Chief Risk And Compliance Officer

The Chief Risk & Compliance Officer (CRCO) will lead the organisation's enterprise risk management and compliance functions, with a primary emphasis on proactive risk identification, mitigation, and data‑driven decision making.

This strategic leadership role reports directly to the CEO, CFO and Board of Directors, ensuring Macsteel maintains robust risk management frameworks while fostering a culture of risk awareness across all levels.

This position offers the opportunity to shape Macsteel's risk management strategy and culture while leveraging cutting‑edge data analytics to drive informed decision‑making at the highest levels.

• Minimum Academic Qualifications
  • Bachelor’s degree in risk management, finance, business administration or related field
  • Master’s degree (MBA, MSc in Risk Management) an advantage
• Professional certifications such as FRM, PRM, CRISC or similar highly desirable
• Experience
    • Minimum 5 years in senior leadership roles in risk management
    • Proven track record of developing and implementing enterprise risk management frameworks
    • Extensive experience in risk identification, assessment, and mitigation across multiple risk categories
    • Demonstrated experience managing incidents and materialised risks, including crisis response
    • Strong background in data analytics and risk reporting
    • Experience reporting to Board of Directors and senior executive committees
• Technical Skills
    • Advanced knowledge of ERM methodologies and frameworks (ISO standards, COSO ERM, etc.)
    • Proficiency in data analytics tools and techniques (SQL, Python, R, Tableau, Power BI, or similar)
    • Strong understanding of risk metrics, KRIs and statistical analysis
    • Experience with risk management information systems (RMIS) and GRC platforms
    • Knowledge of relevant regulatory requirements and compliance frameworks
    • Excellent understanding of business intelligence and data visualisation
• Leadership & Soft Skills
    • Exceptional strategic thinking and ability to translate risk insights into business strategies
    • Executive presence with ability to influence and advise senior leadership and Board members
    • Excellent communication skills with ability to present complex risk information clearly to diverse audiences
    • Proven ability to build and lead high‑performing teams
    • Strong stakeholder management and relationship‑building capabilities
    • Analytical mindset with attention to detail and ability to see the broader organisational picture
    • Change management expertise to drive cultural transformation around risk awareness
• Key Competencies
    • Strategic vision and business acumen
    • Data‑driven decision making
    • Problem‑solving and critical thinking
    • Leadership and team development
    • Influence and persuasion
    • Adaptability and resilience
    • Ethical judgment and integrity
    • Collaboration and partnership building

• Risk Management Strategy & Leadership
  • Develop and implement comprehensive ERM strategies aligned with organisational objectives and risk appetite
  • Design and maintain the organisation's risk management framework, policies and procedures
  • Lead the risk management function and build a high‑performing team capable of addressing complex, evolving risks
  • Collaborate with executive leadership to integrate risk considerations into strategic planning and business decisions
  • Present regular risk reports and recommendations to the Board of Directors and executive committees
• Risk Awareness & Culture
  • Cultivate a risk awareness culture through training, communication and leadership engagement
  • Design and deliver risk management training programs for staff at all levels
  • Establish, empower and partner with risk champions across business units to embed risk management into daily operations
  • Develop communication strategies to ensure risk information reaches relevant stakeholders in a timely and actionable manner
  • Foster collaboration between risk management and operational teams to ensure risks are understood and managed effectively
• Risk Identification & Assessment
  • Establish systematic processes for identifying emerging and existing risks across all business areas
  • Conduct comprehensive risk assessments using qualitative and quantitative methodologies
  • Implement horizon scanning and early warning systems to detect emerging risk trends
  • Facilitate regular risk workshops and assessments with business units and senior leadership
  • Maintain and update Macsteel's risk register with clear ownership, impact assessments and mitigation strategies
• Incident Management & Response
  • Develop and implement incident reporting frameworks for risk events that materialise
  • Lead incident response efforts, conduct root cause analysis and implement corrective actions
  • Track and monitor materialised risks, documenting lessons learned and adapting risk frameworks accordingly
  • Establish escalation protocols for significant risk events requiring senior management or Board attention
  • Coordinate with relevant departments during crisis situations to minimise impact and ensure business continuity
• Data Analytics & Risk Intelligence
  • Leverage advanced data analytics to identify risk patterns, trends and correlations across the organisation
  • Implement risk metrics, KRIs and dashboards to provide real‑time risk visibility
  • Utilise predictive analytics and modelling to forecast potential risk scenarios and their impact
  • Develop data‑driven risk reporting that translates complex risk information into actionable insights for decision‑makers
  • Ensure data quality, integrity and governance in all risk‑related analytics and reporting
  • Employ technology solutions including RMIS and analytics platforms
• Reporting & Governance
  • Establish comprehensive risk reporting frameworks that provide transparency to stakeholders at all levels
  • Prepare regular risk reports for the Board, executive leadership and regulatory bodies
  • Track and report on the status of risk mitigation actions and their effectiveness
  • Monitor changes in the risk profile and communicate material changes to relevant stakeholders
  • Maintain documentation and audit trails for all risk management activities
• Compliance Oversight
  • Ensure Macsteel is compliant with relevant laws, regulations and industry standards
  • Develop and maintain compliance monitoring programmes and internal controls
  • Coordinate regulatory examinations and audits
  • Stay current on regulatory developments and assess their impact on Macsteel

• Effectiveness of risk management framework implementation and maturity
• Quality and timeliness of risk reporting and insights
• Reduction in number and severity of materialised risks over time
• Improvement in Macsteel's risk awareness and culture metrics
• Stakeholder satisfaction (Board, executive leadership) with risk management function
• Accuracy of risk predictions and analytics
• Speed and effectiveness of incident response and resolution
• Compliance with regulatory requirements and audit findings