Executive Manager IT Risk Governance

Job Summary

The job holder is responsible for leading the implementation and execution of IT risk governance and control frameworks across both IT operations and business-facing services. The primary focus is to ensure that IT risks are effectively identified, assessed, and managed in alignment with enterprise risk strategies and international standards. This role plays a key part in enhancing the Club’s operational resilience by promoting a proactive risk culture and ensuring continuity of critical business functions. Acting as a trusted risk advisor, the job holder works closely with IT and business stakeholders to drive risk-informed decision-making and safeguard the organization's digital and operational assets.

Major Tasks

• Implement and sustain the IT Risk Management Framework across IT and Business Divisions. Ensure leadership ownership of risk accountabilities and alignment with governance standards.
• Lead regular updates of risk scenarios with input from ERM and subject experts. Prioritize top risks and validate response decisions against set thresholds.
• Maintain and enhance the control library and support Risk Owners in identifying and assessing key controls. Ensure controls are appropriate, effective, and efficiently managed.
• Coordinate Key Risk Indicator monitoring and reporting. Communicate material risk updates, incidents, and lessons learned to divisional and Club governance.
• Collaborate with audit and oversight teams to execute risk control assurance programs. Test key controls based on risk profiles and address control gaps promptly.
• Support the development and implementation of mitigation strategies for material risks. Align disaster recovery planning with technology and business continuity objectives.
• Design and manage the business resilience program for IT and Business Divisions. Ensure readiness to respond to disruptions through robust continuity planning.
• Conduct business impact analyses and regular risk assessments. Improve resilience policies and engage departments in continuity planning and recovery procedures.
• Deliver training and awareness programs on resilience and continuity. Develop metrics and report program effectiveness to senior management.
• Ensure robust incident management processes are in place. Conduct timely root cause analyses and integrate findings into risk assessments and reporting.

Education

• Bachelor's Degree (preferred) in relevant risk management disciplines.
• Relevant disciplines may include Operational Risk Management within an IT environment, Business Continuity and Resilience, Information Security, or IT Risk Management.

Qualifications

• Professional risk management certification (e.g., ISO 31000) and/or relevant industry body affiliation is an advantage.
• Capable of understanding the Club's unique nature, culture, and risk environment.
• Proficient in assessing and quantifying technology and operational risks, and recommending practical mitigation controls.
• Strong understanding of IT standards, governance, risk, and internal control best practices and trends.
• Experienced in delivering technology and/or operational risk management frameworks from inception.
• Solid experience in managing business resilience and continuity programs.
• Knowledge of enterprise architecture, service management, asset management, change management, and systems migration.
• Good understanding of the Club’s business strategies, priorities, risks, and controls in relevant functional areas.
• Technically astute with excellent analytical and decision-making skills.
• Strong communication and report writing skills in English.

Experience

• Seasoned professional with deep expertise in developing and managing IT Operational Risk and Business Resilience functions within IT or Business Divisions.
• Proven track record in leading risk and business continuity functions in a technology-driven environment.
• 15+ years of experience executing first line of defense responsibilities in IT operational risk and business continuity management.