Deputy General Manager - Head of Enterprise Risk Management & Strategic Risk

The position is responsible for supporting Chief Risk Officer / HEAD GRCI for all aspects of the risk delivery. The DGM is also responsible for supporting the CRO/HEAD GRCI in overseeing the daily operations and overall management of the Division. The DGM ensures that GRCI agendas are met efficiently, while maintaining high standards of performance, operational effectiveness and divisional growth in support of CRO/HEAD GRCI. The person will work closely with CRO/HEAD GRCI, implementing Enterprise Risk Management Framework focusing on Tier 1 & 2 risk reporting i.e. Strategic, Operational, Projects & Investment Risks. The person shall also assist the CRO / HEAD in other strategic initiatives. The person shall coordinate with other functional areas in the Company to ensure all risks in the Company are identified, measured, mitigated/managed, and monitored/reported. On top of that, the person shall ensure insurance adequacy and address all queries on all lines of insurances promptly.

JOB DESCRIPTION :

Collaborate with the CRO/HEAD GRCI, to adapt and implement Group risk policies, frameworks, and operating models tailored to organizational needs.

Assist the CRO/HEAD GRCI in preparing and managing matters reported to Risk, Sustainability and Governance (RSGC) Committee reporting. Responsibilities include drafting Agenda, tracking and addressing Matters Arising, preparing and reviewing reports such as Risk Management Report, Group Technology Reports, Sustainability Report and Other Agenda Papers (Hospital License, Anti- Bribery Management System (ABMS), Business Continuity Management (BCM), Report from Medical Advisory Committee (GMACCG), Key Sentinel/Major Incidents quarterly reporting and other papers required by RSGC.

Identify key risks and their indicators in risk reporting and monitoring, oversee the development and execution of mitigation plans.

Lead the end to end risk management process for KPJ in support of CRO/HEAD GRCI which includes an analysis of the financial and non-financial impact when risks occur.

Lead the end-to-end risk management process in support of CRO/HEAD GRCI, including identifying, quantifying, mitigating, and monitoring Tier 1 and Tier 2 risks (strategic, operational, financial, compliance, project and investment risks).

To partner with the Head of Group Services and Head of Business Units to ensure that all Risks (Tier 1 & 2) risks including investment, project risks, top risk and top emerging risks are being considered in their strategic or operational initiatives. This also includes ESG & ABC risk identification and mitigation, implementation of appropriate risk management systems and loss event database are properly identified, quantified, managed and monitored.

Partner and collaborate with other Line of Defence including Group Legal & Advisory Services (GLAS), Group Clinical (GC), Internal Audit Services (IAS), Compliance & Integrity Unit within GRCI and Group Sustainability Services (GSS) to to drive implementation of integrated risk management framework. Key activities include regularly updating and monitoring high-risk medical malpractice active cases and sentinel events at hospitals that could result in viral or reputational damage, Coordinating with Internal Audit to synchronize audit plans and analyze findings for actionable insights, Collaborating with the Compliance and Integrity Unit to identify and address top risks and emerging ABC (Anti-Bribery and Corruption) risks effectively and ensuring the adoption and integration of appropriate risk management systems and maintaining a comprehensive loss event database for enhanced risk visibility and mitigation.

To review and provide an independent assessment view on the key risks associated with projects & investment undertaken with focus on Investment Risks.

To review and challenge the proposals submitted by Hospitals or Subsidiaries on investment of new towers, renovations, major acquisition of assets and divestments by assessing their assumptions, investment costs, scenario analysis, sensitivity analysis, stress testing to evaluate the project resilience under various market conditions.

Be the subject matter expert and change agent on ERM.

Review the key risks associated with proposed major investments and projects (M&As).

Perform horizon scanning to identify emerging risks which may impact the organisation arising from changes in the external environment.

Highlight emerging risks through flash report and emerging risk updates.

Drive and champion risk initiatives/ innovation within the risk management function by integrating AI, machine learning and advanced analytics.

leveraging analytics, machine learning and automation.

Champion innovation within the risk management function by integrating AI, machine learning, and advanced analytics.

Use advanced analytics and predictive modeling to anticipate risks, especially for high-impact areas like market changes, operational disruptions, or cybersecurity.

Create a real-time, enterprise-wide dashboard that consolidates all key risk metrics for better oversight and transparency.

Develop and deliver outreach and engagement activities in support of embedding and strengthening risk management culture and awareness.

Engage more deeply with middle management and front-line staff to embed risk awareness and accountability at all levels of the organization.

Recommend professional certifications and ERM training syllabus for skill enhancement among ERM professionals.

Encourage your team to pursue certifications in advanced risk management, sustainability, or digital tools to improve their skillsets.

Actively participate in risk forums and discussions with senior management to align risk strategies with business goal.

Other business units/functions – Execute and deliver initiatives on a regular basis to identify unique/emerging risks and design risk management strategies to address the risks identified.

Perform adhoc independent risk review and validation for any request on Group’s undertakings.

Develop ERM risk reporting/dashboard, timely communicate/escalate risk events, issues, and compliance with risk policies and limits to key stakeholders in the Company and in the region; manage the Company’s quarterly risk reporting.

Regularly review the Risk Management framework and the operating structure for identifying, assessing, managing and monitoring the risks.

Execute the annual Risk Management processes with key business, stakeholders, update the risk assessment and ensure adequate measures are in place to mitigate the identified risks.

Monitor the risk appetite, identifying key risk management strategies, assessing and profiling of the key risks affecting the achievement of the business plans at group, business division and at a department level.

Develop, refine and review the Risk Register and evaluate the relevance of risks identified across business units in the Group.

Assist Senior Management team in improving risk management / mitigating strategies and techniques, and carrying out follow up action plans and its effectiveness in mitigating / controlling risks.

Review and evaluate the effectiveness of implementation of action plans for risk management - provide assurance on whether the risk mitigation process is being driven effectively and efficiently, whilst also continuously monitoring of whether the risk register is being updated appropriately.

Evaluate and draw attention to possible gaps in the risk register to the Senior Management and Head of Services - follow-up on the development of control environment to overcome deficiencies in the risk management / mitigating process.

Collaborate working with relevant functions (e.g. Risk Management, Internal Audit, Finance and Legal) to build up and/or implement a risk control framework (i.e. compliance self-assessment) and provide quality and solutions-focused advice on risk and control issues relevant to the business division for informed decision-making on compliance and ethics matters.

Align ERM practices more closely with KPJ’s long-term strategic objectives, Academic Health System, Center of Excellence, digital transformation and market expansion.

Review and challenge the Annual Strategic Planning initiatives and monitor the execution of strategies closely.

Collaborate closely with IT and cybersecurity teams to address the increasing threat of data breaches and cyberattacks.

Direct engagement and review on insurance related queries on medical malpractise, general, directors & liabilities and other lines of insurance coverage.

Assess and review the adequacy of insurance coverage on an annual basis and present to relevant Committees for renewal.

To systematically strategize to ensure effectiveness in handling incidents, ensuring a proactive and efficient approach to incident resolution at the Hospital and/or HQ to avoid escalation of incident into crisis.

To continuously conduct coaching/guidance through on the job training and regular one to one session.

Act as a key support to the CRO/HEAD GRCI in representing the GRCI in board meetings, committees, and industry forums

Represent the CRO/HEAD in Management meetings, committees, or forums when required.

In support of CRO/HEAD GRCI to oversee the design and implementation of compliance programs that align with local and international regulations.

In support of CRO/HEAD GRCI in ensure effective monitoring of compliance risks, including anti-money laundering (AML), anti-bribery and corruption (ABC) and data privacy.

In support of CRO/HEAD GRCI to develop and promote a robust integrity framework, ensuring the organization adheres to ethical standards and best practices.

In support of CRO/HEAD GRCI to oversee the implementation of whistleblowing mechanisms, ethics training programs, and conflict of interest management processes.

Monitor and report on the effectiveness of integrity initiatives, ensuring alignment with organizational values in support of CRO/HEAD GRCI.

JOB REQUIREMENT :

Bachelor’s Degree in Accounting/Finance

Chartered Accountant, Certified Risk Professional, Certified Integrity Officer (CeIO) would be an added advantage

Be careful - Don’t provide your bank or credit card details when applying for jobs. Don't transfer any money or complete suspicious online surveys. If you see something suspicious, report this job ad .