Primary functions will include:
Regulatory Compliance: Ensuring the company complies with the laws and regulations of both the client home country and the geography where offshoring operations are conducted. This includes staying updated on international regulations and industry standards and implementing policies to ensure adherence.
Risk Management: Identifying, assessing, and prioritizing risks specific to our business activities, such as geopolitical risks, data security, operational disruptions, and compliance risks. Developing and implementing risk mitigation strategies to protect the company’s interests including a heavy focus on information security.
Policy Development and Implementation: Creating and maintaining compliance policies and risk management frameworks that reflect the dynamic nature of offshoring operations. Ensuring these policies are effectively communicated and integrated into daily operations.
Audits and Assessments: Conducting regular audits and risk assessments to evaluate the effectiveness of risk management and compliance programs. Identifying areas of improvement and implementing corrective actions to address any deficiencies.
Training and Awareness: Providing training and support to employees on compliance and risk management practices, ensuring they understand their roles and responsibilities in maintaining compliance and mitigating risks.
Reporting and Documentation: Preparing detailed reports on risk exposure and compliance status for senior management. Maintaining thorough documentation of all risk assessments and compliance audits.
Stakeholder Engagement: Collaborating with internal and external stakeholders to ensure a comprehensive approach to risk management and compliance. Acting as a liaison to address any compliance concerns or inquiries from stakeholders, including prospects during the sales cycle.
Crisis Management: Developing and overseeing crisis management plans to respond effectively to any incidents that may disrupt operations, ensuring minimal impact on the business.
KEY RESPONSIBILITIES AND DUTIES
Risk Management:
Develop and implement risk management framework
Develop and implement risk management strategies and processes
Identify, assess, and prioritize risks for mitigation across the organization
Conduct risk assessments and audits to evaluate the effectiveness of risk management controls
Collaborate with departments to mitigate identified risks and implement effective controls and assurances
Monitor and report on risk exposure and trends including improving overall risk position of the business.
Compliance Management:
Ensure the company complies with all relevant laws, regulations, and standards
Develop, implement, and maintain compliance policies and procedures
Conduct regular compliance audits and inspections
Provide guidance and training to employees on compliance matters.
Policy Development:
Develop and update policies and procedures to reflect current laws, regulations and certification standards e.g. ISO27001, SOC2, GDPR, HIPAA
Ensure policies and procedures are effectively communicated and implemented across the organization
Monitor changes in regulations and update policies accordingly
Establish a control and assurance environment that provides security that policies and procedures are being implemented and followed successfully.
Reporting and Documentation:
Prepare and present regular reports on risk and compliance status to senior management
Maintain documentation related to risk assessments, compliance audits, and regulatory requirements
Establish an effective Enterprise Risk Management tool within the business
Ensure accurate and timely reporting to regulatory bodies.
Stakeholder Leadership:
Provide coaching and mentorship for internal team on risk management
Develop and lead a culture of proactive risk management
Foster a culture of risk awareness and compliance within the organization.
PERSONAL SKILLS & QUALITIES
Bachelor’s degree in Business Administration, Law, or a related field. A Master’s degree or relevant certification in Risk and Compliance management (e.g., CRISC, CCEP) is preferred
Proven experience (5+ years) in risk management and compliance, preferably across a broad range of industries
Strong knowledge of regulatory requirements and risk management frameworks. Australian and United States geographies a must
Strong understanding of information security frameworks e.g. ISO27001
Excellent analytical, problem-solving, and decision-making skills
Exceptional communication and interpersonal skills
Ability to work collaboratively with various departments and stakeholders, driving accountability for ownership and accountability of the risk management environment
Strong leadership experience in matrix style environments.