|
Job title
|
Expert, Enterprise Risk Management (ERM)
|
|
Company
|
OQ8
|
Function
|
Finance
|
|
Department
|
Corporate Planning
|
|
Section
|
Business Transformation & Performance Analysis
|
|
Location
|
Oman – Muscat
|
Budget control
|
*OPEX and/or CAPEX and/or Revenue amount as relevant*
|
|
Reporting to
|
Head Business Transformation & Performance Analysis
|
Direct reports
|
-
|
|
Job purpose
Protect Organizational Value: Safeguarding the company's assets, earnings capacity, and overall business objectives from potential threats and vulnerabilities. Support Strategic Goals: Aligning risk management activities with the organization's mission and strategic plans, helping leaders make informed decisions that balance risk and reward. Ensure Compliance: Ensuring the organization adheres to relevant laws, regulations, industry standards, and internal policies to avoid penalties, legal sanctions, and reputational damage. Improve Operational Efficiency: Developing and implementing robust risk controls and processes to minimize disruptions, improve business continuity, and enhance overall operational effectiveness
|
|
Main tasks and responsibilities:
|
Strategy
|
- Support leadership in operationalizing company’s risk appetite and tolerance, embedding ERM into strategy-setting, business planning, and decision-making.
- Define consistent risk criteria (likelihood, impact, velocity, resilience) and maintain dynamic risk profiles and a portfolio view that adapts to business changes, digital innovations, and regulatory shifts (ISO & COSO).
|
|
Risk Assessment Identification
|
- Leading or supporting regular risk assessments to identify potential risks (strategic, financial, operational, compliance, etc.) and evaluating their potential impact and likelihood of occurrence.
- Facilitate the identification of potential risks across the organization and conduct detailed risk assessments
|
|
Risk Mitigation and Control
|
- Guide business areas in designing and executing mitigation and business continuity plans, and validate corrective actions through closure for effectiveness and sustainability
- Collaborating with department heads to develop and implement risk response strategies (avoidance, reduction, sharing, or acceptance) and establish internal controls to manage identified risks effectively.
- Assist in developing and monitoring mitigation strategies and action plans to address identified risks.
|
|
Monitoring and Reporting
|
- Continuously monitoring key risk indicators (KRIs) and the overall risk environment, preparing comprehensive risk reports and presentations for senior management and the board of directors.
- Monitor internal and external risk indicators, including those specific to behavioral and operational risks.
- Prepare clear, decision-oriented reporting for the ERM Committee, senior leadership, and other stakeholders, leveraging risk registers, analytics, and technology platforms.
|
|
Policy and Framework Management
|
- Ensuring that risk management policies, procedures, and frameworks (such as COSO or ISO 31000) are up to date, communicated to stakeholders, and followed consistently across the organization.
- Help establish and maintain an ERM framework, including policies, metrics, and reporting.
|
|
Business Continuity Planning
|
- Supporting the development and testing of business continuity and crisis management plans to ensure the organization can respond effectively to major disruptions
|
|
Data Analysis
|
- Use quantitative methods to analyze risk data and support decision-making.
|
|
Stakeholder collaboration
|
- Work with various departments, management, and other assurance providers to coordinate risk management efforts and provide guidance.
- Collaborate across Corporate Compliance, Information Security, Quality, and Legal to align ERM with compliance, continuity, and resilience frameworks, and provide a portfolio-level risk view to support governance and oversight.
|
|
Compliance and best practices
|
- Help ensure compliance with regulatory requirements and implement industry best practices in risk management.
|
|
|
Education requirements
|
- Bachelor's degree in business administration, risk management, or a related field.
- A master's degree and relevant certifications (e.g., COSO ERM, CRM, PMI-RMP) is preferred.
|
|
Background and experience
|
Competencies and skills
|
- 10 years of relevant experience in oil and gas industry, progressive experience in risk management.
- Proven success in embedding risk management frameworks into business practices, not just developing them.
- Ability to translate complex risk concepts into actionable strategies that support organizational objectives.
- Familiarity with relevant laws, regulations, and industry standards in risk management, compliance, digital health, and business continuity.
- Strong organizational skills and experience managing complex projects from end to end, with a track record of achieving measurable outcomes.
- Demonstrated ability to work across functions and build strong relationships with senior leaders and operational teams.
|
- Strong knowledge of enterprise risk management principles, methodologies, and best practices.
- Excellent analytical and problem-solving skills, with the ability to think strategically and tactically to identify and mitigate potential risks.
- Exceptional project management skills, with the ability to manage multiple projects simultaneously and meet tight deadlines.
- Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization.
- Knowledge of relevant regulatory requirements and industry standards related to enterprise risk management.
- Strong attention to detail and organizational skills, with the ability to prioritize tasks and resources effectively.
- Ability to adapt to changing circumstances and quickly develop innovative solutions.
- Strong presentation and reporting skills, with the ability to effectively communicate complex concepts and recommendations to diverse audiences
|
