Job No.: 499540
Employment Type: Full time
Departments: Legal & Compliance and Operational Risk Management Department
Job Functions: Legal, Risk Management, Compliance / Operational Risk Management

Responsibilities:

1. Risk Governance and Framework Oversight on Southeast Asian (SEA)entities:

1.1 Operational risk:

• Oversee and provide guidance on the implementation of operational risk frameworks across SEA entities, including operational resilience (HKMA OR-2), risk control self-assessments (RACAs), key risk indicators (KRIs), loss event databases, business continuity planning (BCP), third-party / outsourcing risk management, and product due diligence processes.
• Identify emerging operational risk and ensure mitigation strategies across SEA entities align with regional requirements, Parent Bank’s policies, Basel III standards, and regulatory expectations.

1.2 Legal, Compliance and reputation risk:

• Oversee and refine the SEA entities’ framework for adherence to local laws and regulations, provide guidance to and review SEA entities’ compliance programs.
• Monitor regulatory developments, assess impacts on operations, and supervise corrective measures to address gaps.
• Provide advice regarding business compliance and/ or related risk management on SEA business. Conduct thematic and onsite reviews on relevant risk matters.
• Escalate critical issues promptly to ensure timely resolution and transparency.

2.  Group Standards Alignment and Risk Reporting

• Drive adoption of group risk policies (legal, regulatory compliance, operational, reputation risk) across SEA entities, ensure alignment of local practices with regional and Parent Bank’s standards.
• Evaluate and provide advice on SEA entities’ relevant risk reporting, remediation and work plan to ensure accuracy and accountability.
• Consolidate and analyze regional risk data into executive-level reports for the regional executive team and Parent Bank, highlighting compliance gaps, emerging risks and vulnerability, progress on remediation and alignment with group standards.

3.  Stakeholder management

• Lead a regional team and be responsible for the team’s staffing and development.
• Mentor country-level compliance / relevant risk heads across SEA entities, fostering a culture of risk ownership for continuous improvement.
• Collaborate with cross-functional teams to embed risk awareness into strategic initiatives and business operations.
• Oversee responses to high-impact audits, regulatory inquiries and inspections, ensuring root-cause analysis, sustainable remediation and head office visibility. Participate in communication with regulators in SEA countries.
• Chair regional meetings and lead various projects to address cross-border challenges in relevant risks areas.

Requirements:

• Bachelor degree holder or above, preferably with risk management or regulatory compliance background
• Minimum of 10 years of working experience in financial institutions, of which 5 years shall be in the management of operational risk and/ or regulatory compliance, with regional exposures a plus
• Has experience in managing risk management/ compliance teams
• Has good experience in implementing operational risk frameworks
• Has sound understanding of the various lines of business in a commercial bank
• Willingness to travel regionally
• Proficiency in both English and Chinese with good communication skills

We offer competitive remuneration package and comprehensive fringe benefits including medical and life insurance, and different types of allowances to the right candidate. Interested parties, please submit your application online. For details, please visit our website http://www.bochk.com

To apply:  https://careers.pageuppeople.com/798/cw/en/job/499540/head-of-southeast-asian-management-legal-compliance-and-operational-risk-management-department=11232

Data collected would be used for recruitment purposes only. It might also be disclosed to our subsidiaries or Associated Companies to process the information for appointment. Applicants who do not hear from us within 8 weeks may consider their application unsuccessful and their data will be destroyed within 12 months of receipt.