Chief Risk and Compliance Officer

The Chief Risk & Compliance Officer (CRCO) will lead the organisation's enterprise risk management and compliance functions, with a primary emphasis on proactive risk identification, mitigation, and data-driven decision making. This strategic leadership role reports directly to the CEO, CFO and Board of Directors, ensuring Macsteel maintains robust risk management frameworks while fostering a culture of risk awareness across all levels.

This position offers the opportunity to shape Macsteel’s risk management strategy and culture while leveraging cutting-edge data analytics to drive informed decision-making at the highest levels.

• Bachelor’s degree in risk management, Finance, Business Administration, or related field required
• Master's degree (MBA, MSc in Risk Management) an advantage
• Professional certifications such as FRM (Financial Risk Manager), PRM (Professional Risk Manager), CRISC (Certified in Risk and Information Systems Control), or similar highly desirable

• Minimum 10-12 years of progressive experience in risk management, with at least 5 years in senior leadership roles
• Proven track record of developing and implementing enterprise risk management frameworks
• Extensive experience in risk identification, assessment, and mitigation across multiple risk categories
• Demonstrated experience managing incidents and materialised risks, including crisis response
• Strong background in data analytics and risk reporting, with experience using analytics platforms and tools
• Experience reporting to Board of Directors and senior executive committees
• Technical Skills
• Advanced knowledge of enterprise risk management methodologies and frameworks (ISO standards, COSO ERM, etc.)
• Proficiency in data analytics tools and techniques (SQL, Python, R, Tableau, Power BI, or similar)
• Strong understanding of risk metrics, KRIs, and statistical analysis
• Experience with risk management information systems (RMIS) and GRC platforms
• Knowledge of relevant regulatory requirements and compliance frameworks
• Excellent understanding of business intelligence and data visualisation

• Exceptional strategic thinking and ability to translate risk insights into business strategies
• Strong executive presence with ability to influence and advise senior leadership and Board members
• Excellent communication skills with ability to present complex risk information clearly to diverse audiences
• Proven ability to build and lead high-performing teams
• Strong stakeholder management and relationship-building capabilities
• Analytical mindset with attention to detail and ability to see the broader organizational picture
• Change management expertise to drive cultural transformation around risk awareness

• Strategic vision and business acumen, Data-driven decision making
• Problem-solving and critical thinking, Leadership and team development
• Influence and persuasion, Adaptability and resilienceEthical judgment and integrity, Collaboration and partnership building

• Develop and implement comprehensive enterprise risk management (ERM) strategies aligned with organisational objectives and risk appetite
• Design and maintain the organisation's risk management framework, policies, and procedures
• Lead the risk management function and build a high-performing team capable of addressing complex, evolving risks
• Collaborate with executive leadership to integrate risk considerations into strategic planning and business decisions
• Present regular risk reports and recommendations to the Board of Directors and executive committees

• Cultivate a strong risk awareness culture throughout Macsteel through training, communication, and leadership engagement
• Design and deliver risk management training programs for staff at all levels
• Establish, empower and partner with risk champions across business units to embed risk management into daily operations
• Develop communication strategies to ensure risk information reaches relevant stakeholders in a timely and actionable manner
• Foster collaboration between risk management and operational teams to ensure risks are understood and managed effectively

• Establish systematic processes for identifying emerging and existing risks across all business areas including strategic, operational, financial, regulatory, and reputational risks
• Conduct comprehensive risk assessments using qualitative and quantitative methodologies
• Implement horizon scanning and early warning systems to detect emerging risk trends
• Facilitate regular risk workshops and assessments with business units and senior leadership
• Maintain and update Macsteel’s risk register with clear ownership, impact assessments, and mitigation strategies

• Develop and implement incident reporting frameworks to capture risk events when they materialise
• Lead incident response efforts, conducting root cause analysis and implementing corrective actions
• Track and monitor materialized risks, documenting lessons learned and adapting risk frameworks accordingly
• Establish escalation protocols for significant risk events requiring senior management or Board attention
• Coordinate with relevant departments during crisis situations to minimise impact and ensure business continuity

• Leverage advanced data analytics to identify risk patterns, trends, and correlations across the organization
• Implement risk metrics, key risk indicators (KRIs), and dashboards to provide real-time risk visibility
• Utilize predictive analytics and modelling to forecast potential risk scenarios and their impact
• Develop data-driven risk reporting that translates complex risk information into actionable insights for decision-makers
• Ensure data quality, integrity, and governance in all risk-related analytics and reporting
• Employ technology solutions including risk management information systems (RMIS) and analytics platforms

• Establish comprehensive risk reporting frameworks that provide transparency to stakeholders at all levels
• Prepare regular risk reports for the Board, executive leadership, and regulatory bodies
• Track and report on the status of risk mitigation actions and their effectiveness
• Monitor changes in the risk profile and communicate material changes to relevant stakeholders
• Maintain documentation and audit trails for all risk management activities

• Ensure Macsteel is compliant with relevant laws, regulations, and industry standards
• Develop and maintain compliance monitoring programs and internal controls
• Coordinate regulatory examinations and audits
• Stay current on regulatory developments and assess their impact on Macsteel

• Effectiveness of risk management framework implementation and maturity
• Quality and timeliness of risk reporting and insights
• Reduction in number and severity of materialised risks over time
• Improvement in Macsteel’s risk awareness and culture metrics
• Stakeholder satisfaction (Board, executive leadership) with risk management function
• Accuracy of risk predictions and analytics
• Speed and effectiveness of incident response and resolution
• Compliance with regulatory requirements and audit findings