The Vice President of Enterprise Risk Management (ERM) is responsible for developing and rolling out GEMS’s Enterprise Risk Management Framework and associated processes, policies, and reporting in collaboration with CRCO, GEMS executive team, its Board Risk and Audit Committee, and the organisation at large to structure a comprehensive ERM program with the ultimate objective of identifying the material risks that the Group faces across all business lines and jurisdictions. The individual will also be responsible for managing all aspects of strategic and financial risks that the organization faces.
Ultimately, VP ERM will assume responsibility for the ERM framework, risk appetite, risk reporting, risk policy and procedures, methodologies, and tools and also be responsible for acting as the secretary to the Risk and Compliance committee and ensuring the smooth discharge of risk governance within GEMS.
- Build an enterprise-wide risk management program that will serve as a foundation for the regimented identification, mitigation, and monitoring of key risks within GEMS including
- Clear articulation and discharge of risk governance.
- Establish risk policies to support the embedding of the ERMF.
- Development of a fit-for-purpose risk appetite framework and statement; and
- Risk monitoring and reporting program to report risk profile to executive management and committees.
- Play an instrumental role in defining the governance for the management of risk across different levels within the organization including:
- Defining risk governance structure within the organization covering all business and geographies under the ultimate oversight of the Board Risk and Audit Committee.
- Responsibility for ongoing, smooth conduct of GEMS Risk and Compliance Committee meetings and all related aspects; acting as the secretary for the committee.
- Ensure approval of risk policies as per established governance authorities; and
- Define and agree the delegation of authority with respect to risk authorities and the process for managing and tracking exceptions.
- Lead the definition of all elements of monitoring of key risks within the group as well as managing the internal and external reporting of the profile of these risks.
- Owning the risk register construct within the organization. Ensuring that these are robust, consistent and align with central risk taxonomy.
- Work with relevant risk owners to identify Key Risk Indicators (KRIs) pertaining to each one of the material risks and businesses; and
- Ultimately ensure effective implementation of an MIS/ exception framework for reporting of key risks to the executive management and committees.
- Own the program for management of strategic and financial risks that face GEMS including, but not limited to, Business risk, Reputational risk and Balance sheet risks.
- Working with relevant functions to identify and assess the key elements of individual strategic and financial risks;
- Put in place credible risk policies, measurement methodologies and mitigation strategies, as applicable, for managing the strategic and financial risks within the respective risk appetite; and
- Owning all elements the monitoring of risk profile for GEMS strategic and financial risks.
- Responsible for managing all aspects of data and systems/technology infrastructure needs and requirements for the Risk and Compliance Function. Working in conjunction with the Data Office.
- Defining the data sourcing and management strategy for Risk and Compliance function keeping in scope current and future needs;
- Lead system / infrastructure projects to completion; ensure ongoing oversight of risk infrastructure;
- Defining processes for extraction and use of data within GRC function. Institute data controls to ensure that data quality issues are highlighted in a timely manner. Work with relevant functions to institute data remediation; and
- Owning all elements of data visualization tools and capabilities.
- Relevant university education. External accreditation, such as FRM, PRM, CFA would be an advantage.
Functional Competencies and Experience:
- 12 years+ experience in risk management, with a particular focus on Enterprise or Operational risk Management.
- strong experience and knowledge of effective risk management strategies, policies and practices.
- Demonstrable understanding of best practices in risk identification, monitoring and management and be able to translate this knowledge into workable solutions.
- Possess a balance between compliance and prevention and the need to provide value to the business
- Good understanding of corporate and risk governance principles; demonstrable experience of leading / managing risk governance in a regulated environment.