JOB PURPOSE

The Assistant Manager, Risk & Internal Control position is responsible for supporting facilitation of risk related activities and coordination of internal audit function for the organization. This position directly contributes to ensuring risk management and internal controls are in place and effective for mitigating potential risks, and that they are communicated to internal and external stakeholders as necessary.

ACCOUNTABILITIES / KEY RESPONSIBILITIES

1. Lead Enterprise Risk Management within the organization:

• Maintain, review and update risk management policy.
• Facilitate the management of risk affecting AFI through regular consultation with key internal stakeholders i.e., business units.
• Where required, identify control gaps and control inadequacies in AFI’s internal processes.
• Engage business units to address control gaps and inadequacies, by acting as a sounding board or providing high-level recommendations where appropriate.
• Conduct desk research to identify potential risk exposures to AFI’s business and activities and present findings including possible mitigations to the senior management accordingly for deliberation.
• Provide independent risk review on In-Country Implementation (ICI) proposals prior approval from the management.
• Lead establishment of Business Continuity Management (BCM) for the organization.

2. Assume the role of go-to person on risk management and internal controls for the organization:

• Provide input from risk perspective for all AFI’s proposal, including identification of project risk through risk workshop with project team.
• Where required, provide input to AFI’s contracts or agreements signed with third parties.
• Participate in risk, security, and/or BCM related discussions with AFI offices’ host countries or any relevant internal meetings.
• Contribute to drafting and developing new policies that are related to risk mitigation (i.e., travel risk, security risk, etc.).
• Tracking and consolidating all recommendations arising from funder or project reviews conducted by external party.

3. Facilitate internal audit exercise by outsourced internal auditors:

• Ensure internal audit plan is developed, approved by Audit Committee, and executed timely.
• Liaise between outsourced internal auditor and AFI’s auditee and management.
• Drive internal audit engagement by providing input to scoping, scheduling, reporting.
• Where necessary, with support from Procurement unit, lead the engagement for outsourced internal auditor.
• Maintain a registry of all internal audit recommendations.
• Follow up with respective business units on the implementation of recommendations to ensure closure of gaps or inadequacies.

4. Reporting risk matters to stakeholder:

• Document all risk incident and report suspicious transactions to the Executive Team (ET) and Senior Management Team (SMT).
• Follow up on risk issues that require investigation, provide feedback to the ET and SMT with action plan.
• Support reporting of risk and internal audit matters to stakeholders, including ET and SMT, Heads of Department (HODs), and Audit Committee.
• Prepare quarterly update on internal audit follow up to the Audit Committee.

5. Oversee issues related to security, including physical offices and cybersecurity:

• Maintain CCTV policy, monitor and provide oversight on unauthorised access to AFI HQ outside office hours.
• Provide recommendations to IT unit from perspective of preventing and mitigating cyber security risk.
• Escalating alert to management for any security related incidents encountered.

6. Support planning team in organizing, designing and delivery of annual corporate planning through:

• Facilitation of enterprise-level risk assessment during mid-term review and annual planning exercise and workshop.

QUALIFICATIONS & EXPERIENCE REQUIRED

• Minimum bachelor’s degree in a relevant field such as business studies, accounting, economics, social sciences, or sciences. Professional qualifications related to accounting, risk management, internal control, IT (i.e., ISACA), or other related certifications will be an added advantage.
• Minimum of 7-8 years working experience, with 3-5 years relevant experience on risk management (operational and enterprise risks), internal audit/control, and compliance.
• Previous work experience in major audit & advisory firms or multi-faceted (for profit/non-profit) organisation preferred.
• Preferably one with work experience in leading risk management, coordinating internal audit for a network organisation.

COMPETENCIES / SKILLS

• Knowledge of Operational Risk Management, Enterprise Risk Management, Compliance or Audit (Intermediate), Business Continuity Management (BCM), good understanding of internal relationship management within a diverse organization.
• Strong analytical thinking and skills for risk and internal control gaps within organizational processes.
• Stakeholder management skills with ability to be diplomatic and assertive.
• Proficient computer (Outlook, Word, Excel, PowerPoint, etc.) skills are expected.
• Excellent problem-solving skills with creative ability to think out-of-the-box.
• Good business acumen and organization awareness to be an effective risk and internal control related subject matter expert to various business units.
• Strong interpersonal for team collaboration and communication skills (written and oral) including business presentation.
• Able to uphold ethical standards with high integrity when performing duties and responsibilities.
• Ability to multi-task, prioritize and manage time.
• Self-driven and independent, able to work under minimal supervision.
• Flexible, adaptable, and able to manage ambiguity.

KEY CHALLENGES

• Managing internal stakeholders (business unit heads), through consultation, and influencing collaborative relationships.
• Constantly keeping abreast of trending/emerging risks (e.g., conduct risk, cyber risk, data risks) in order to be able to effectively advise the organization.

Interested candidates are invited to apply together with the latest CV and cover letter in English.