Head of Risk & Compliance

Do meaningful work with us. Every day.

At Amplify Health, we’re looking for individuals with ambition, resilience and passion for healthcare, insurance, wellness  and digital technology. As a fast-growing business with the ambition of making people and communities across Asia healthier, we have exciting career opportunities available to help us achieve our vision.

As Head of Risk & Compliance, you will lead, own and be accountable for the end-to-end Risk Management Framework and its effective implementation across business and in accordance with the Board and regulatory requirements.
You will have business reporting line to the Amplify Health Chief Financial & Operating Officer with functional reporting to AIA.

How you would make a difference

1. Risk Governance:

• Design, implement and continuously enhance Amplify Health’s Risk Management Framework as well as lead and embed Risk Management Framework by working as a second line of defence, for all categories of risk, in all parts of the business
• Develop, maintain and utilise risk and compliance frameworks, policies, standards, and applicable laws to help guide decision making
• Define the risk appetite, risk tolerance which allows to achieve business outcomes
• Establish and assess the adequacy of internal risk controls, and monitor that the Business is operating within limits and policies

2. Strong Risk Culture:

• Instil risk ownership amongst business leaders to promote proactive, positive, risk culture, which is embedded and aligned with the business, and contributes to protecting company’s reputation and assets
• Develop and implement ongoing communication and training to embed a strong culture of risk, compliance and ethics

3. Risk Management:

• Provide quality advice, insight and support to CEO and the Leadership Teams on new initiatives, key projects from compliance, regulatory and risk perspectives. This includes, but is not limited to, providing security and control review on major technology initiatives to ensure that the security standards and requirement are met, and risk mitigation are appropriately implemented
• Identify and proactively manage the key risks, with the corresponding controls embedded in the respective policies & standards. Work with business functions on risk treatment plans and monitor execution status.
• Embed technology risk framework and processes for governance, risk and control, and help establish a forward looking / proactive view on emerging technology risks and opportunities.
• Perform ongoing monitoring of regulatory developments, with a focus on those related to data privacy, protection and security, and provide feedback to functional owners as and when appropriate to address the relevant regulatory requirements
• Annual risk & controls assessment reviewing Amplify Health’s key risks and controls within the business and their operating effectiveness

4. Risk Disclosure:

• Effective communication of risk and compliance matters including timely, complete and accurate reporting and/or escalation in accordance with relevant protocols, including regular reporting to board and relevant management committees
• Oversee and manage the relationship with regulatory authorities and any other relevant external parties

What you need to be successful

• At least 15 years of relevant work experience in Operational Risk, preferably in Technology Risk Management area
• Deep and broad technology understanding on emerging and current standards and best practices regarding security and technology platforms.
• In depth understanding of enterprise technologies (Cloud, DevOps etc.). 
• Strong knowledge of Technology Risk Standards and Industry Standards frameworks as well as relevant of regulatory requirements.
• Experience in design and implementation of enterprise policy frameworks including policy / technical writing expertise an advantage.
• Relevant hands-on data analytics expertise leveraging common tools and platform allowing the deep analysis and proactive identification of emerging risk and control issues an advantage.
• Knowledge of relevant programming languages / tool sets such as Python, PowerBI, PowerApps, Office 365 etc an advantage.
• Knowledge in data privacy, data management regulations, laws and rules in Singapore and the region an advantage
• Experience in a startup an advantage
• Broad business experience and acumen with deep understanding of operational processes, business complexities and interdependencies
• Extensive stakeholder management experience
• People leadership experience
• Understanding of the regulatory environment as well as key legislation impacting on business activities
• Relevant certifications an advantage, i.e. Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC).

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.