Business Control Manager

• Maintain Risk and Control owned policies and procedures for PINF that ensure that PINF’s operational risk is managed in a commercially sensitive and practical manner
• Maintain and periodically facilitate 1st line governance platform (e.g. FLOD) meeting as the forum secretory role
• Coordinate to carry out the Risk and Control Assessment (RCA) exercise according to plan set for PINF and as its service recipients, or triggered by key events or issues
• Lead to perform the risk and control review including thematic risk review, back testing, internal/external event review, MSII review to identify potential issue and suggest mitigations for control weakness
• Assist to provide guide and oversight the implementation of ORMF for PINF, including, control testing (including control monitoring, local testing and etc)
• internal event escalation and reporting
• issue and action tracking
• high risk action validation and etc
• Support line of business for PINF in review cyber and information technology risk related assessments and analyses (such as third party cyber risk review
• system or service business impact analysis
• cyber incident case review
• cyber and information technology exception case review and etc.)
• Assist PINF to maintain company level BCM framework
• Assist PINF in preparation and reporting Management Information (e.g. RCA status, control monitoring results and etc.) to local and global committees and forums
• Other ad-hoc tasks assigned by team leader.

• Educated to undergraduate or post-graduate degree level
• 10+ years’ experience on Operational Risk Management (or at least 6 years’ risk consultant or internal audit experience), preferable with life insurance or related financial industry
• Good understanding and knowledge of Operational Risk and Internal Control principles, ability to assess risk trends, and hands-on experience in risk and control assessment, control identification and testing design
• Good knowledge and understanding of operations and technology risks and the ability to interpret operations and technology risk findings
• An expert and extensive level of operational risk knowledge in order to be able to face off appropriately to the different risk owners and stewards in China and to external parties
• Expert and extensive level of cyber and information system risk knowledge is preferred
• Strong analytical and problem solving skills with strong ability to drive operational risk within the first line of defense and obtain appropriate management buy-in
• Experience of implementing control frameworks within complex environments
• Attention to detail combined with strong delivery focus and ability to meet aggressive timeframes with quality results
• Working across cultures.

Expert and extensive level of cyber and information system risk knowledge is preferred.

• Flexible working
• Continuous professional development
• Inclusive and diverse environment.