Third-Party Risk Management Advisor (Contract)

Job title: Third-Party Risk Management Advisor (Contract)

Company:


Job description: JOB PURPOSE To establish, implement, and maintain a robust Third-Party Risk Management (TPRM) framework for Prasarana Malaysia Berhad Group in alignment with its responsibilities as a government-owned entity under the Ministry of Finance (MOF) and regulated by the Ministry of Transport (MOT). This role ensures effective management of risks related to vendors, contractors, service providers, and partners through proper risk identification, assessment, monitoring, and mitigation. The role also contributes to overall enterprise risk profiling and integration of third-party risk into the Group’s risk ecosystem. KEY ACCOUNTABILITIES A. Strategic & Governance Design and implement a Group-wide Third-Party Risk Management Framework in compliance with MOF circulars, national risk standards, and international best practices. Develop policies, procedures, and tools for assessing and managing third-party risk throughout the engagement lifecycle. Ensure governance processes are consistent with Prasarana&aposs GLC status and responsibilities under MOF and MOT oversight. Coordinate with internal stakeholders to ensure third-party risk controls are embedded into procurement, legal, operational, and technology processes. B. Risk Integration & Collaboration Collaborate with Risk Managers under the Enterprise Risk Management (ERM) and Operational Risk Management (ORM) functions to ensure third-party risks are embedded in Prasarana’s overall risk profile. Participate in quarterly and annual risk assessment exercises, key risk indicator (KRI) development, and group risk reporting activities. Provide input to the Group’s risk dashboards, risk registers, and Board Risk Committee submissions. C. Third-Party Risk Assessment & Oversight Conduct risk-based due diligence on all high-risk and critical third-party engagements, including financial health, compliance status, ESG, cybersecurity, and operational resilience. Work with Group Procurement, Legal, ICT, and subsidiaries to ensure third-party risk evaluations are part of onboarding, monitoring, renewal, and exit processes. Implement continuous monitoring strategies and recommend mitigation plans for high-risk vendors and partners. D. Tools, Data & Reporting Maintain a centralized third-party risk register and assessment records. Support deployment of automated or digital tools to enhance risk visibility, scoring, and compliance tracking. Prepare reports on third-party risk trends and exposures for internal management, the Board Risk Committee, and external regulators when necessary. E. Compliance, Audit & Regulatory Interface Ensure compliance with MOF Circulars, relevant MOT guidelines, and standards such as ISO 31000, ISO 27001, and BNM outsourcing policies (where applicable). Coordinate audit activities, support the closure of audit findings, and facilitate the implementation of recommended controls. Liaise with internal and external auditors, as well as regulators on third-party risk matters. F. Stakeholder Engagement & Capacity Building Act as a subject matter expert (SME) on third-party risk across the Group, covering rail, bus, infrastructure, property, and commercial subsidiaries. Deliver internal awareness programs and training to staff, management, and risk owners on TPRM principles and procedures. Drive a culture of shared accountability and proactive risk ownership in third-party management. G. Reporting and Communication: Prepare and present compliance risk reports to senior management and regulatory authorities. Serve as a point of contact for regulatory inquiries and audits, facilitating effective communication and resolution. Training and Education: Develop and deliver compliance training programs for employees, fostering a culture of compliance awareness. Keep abreast of regulatory changes and industry best practices and disseminate relevant information to the organization. H. Team Leadership: Manage and mentor a team of compliance professionals, providing guidance, support, and performance evaluations. Foster a collaborative and results-oriented team environment. Perform other duties as required and instructed by the management and to support the division. QUALIFICATIONS, SKILLS & KNOWLEDGE Bachelor’s degree in law, finance, Accounting Business, Management, Engineering or equivalent with at least ten (10) years’ experience in enterprise risk, vendor management, compliance, procurement governance, or third-party oversight. Professional certification in Risk Management or TPRM (e.g., ORM , CRMA, ISO 31000 Certified, CTPRP) is advantageous. Experience in regulated sectors (transportation, public infrastructure, government-linked companies, or financial institutions) is preferred. Highly proficient in risk and compliance methodologies; Knowledge on ISO Management System Standard (ISO31000 & ISO22301). Strong interpersonal skills with the ability to work collaboratively with people at all levels of the organization including interfacing with directors and senior management; Solid understanding of public sector governance, procurement risks, contract risk, and compliance requirements. Knowledge of cybersecurity, ESG risk, and financial due diligence in third-party contexts. Requires a high level of independence. High integrity, risk judgment, and independent thinking. Experience writing high quality documentation and reports. Familiar with Microsoft Office/ Excel/ Power Point and ERM systems OTHER INFO Based at Menara Prasarana, with oversight of subsidiaries and strategic projects. May require travel to depots, operational sites, and vendor locations as necessary. May represent Prasarana in engagements with regulators, external auditors, and government authorities. Show more Show less

Expected salary:

Location: Petaling Jaya, Selangor

Job date: Sat, 29 Mar 2025 23:49:34 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (jobsnear.pro) you saw this job posting.Thanks&Good Luck