A&A : Manager - Senior Manager (Enterprise Risk Management (ERM) Module (GRC System))

Are you ready to unleash your potential?

At Deloitte, our purpose is to make an impact that matters for our clients, our people, and the communities we serve. 

We believe we have a responsibility to be a force for good, and WorldImpact is our portfolio of initiatives focused on making a tangible impact on society’s biggest challenges and creating a better future. We strive to advise clients on how to deliver purpose-led growth and embed more equitable, inclusive as well as sustainable business practices. 

Hence, we seek talented individuals driven to excel and innovate, working together to achieve our shared goals. 

We are committed to creating positive work experiences that foster a culture of respect and inclusion, where diverse perspectives are celebrated, and everyone is recognised for their contributions.

Ready to unleash your potential with us? Join the winning team now!

Work you’ll do

Position Overview

We are seeking a highly motivated Business Analyst to support the design, implementation, and enhancement of the Enterprise Risk Management (ERM) module within our Governance, Risk, and Compliance (GRC) platform. The role will serve as a bridge between business stakeholders, risk management teams, and the system implementation team to ensure effective design, testing, and deployment of ERM functionalities in alignment with risk management frameworks, regulatory requirements, and industry best practices.

Key Responsibilities

1. Enterprise Risk Management Activities

• Support the design and implementation of the ERM framework including risk governance structure, policies, and procedures.
• Facilitate risk identification and assessment workshops with business units across the first and second lines of defense.
• Support the definition and monitoring of risk appetite statements and tolerance levels at entity and group level.
• Develop and maintain risk taxonomy, risk registers, and risk assessment methodologies.
• Contribute to the design of Key Risk Indicators (KRIs) and monitor their performance.
• Prepare risk dashboards and reporting packs for senior management and Board committees.

2. Business Analysis & Requirement Gathering

• Gather functional requirements from stakeholders (risk management, compliance, internal audit, and business units).
• Translate ERM policy and regulatory obligations (e.g., Basel II/III, BOT, MAS, SEC) into system workflows and reporting needs.
• Draft user stories, acceptance criteria, and functional specifications for the ERM module.

3. System Design & Implementation Support

• Work with technical teams and vendors to configure ERM functionalities (risk registers, risk assessments, appetite monitoring, dashboards).
• Ensure integration with other GRC modules (Incident Management, Control Standards, Compliance).
• Validate data models and reporting to support enterprise-wide risk aggregation.

4. Testing & Validation

• Develop and execute UAT scripts for ERM workflows (risk identification, scoring, approval, escalation).
• Validate effectiveness of ERM-related data migration and system interfaces.
• Support defect resolution and system enhancements.

5. Training & Change Management

• Prepare training materials (manuals, e-learning, workshops) for ERM module users.
• Train risk owners, risk champions, and business unit representatives on ERM processes and system usage.
• Support change management to build a risk-aware culture across the organization.

6. Governance & Continuous Improvement

• Document ERM processes and ensure alignment with regulatory expectations.
• Propose process improvements to strengthen risk identification, assessment, monitoring, and reporting.
• Collect user feedback and contribute to continuous enhancement of the ERM framework and system.

Your role as a leader

At Deloitte, we believe in the importance of empowering our people to be leaders at all levels. We expect our people to embrace and live our purpose and shared values, challenging themselves everyday to identify issues that are most important to our clients, our people and the communities, and to make an impact that matters. In addition to living our purpose, Manager - Senior Manager across our Firm are expected to:

• Understand objectives for stakeholders, clients and Deloitte whilst aligning own performance to objectives and sets personal priorities.
• Develop themselves by actively seeking opportunities for growth, shares knowledge and experiences with others, and acts as a strong brand ambassador.
• Seek opportunities to challenge themselves, collaborate with others to deliver and takes accountability for results.
• Build relationships and communicates effectively in order to positively influence peers and stakeholders.
• Work effectively in diverse teams within a highly inclusive team culture where everyone is supported, respected and recognized for their contribution.

Requirements

• Bachelor’s or Master’s degree in Risk Management, Finance, Business Administration, Information Systems, or related field.
• 5–10 years of experience in Enterprise Risk Management, Risk Advisory, or GRC system implementation, preferably in financial services.
• Hands-on experience in ERM activities, including:
• Risk identification, assessment, and rating.
• Development and monitoring of risk appetite and tolerance.
• KRI design and reporting.
• Facilitating risk workshops with stakeholders.
• Preparing enterprise risk dashboards and reports for senior management.
• Strong knowledge of ERM frameworks (e.g., COSO ERM, ISO 31000) and regulatory standards (e.g., Basel II/III, BOT FPG 5/2566, MAS TRM).
• Experience with GRC platforms (RSA Archer, SAP GRC, MetricStream, or similar).
• Strong analytical, problem-solving, and facilitation skills.
• Excellent communication skills and ability to liaise with both technical and non-technical stakeholders.
• Certifications such as FRM, PRM, or IRM diploma are an advantage.

Due to volume of applications, we regret only shortlisted candidates will be notified.

Please note that Deloitte will never reach out to you directly via messaging platforms to offer you employment opportunities or request for money or your personal information. Kindly apply for roles that you are interested in via this official Deloitte website.