Plan, implement and monitor all routines of Risk Management and Governance functions which includes identification, analysis, evaluation, treatment & monitoring of risk to minimise/avoid impact and monitoring of governance functions including the implementation and maintenance of policies & procedures to ensure risk exposure is properly manage, meet changing in customer demands while satisfying statutory requirements.
Key Accountabilities
1. Risk Management Framework
- Plan, implement and monitor the overall risk management framework comprising enterprise & operational risk management which includes identification of potential risk, impact, consequences and mitigation plan in assisting the Company to achieve the objective to ensure the risk is properly mitigated.
2. Risk Culture and Integration- Plan and identify risk themes, emerging risks, capture & communicate risk appetite which will allow the Company to focus its resources on the risks that affect the achievement of the objectives, protect assets, ensure continuity of organisation's activities and adopting effective decisions.
3. Risk Training and Awareness
- Plan, implement and monitor risk management and governance training and awareness session including preparation of training materials and presentation to iCEP staff to raise staff understanding on the type of risks exist, potential impacts and the mitigation actions.
4. Risk Identification and Assessment
- Plan, identify and report key risk, facilitate on-going dialogue across the Company through brainstorming, workshops & support improvements in the completeness accuracy of risks captured & reported, provide challenge, scrutiny, oversight of the quality and completeness of risk capture & reporting by business teams to drive improvements in risk management which is also includes deal with Group Strategic Communication (GSC) Governance on the implementation of Corruption Risk Assessment (CRA) across all departments and console at iCEP level to identify all possible risks that could harm iCEP operations such as lawsuits, theft, technology breaches or business downturns.
5. Risk Reporting
- Design, plan and implement risk reporting process which includes development & completion of best practice risk reports (e.g., dashboards), develop, monitor & report Primary Risk Register (PRR) and Risk Appetite (RA), perform risk engagement with department’s risk coordinators to assess, review and challenge the information updated in the PRR & RA and collaborate with risk coordinator on the quarterly PRR & RA update and prepare a quarter-on-quarter analysis report of overall and strategic risk for the presentation to the Board to ensure risk is proactively identified and escalated for a proper mitigation actions.
6. Legal and Governance- Plan, implement and maintain governance policies and procedures such as Data Protection Act (PDPA) and iCEP Internal Processes, engage with PETRONAS Group Legal and Compliance (GLC) to ensure the smooth implementation of the sufficient compliance program as per the requirement in MACC Act 2009 as well as keep abreast of the new developments in Governance from internal & external regulations to ensure policies and procedures are relevant and adhere to best practice.
7. Compliance- Develop, plan and implement proportionate risk-based compliance, monitoring & reporting risk programme, strengthen 2nd line oversight through collation, capture of assurance & maintenance, monitoring & reporting compliance within key frameworks to ensure the effectiveness of the line management's internal controls in ensuring compliance with relevant laws (internal & external) and regulations.
8. Intellectual Property- Plan, implement, manage and monitor Intellectual Property (IP) related matters such as protection, registration, classification & maintenance, act as a single point of contact to iCEP and work closely with external legal on the specific clause in the contract i.e. protection during technology transfer, work closely with Group Legal and Compliance (GLC) in obtaining further advice on IP and keep abreast of any new developments in regards to IP to ensure the exclusive rights to iCEP the creators or inventors are well maintained and protected which is also includes engagement with MyIPO office on the preliminary advance search for trademark, registration of the trademark and any other related IP matters.
