Sr. Risk and Compliance Specialist

Job Description:

  • Develop and refine ERM frameworks based on ISO 31000, COSO ERM, and other standards
  • Conduct risk assessments, create mitigation plans, and evaluate control effectiveness
  • Lead Risk and Control Self-Assessments (RCSAs) and operational risk monitoring
  • Identify and analyze enterprise risks using scenario analysis and key risk indicators (KRIs)
  • Align risk appetite with strategic objectives and design appropriate control measures
  • Apply ISO 9001, ISO 27001, ISO 22301, and related standards to risk management processes
  • Facilitate integration of ISO systems for quality, information security, and business continuity
  • Ensure compliance with regulations (e.g., DOLE, DENR, DICT) and prepare compliance reports
  • Maintain risk registers and provide governance updates
  • Support business continuity planning and crisis response strategies
  • Conduct workshops and simulations to improve incident readiness
  • Analyze risk data and create visual reports using Power BI, Excel, and Tableau
  • Generate dashboards and comprehensive reports for internal stakeholders
  • Use Lean, Six Sigma, and Root Cause Analysis (RCA) to improve risk processes
  • Lead initiatives to address inefficiencies and enhance operations
  • Collaborate with departments and senior leaders to align risk efforts with organizational goals
  • Communicate risk strategies clearly across all levels of the organization
  • Perform additional duties as assigned to support departmental and organizational objectives

Job Requirements:

  • Bachelor’s degree in Risk Management, Business Administration, Information Technology, Engineering, or related field
  • At least 7–8 years of relevant work experience
  • At least 2–3 years in a supervisory or specialist role
  • In-depth knowledge of ISO 31000, COSO ERM, Basel II/III, and Operational Risk Management (ORM)
  • Proven ability to develop and align risk management frameworks with organizational objectives
  • Hands-on experience conducting risk assessments, evaluations, and mitigation planning
  • Expertise in operational risk management, including RCSAs, scenario analysis, and KRIs
  • Proficiency in designing, implementing, and evaluating risk control measures
  • Experience overseeing risk across business areas, including crisis, continuity, and incidents
  • Strong background in managing risk registers and preparing governance/compliance reports
  • Extensive understanding of ISO 9001, ISO 27001, ISO/IEC 20000-1, and ISO 22301
  • Ability to integrate ISO standards into enterprise risk practices
  • Deep understanding of compliance requirements including DOLE, DENR, DICT, and industry regulations
  • Experience creating and delivering risk management reports to senior stakeholders
  • Familiarity with GRC frameworks and aligning risk governance with strategic goals
  • Skilled in promoting risk-aware culture through awareness campaigns
  • Experience developing training and competency programs for ERM teams
  • Knowledge of planning and conducting risk management assessments
  • Experience in managing corrective actions and compliance monitoring
  • Proficiency in maintaining documentation of risk activities and supporting audit preparation
  • Knowledge and experience in data center operations and related ISO standards (advantage)
  • Six Sigma Green Belt Training Certification
  • Certified Business Continuity Practitioner (CBCP) or ISO 22301 Lead Implementer
  • Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC)

Recent News

Accelerate your digital growth in VITRO

Consult with us