The Risk Control Management & Compliance Lead ensures an organization adheres to legal standards, industry regulations, and internal policies, while mitigating operational risks. They conduct audits, develop compliance programs, and advise senior management on risk mitigation. This role acts as the lead for enterprise risk, compliance, and information security across applicable business units, with authority to recommend and enforce corrective actions.
Responsibilities:
Risk Identification & Assessment
- Identify, assess, and monitor enterprise, operational, regulatory, and information security risks across applicable business units.
- Conduct risk‑based assessments and internal audits to evaluate the adequacy and effectiveness of controls.
- Maintain and regularly update the enterprise risk register, ensuring risks are documented, prioritized, and treated in line with organizational risk appetite.
- Continuously identify emerging risks and industry trends that may impact the organization's operations or compliance obligations.
Compliance Oversight & Regulatory Engagement
- Develop, update, and implement comprehensive risk management and compliance policies, procedures, and frameworks aligned with applicable laws, regulations, and industry standards (e.g., ISO, HSE, SOX where applicable).
- Monitor compliance with statutory, regulatory, contractual, and certification requirements across operations.
- Represent the company in dealings with regulators, auditors, and external assessors, demonstrating a strong understanding of the organization's compliance posture and commitments.
- Coordinate and support external audits, assessments, and regulatory reviews, ensuring timely and accurate responses.
Investigations & Issue Resolution
- Lead and conduct investigations into allegations of non‑compliance, control failures, fraud, misconduct, or security incidents in accordance with established procedures.
- Ensure identified issues are properly documented, root causes are analyzed, and corrective and preventive actions are implemented.
- Track remediation plans and confirm timely closure of findings to prevent recurrence and reduce residual risk.
Reporting, Training & Advisory
- Prepare and present regular risk and compliance reports to senior management, highlighting key risks, trends, incidents, and remediation status.
- Act as a trusted adviser to leadership and business stakeholders on risk mitigation strategies, compliance requirements, and governance matters.
- Design and deliver employee awareness and training programs to promote a strong culture of risk awareness, compliance, and ethical behavior.
- Collaborate closely with Legal, IT, HR, and operational teams to ensure a coordinated and enterprise‑wide approach to risk and compliance.
ISMS & Information Security
- Lead the development, implementation, and ongoing maintenance of the organization's Information Security Management System (ISMS) in alignment with ISO 27001 requirements.
- Ensure adherence to the organization's ISMS policies and procedures, including safeguarding information, reporting security incidents, and maintaining data protection and confidentiality obligations.
- Identify, assess, and mitigate information security risks to protect sensitive and confidential information.
- Support internal and external ISMS audits and drive continuous improvement of information security controls and practices.
General Responsibilities
- Collaborate closely with cross‑functional teams to support a holistic approach to risk management and compliance aligned with the organization's strategic objectives.
- Adhere to the organization's Information Security Management System (ISMS) policies and procedures, including safeguarding information, reporting security incidents, and maintaining awareness of data protection and confidentiality obligations.
- Perform other duties from time to time as assigned
Key Skills/Competencies
- Bachelor's degree in Law, Business Administration, Finance, or a related discipline.
- Minimum 7 years of relevant professional experience, with at least 4 years in a risk, compliance, audit, or information security leadership role
- Proven leadership experience, with a demonstrated ability to guide teams and drive effective compliance initiatives.
- Strong proficiency in risk management systems, data analysis tools, and related reporting platforms.
- Excellent verbal and written communication skills, with the ability to engage effectively with employees at all levels, regulators, and external stakeholders.
- Demonstrated leadership and collaboration skills, with the ability to influence and foster a strong culture of compliance and ethical behavior.
- Strong organizational and time‑management skills, with the capability to manage multiple priorities, balance competing demands, and meet deadlines under pressure.
- Advanced analytical and problem‑solving skills, enabling the identification, assessment, and resolution of complex risk and compliance issues.
- Working knowledge of internationally recognized management system standards, including ISO 20000, ISO 22301, ISO 27001, ISO 45001, and ISO 9001.
