SVP Enterprise Risk Management and Data Privacy Officer
THAILAND
Job description
Job description
SVP Enterprise Risk Management and Data Privacy Officer
Risk Department
GCB4
Some careers grow faster than others.
If you’re looking for a career that will help you stand out, join HSBC and fulfil your potential. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.
We are now inviting qualified individuals to join this team in this specific role.
Global Enterprise Risk Management (ERM) is a sub function of Group Risk and Compliance. The ERM function will support the integration of our Group Framework and Appetite Management, and have broad oversight of the Risk Taxonomy. While the core risks of the bank remain consistent compared to a few years ago, the way in which they manifest, the speed to crystallisation and the connection points between them have become increasingly complex. It is therefore essential that we are equipped with the knowledge to navigate the dynamic and interconnected risk landscape of today. The objective of enterprise risk management is to develop a holistic, portfolio view of the most significant risks to the achievement of the Group’s most important objectives.
The role holder is also primarily responsible for ensuring that Thailand adheres to standards for the management of operational risk as set out in the Regional framework for Enterprise Risk and Operational Risk Management, and that Resilience Risks are managed within appetite. In addition, the role holder will act as the designated Data Privacy Officer in Thailand.
Principal responsibilities
The role holder will have responsibility for Thailand Enterprise Risk Management with specific focus on Resilience Risk Stewardship and Non-Financial Risk oversight.
· Active Risk Management in the market supported by Subject Matter Experts and regional management. This will cover acting as an effective risk steward for a range of Non-Financial Risks, for example across the resilience risk taxonomy (including data risk, third party risk, business interruption and incident risk, technology cyber security risk, transaction monitoring, change execution risk, facilities availability safety & security, etc.);
· Responsible for regular review of use and adoption of the Risk Management Framework (RMF), and provide timely escalation of potential breaches;
· Oversight of ‘Active Risk Management’ in the market based on Regional defined approach;
· Provide robust challenge and actionable, contextual guidance across all non-financial risks to ensure management of risk within appetite and enablement of business growth;
· Conduct thematic reviews across Thailand to ensure that risk and control environment is commensurate with the scale and nature of operations. This may include reporting into and presenting in the Risk Management Meeting;
· Assess compliance with Group policies, local regulations, and risk appetite. The role may interact with regulators and industry bodies related to Resilience Risk matters
· Ensure the integrity and timely completeness of risk and control identification, assessment and information within the Group’s Risk and Control system of record (Helios) as well as directing documented remediation plans for residual risks;
· Applies risk stewardship review and challenge over Resilience Risk RCAs and control environment;
· Responsible for developing and promoting an increasingly insightful process based view of Enterprise Risk Management. Monitor internal and external risk trends and events, provide insights and learnings, and ensure that mitigating strategies and policies are developed
· Attend Thailand’s control meetings and non-financial risk governance forums, providing both Operational Risk oversight and robust and timely Risk Steward challenge of the First Line of Defence (1LOD) view of the resilience risk profile as required.
· Provide 2LOD oversight of top and emerging risks,ensuring Thailand can mitigate these timely and cost effectively
· In line with building a fungible Risk & Compliance team, other responsibilities and tasks may be required;
The role holder as designated DPO for Thailand will be responsible for stewardship of data privacy, including:
· Advising on data privacy and protection compliance obligations;
· Providing expert guidance, oversight and challenge on all aspects of data protection and privacy risk strategy and compliance focusing efforts on areas that present higher data privacy risks;
· Monitoring compliance with data privacy provisions and with HSBC Group policies relating to the protection of personal data, including the assignment of responsibilities, staff education and awareness training, and ensuring remediation of any related audit findings
· Reviewing and advising on Data Protection Impact Assessments (DPIAs) and monitoring performance of mitigations, where necessary;
· Acting as the escalation point internally and externally with data subjects and the regulatory authority;
· Advising on necessary safeguards and controls are in place to ensure compliance with requirements for international data transfers involving risks to personal data rights.
· Provide incident management advice and/or support as needed and ensure that data incidents and breaches are responded to and managed effectively with data subjects and that the relevant authorities are informed within necessary timeframes.
Leadership & Teamwork Expectations
· Direct and support - Enterprise Risk Management within Thailand and acts as a key contact and escalation for senior stakeholder engagement, making sure delivery is consistent and of high quality;
· Lead and role model aligning with the Bank’s strategy, behaviours and values; and driving culture within the organisation.
· Work independently and proactively challenges and influences to ensure effective management and quantification of risk exposure;
· Partner with other Businesses and Functions to ensure a strong risk management culture and behaviours is effective and embedded;
· Work effectively with Regional ERM Risk teams;
· Develop an effective team through communication, performance management, development plans and reward/recognition practices;
· Promote an environment that supports diversity and reflects the HSBC Brand
Requirements
Requirements
· Strong level of business management knowledge, with relevant experience in at least one of the underlying resilience risk disciplines (eg. third party management, cybersecurity, data privacy, business resilience, transaction processing, operational risk management, change execution);
· Knowledge of the external environment (risk, regulatory, geopolitical, competitor etc.);
· Ability to communicate effectively, build strong relationships and influence key internal and external stakeholders - by articulating compelling arguments, positions, strategy and vision;
· Strong collaborative approach, including cross-team and cross-borders;
· A change agent who challenges the status quo as a robust diplomat; cogently, constructively and positively, leading relevant strategies that enable safe growth of HSBC;
· Curious and a self-motivated learned willing to understand more about the external and internal environment to find innovative approaches to manage risk;
· Strong written and verbal communication skill in English and Thai, with ability to read and understand regulatory communications
· Bachelors university degree in relevant discipline