The Director/Deputy Director, Risk and Compliance, working with the Chief Risk and Compliance Officer (CRCO), is primarily responsible for developing and implementing the Enterprise Risk Management (ERM) and Compliance functions for the Thomson Medical Group (TMG) to ensure effective administration and implementation of the ERM and Compliance practices in TMG.
Responsibilities:
Risk Management
· Oversee the development, implementation and maintenance of a robust Group Enterprise Risk Management Framework to manage the risks of the Group;
· Collaborate with the various teams in the Group including regional entities in the Group to cultivate an enduring culture within the Group that emphasises commitment to risk management, internal controls, ethical standards and compliance to laws, regulations, internal policies and operating procedures;
· Continuously refresh and update the Enterprise Risk Management Policy to ensure relevance of the risk governance structure, roles, responsibilities, supporting processes, information flow, and approach to determining TMG’s risk appetite;
· Keeping abreast with new or changes in the regulatory framework, highlighting the requirements to relevant stakeholders, and working with the stakeholders for the required actions;
· Regularly review and enhance the Risk Management Strategy & process which sets out the structured and logical approach for risk identification, assessment, management, monitoring and reporting/escalation processes based on top-down and bottom-up approaches;
· Regularly review the Risk Governance Structure for the Group which sets out the roles, accountabilities, and decision-making process to provide oversight, ownership, and coordination of risk-related issues in the Group;
· Regularly monitor, review and enhance the Risk Management Process to ensure that it continues to effectively manage risks, including risk identification, risk assessment, risk treatment, as well as risk monitoring, reporting and escalation. This includes:
o Annually update the key risks of the Group
o Semi-annual reporting the ERM plans to the Board
o Quarterly reporting of the Key Risks Metrics to the Senior Management
o Identify controls and formulate action plans to help minimise, manage, and mitigate primary risks and then monitor the progress of these efforts at both the entity and business unit/department levels
o Creating and disseminating risk register, risk analysis reports and progress reports to different stakeholders, including employees, board members, and C-suite executives
o Ensuring that risk management priorities are reflected in the company's strategic plans
· Develop annual training plan for Risk Management and Compliance to create awareness and enhance proficiency and knowledge in these areas;
· Work closely with counterparts in overseas subsidiaries to maintain oversight of the relevant ERM framework and policies to ensure risk management measures are adequate and effective; and
· Working with HODs and to develop policies and SOPs to manage the contract risks including the contracts’ legal risks. This will entail review and/or drafting of contracts and contract templates and in certain cases working with external counsels to review contracts.
Compliance
· Working with relevant departments and internal stakeholders to ensure all functions of the Group comply with existing laws and regulations;
· Develop, refresh and update Group Compliance Policy that spells out the Group’s approach and attitude towards compliance and governance and seek approval of the Audit and Risk Committee;
· Work with the Group Financial Controller and Business Unit Financial Controller on the internal audit findings to ensure that the risk-based audit approach taken ties in closely with the risk management process;
· Assists in the investigation and following up on compliance issues, breaches of laws & regulations, policies and code of conduct;
· Working with Director of HR in providing the analysis and details in the incorporation of risk management, compliance, and audit performance indicators in the annual performance appraisal structure;
· Refresh and update the Code of Ethics and ensure proper dissemination, training and compliance; and
· To ensure the Group complies with the policy on contract management.
Intellectual property and Trademarks
· To manage and ensure the Group’s intellectual properties are protected;
· To develop and implement the Group’s strategy for cost-effective IP and trademark registration in the various jurisdictions; and
· To manage the registration of the Group’s intellectual property and trademarks.
Data Security
· To work with the CRCO to oversee the Group’s Personal Data Protection function including regularly review and enhance the PDP Policy and Standard Operating Procedure, manage the PDP processes;
· Provide training of all staff on data security and PDPA matters; and
· To work with the Director of Digital Technology to develop, implement and monitor the Data Management Policy and process to ensure adequacy of cybersecurity and data management and manage the processes to ensure the confidentiality of data is protected.
Sustainability Reporting
· Oversee the development, implementation and continuous improvement of sustainability policies and procedures;
· Collaborate with cross-functional teams to identify, develop and implement ESG initiatives and strategies that support our sustainability journey and improve resource efficiency;
· Report to the Board and/Audit and Risk Committee on sustainability/ESG related matters and provide secretariat responsibilities for sustainability steering committee and sustainability taskforce;
· Provide oversight on the production of sustainability reports, ensuring accuracy, transparency, and compliance with reporting frameworks such as the Taskforce on Climate-Related Financial Disclosures (TCFD), Global Reporting Initiative (GRI), International Sustainability Standards Board (ISSB) etc, including coordinating the external assurance process for sustainability reports, ensuring alignment with auditing standards and industry best practices;
· Identify and assess potential ESG risks and opportunities, providing recommendations for mitigation and enhancement;
· Monitor, assess and report the organisation’s ESG performance, ensuring alignment with regulatory requirements and industry best practices, including collect, analyse, and report on ESG-related data, working closely with relevant departments to maintain accurate records; and
· Develop and deliver ESG training programs and sustainability communication efforts to enhance employees’ understanding and engagement in ESG initiatives.
Others
· To head or be a member of various committees of the Group or its subsidiaries; and
· To work with the COO of TMPL and various HODs on development, management, regular monitoring of the Business Continuity Plan of the Group. To also work with the TMPL COO and HODs to regularly test, review and refresh the Business Continuity Plans to ensure robust and workable plans.
Requirements:
· Degree or professional qualification in Accountancy or Law or Audit.
· 10 years of relevant experience in accounting, internal audit and/or risk management and compliance.
· Experienced in managing a financial control function with oversight over risk management, controls, governance and compliance.
· Experienced as external or internal auditor, compliance officer or risk management officer at a senior manager or director level.