and provide guidance.

• Identify any potential risk exposure in Business Units and  Group Office and provide recommended solutions and assessment to mitigate related risks.
• Identify the appropriate systems/ vendor to strategically support the enhancement of risk management delivery
• Ensure development and implementation of risk strategies, policies and control frameworks that would help identify, asses and report risk exposures arising from the use of information security, Technology, Artificial Intelligence.
• Provide advice and support to the Group Board / Local Boards and Risk Committees to ensure the effective risk management in the subject matter expert areas.
• Oversee developing technology, information security, digital and AI risk management reporting, in coordination with first line and across multiple countries
• Manage engagement with Senior management through the preparation and presentation of risks analysis and reports.
• Oversee the support for the first line and manage the coordination of work with Compliance both at GO and BUs in demonstrating compliance to laws, regulations and industry standards that govern Cybersecurity, Technology, Digital and AI Risks,
• Assume ownerships of proper escalation and follow-up on Technology, Information Security, Digital, AI and Data issues and incidents.
• Guide and provide 2nd line input on group policies / standards across Group & country Cyber Security, Digital, AI, Data
• Oversee group-wide testing on internal control on key processes / policy compliance around Technology, Information Security, Digital, AI and Data.
• Oversee the review and evaluation of various risk assessments on key initiatives under Technology, Digital and AI to ensure the related risks are managed within the risk appetite
• Oversee the build and own relevant elements of  risk policies and standards on Technology, Digital and AI  and oversee compliance to these policies/standards from Group Office level and to subsequently guiding countries
• Monitor regulations and global/regional trends on technology/cyber security/AI/Data to consider potential change in risk profile to FWD.
• Enhance technology/cyber security/AI/Data risk management awareness e.g. training, workshops.
• Support ad-hoc projects as required.

QUALIFICATIONS / EXPERIENCE

• A minimum of 15 years Technology, physical security and business continuity related experience with at least 5 years of risk management experience in financial institutions
• 5+ years’ work experience in Asia.
• Bachelors or Graduate Degree on related topic
• Direct experience of insurance industry preferred
• Prior experience of interaction at Board level and work in a regional context preferred

KNOWLEDGE & TECHNICAL SKILLS

• At least one of relevant professional certifications, such as CISSP, CISA, or CISM.
• Demonstrated exceptional written and verbal communication skills.
• Understanding of current cyber Security, Digital, AI, Data and regulatory trends affecting financial institution.
• Excellent interpersonal skills and the ability to work effectively with people in a wide range of positions and levels.
• Demonstrated ability to analyze Cyber Security, Digital, AI, Data  related risks,
• Able to execute tasks in a high-pressure environment.
• Strong leadership skills include the ability to build/train high performing teams and influence stakeholders.
• Conversational level local language skills a plus