Chuyên viên Quản trị rủi ro (Risk Management Division)

KEY OUTPUTS:

I. Enterprise Risk Management:

1. Support in promoting and implementing the Company’s Enterprise Risk Management (ERM) Framework including: Risk Appetite Framework (RAF), Capital Management Plan (CMP), Stress Testing, Sensitivity Analysis, Key Risk Indicator/Key Control Indicator (KRI/KCI) assessment, Own Risk and Solvency Assessment (ORSA) process;

2. Support in preparing and maintaining Company’s Risk Register, Key Business Risk Profile (BRP), Risk Map;

3. Support in providing advices to Risk Owners on risk treatments with follow-up risk mitigating actions;

4. Support in promoting Risk Culture via: training, coaching, knowledge sharing to other Divisions and Risk Owners;

5. Provide Company’s Risk reports to Senior Management Team, Member of Council and MSIG Asia with timely and accurate information for business decision-making.

6. Monitor and escalate emerging risks and urgent issues leading to Company’s potential risk exposure.

7. Secretary for ERM Committee meeting

II. Information Security (IS):

1. Support to develop and maintain Information Security Control Framework, including the annual Information Security key activities and/or initiatives;

2. Facilitate the liaison among related Divisions/Branches to remediate Information Security deficiencies and mitigating Information security risks at all areas of operation;

3. Promote Information Security awareness and practice via trainings and campaigns;

4. Secretary for IS Committee meeting

III. Business Continuity Management:

1. Support in developing and maintaining Business Continuity Management Framework;

2. Support in developing and implementing annual Business Continuity Planning (BCP) key activities, including Business Impact Analysis (BIA), scenarios response plan and Drill Testing;

3. Liaise with Incident Response Team (IRT) and Functional Response Team (FRT) in case of emergencies or incidents to ensure the continuity of business and operation

4. Secretary for BCP Committee meeting

IV. Cyber Security:

1. Support to develop the Cybersecurity Strategy and Roadmap for the Company; Roadmap/Action Plans and Initiatives for Cybersecurity of the Company

2. Co-operate with relevant Division/Departments to derive & maintain a holistic Cybersecurity Incident Response plan;

3. Conduct training and enhance awareness on Cybersecurity to all staff

RELATIONSHIPS:

- MSIG Vietnam Divisions/Departments, Branches and Representative offices

- MSIG Asia/MSIHO

- Professional Consultants

- Internal Auditor

DECISION MAKING AUTHORITY:

- To act within delegated authority by Head of Risk Management

KEY PERFORMANCE INDICATORS:

- Reporting quality and timeliness

- Information adequacy and completeness

- Advisory quality and timeliness

- Others as agreed in Performance Planning, Reviewing and Development (PPRD).