Risk Register ownership: Maintain, update, and govern the enterprise Risk Register; ensure all business functions are covered, risk ratings are correctly scored, and version control is maintained
Risk Appetite Statement: Develop and maintain the enterprise RAS and product-level risk tolerances; track RAS utilization and escalate breaches to management
Enterprise risk taxonomy: Design and embed the enterprise-wide risk classification framework cascading into RCSA, KRI design, and board reporting
Risk & Control Self-Assessment (RCSA): Facilitate RCSA workshops with business unit risk owners across all departments; translate outputs into actionable risk insights
BI regulatory compliance support: Assist in tracking Bank Indonesia PBI regulatory updates and assessing gaps against the company's risk framework
Board & management risk reporting: Contribute to the quarterly risk dashboard for BoDs/BoCs; prepare risk movement summaries, KRI breach reports, and remediation status updates
New Product & Initiative Approval (NPIA) support: Conduct ERM risk reviews for new products, features, and partnerships (bank partners, card principals, switchers) prior to launch
Independent challenge: Provide second-line independent challenge to business units on risk identification, inherent/residual risk assessment, and proposed controls
Requirements
Bachelor's degree in Finance, Economics, Accounting, Mathematics, or a related field
3–5 years of experience in Enterprise Risk Management, Operational Risk, Risk Governance, or related risk functions
Prior experience in fintech, e-wallet, digital payments, banking, multifinance, or insurance industries; experience in payment services is highly preferred
Hands-on experience in Risk Register development and Risk & Control Self-Assessment (RCSA)
Strong understanding of risk assessment methodologies, including inherent risk, control effectiveness, and residual risk evaluation
Familiarity with Bank Indonesia regulations related to payment services is an advantage
Knowledge of operational risk management, risk appetite framework, risk taxonomy, and governance processes
Understanding of payment ecosystem risks, including fraud risk, settlement/reconciliation processes, credit risk, and AML/CFT principles
Strong analytical, documentation, and stakeholder management skills, with the ability to prepare management-level risk reports
Proficient in Microsoft Excel or Google Sheets; experience with GRC tools is a plus
Professional certifications such as FRM, PRM, CRMA, ERMCP, or equivalent are a plus