Senior Risk Analyst (Non-Financial)

Job Description

Job Summary:

• Responsible for the implementation of the enterprise business continuity (BC) and disaster recovery (DR) management programs and plans to ensure a timely resumption of operations in the event of a significant disaster causing partial or complete disruption of the companys operations.
• Ensure financial loss is minimized or eliminated and critical customer services capabilities remains operational.
• Responsible for managing the implementation of effective data security measures and safe guards.
• Monitor the vulnerability scanning and penetration testing results to identify risks/gaps and recommend efficient information security controls, corrective action plans.
• Responsible for implementing operational risk framework, policies and procedures across all business areas company-wide.
• Implement the operational risk tools like RCSAs, KRIs and Risk register with an objective to identify, assess, monitor and control operational risk.
• Responsible for the incident investigation and assist in providing analysis and recommendation.
• Prepare reports on non-financial risk areas to risk management committee, senior management and group management.

Main Duties and Activities:Business Continuity Management:

• Maintain and coordinate the Business continuity management and disaster recovery programs across the company that comply with applicable regulations and organization properties.
• Coordinate all Hardware, software and network requirement including backup facilities with IT Department and vendors to ensures the required configurations are in place.
• Plan the operations recovery following the occurrence of an outage.
• Ensure that financial loss is minimized and critical processes especially customer service related remains active.
• Provide assistance and guidance on disaster recovery design.
• Ensure that all the technical components of the BCM aspects are tested at least annually or in case of system enhancement/change.
• Ensure the implementation of the Disaster Recovery Testing Drills and integration of all companys critical systems and applications.
• Perform risk identification and assessment for the operational activities across the company.
• Provide emergency on-call support 24/7 that may require immediate activation of the DR site.

Operational Risk:

• Assist in establishing systematic approach to measure the operational risk that includes the qualitative risk self-assessment and quantitative key risk indicatives, loss data collection and analysis.
• Systematically tracks relevant operational risks by business lines across the company and builds up an operational risk database.
• Develop and monitor key risk indicators relating to the assigned risk areas.
• Prepare reports and reviews on the Operational Risks of all business units, including Support Services Functions, recommendations and action plans.
• Undertakes process re-engineering/re-designing exercises and periodically assesses business and process-flows to identify potential risks.
• Coordinate Risk and Control Self-Assessment workshops for the company.
• Report to Line Manager all material and significant breaches or potential breaches to the limits or any non-compliance to the companys policies and procedures.
• Assess the severity of risk and ensure corrective measures are taken to address the same and update Risk and Control Self-Assessment (RCSA)

Information Security:

• Assist in development of information security risk assessment program, evaluate the control effectiveness and mitigate/rectify identified risks.
• Assist in managing the implementation of information security solutions and make recommendations for security enhancements.

Reporting:

• Prepare periodic and ad hoc reports, presentations, plans and analysis reports and ensure timely submission.

General:

• Liaise with various team members throughout the company to identify, qualify and understand near and long-term risks associated with new projects/initiatives and technologies.
• Review/Implement the departments policies, practices and procedures to identify business improvement opportunities.
• Adhere to the Companys policies and health and safety regulations.
• Perform other duties as requested by management
• Document and maintain records of activities and process workflow.

Qualification & Experience:

• Bachelor degree in preferred business line.
• Minimum 7 years risk management or risk measurement/analysis experience.
• Strong Operational Risk/Business Continuity/Information Security Background (Insurance preferable/Banking/Audit)
• Full involvement in obtaining of ISO certification 27001(Info sec) & 22301 (Business continuity) is a must
• Certification in Operational Risk/Business Continuity/Information Security
• Financial Risk Knowledge is a plus
• Excellent communication and presentation skills.
• Strong IT skills and particularly able with Research, Word, Excel and PowerPoint.
• Ability to manage multiple projects.
• Ability to follow detailed procedures and ensure accuracy in documentation & data.
• Ability to work harmoniously with others to get a job done with flexible approach.

Keyskills :
Information Security Research Excel Word project management Documentation Powerpoint Presentation Flexibility Operational Risk It Skills communication Business Continuity

About Company

Hybris (stylized as hybris) is a German company that sells enterprise omnichannel and product content management (PCM) software. It is a subsidiary of SAP SE.
Hybris was founded in Zug, Switzerland, in 1997 by Carsten Thoma, Moritz Zimmermann, Klaas Hermanns, Christian Flaccus and Andreas Bucksteeg. It subsequently moved its headquarters to Munich, Germany.
In 2011 private equity firm HGGC acquired a majority stake in Hybris and merged Canadian software company iCongo into Hybris.
SAP SE acquired Hybris on 1 August 2013 for $1.5 billion.In 2018, Hybris was integrated into the SAP Customer Experience division.
Hybris customers have included General Electric, ABB, West Marine, COS, Thomson Reuters, 3M, Toys "R" Us, P&G, Levi's, Nikon and Johnson & Johnson.