Risk Manager

Reponsibilities

• Conduct process risk assessments across procurement functions, with a focus on supplier lifecycle risks—including cybersecurity posture and digital compliance gaps.
• Evaluate and enhance procurement SOPs to incorporate digital risk controls, supplier data protection protocols, and compliance with internal cyber governance standards.
• Develop and maintain supplier risk scoring models that include price benchmarking, cost analysis, and third-party IT/cyber risk indicators.
• Prepare and deliver supplier performance and risk management reports, including compliance audits and onsite supplier inspections.
• Design procurement internal control standards and enforce policy adherence with a focus on digital resiliency and supplier IT security compliance.
• Advise business stakeholders on procurement strategy, compliance protocols, and supplier onboarding risk mitigation—including cyber risk controls.
• Partner with Audit, Security, and Legal teams to define procurement risk improvement areas and monitor the execution of remediation projects.
• Promote organisation-wide awareness on procurement risks, digital third-party risk exposure, and cost optimisation via training sessions and workshops.

What you will bring into the team

• Bachelor's degree or above in Business, Finance, Information Systems, or related fields. Relevant certifications (e.g., CISA, CIA, CPA, CERM, CISA) are a strong advantage.
• At least 5 years of experience in cyber risk, procurement risk management, marketing procurement, preferably with exposure to tech and internet sectors.
• Proven understanding of procurement frameworks, supplier due diligence, and cost control methodologies.
• Familiarity with internal control frameworks (e.g., COSO) and enterprise risk functions. Exposure to cyber risk management, IT audit, or third-party risk is highly preferred.
• Strong project management and stakeholder engagement skills. Ability to navigate cross-functional environments and manage complex risk topics independently.
• Excellent communication and presentation skills in both English and Chinese Mandarin (business-levels), capable of translating risk findings into actionable business insights.