Chief Risk Officer
job description
OFFICIAL
OFFICIAL
OFFICIAL
OFFICIAL
ARPC Position Description
Location:
Sydney Security clearance:
Baseline
Role Reports to (role title):
Chief Executive Officer
Direct Reports (role titles):
1+ Direct Report
Key Attributes of the Chief Governance OfficerThe Chief Risk Officer (CRO) plays an important leadership role within the organisation by providing afoundation upon which to support ARPC's risk framework and to support risk in the executive teams acrossARPC through business risk partnering. The CRO works closely with the senior executive team to identify,measure and evaluate current, emerging and future risks. The CRO establishes people, processes and systemsstrategies which influence the risk culture within ARPC. The CRO is expected to work closely with the Board,Senior Executive, employees, and other stakeholders to ensure that ARPC has a robust and effective riskmanagement framework that aligns with our corporate plan and legislative and regulatory obligations.
Purpose of the role (Why the role exists;
how the role contributes to the ARPC's strategic objectives)The Chief Risk Officer will drive a developing risk maturity through the identification of potential risks andrealised risk incidents, and the design and implementation of mitigation and remediation strategies. This roleoversees risk management operations and activities across the business and works closely with leaders acrossthe team to maintain an overall risk-aware culture.The role has operational responsibility for a functional team and the teams may change from time to timedepending on ARPC's operational requirements.
Key Accountabilities (Key activities, tasks, and outcomes to be achieved)
- Role model ARPC's Values and Code of Conduct and capabilities set out in ARPC's Capability Framework
Strategic policy and framework
- Design and implement a fit-for-purpose risk management strategy, policies, and procedures within
ARPC.
- Ensue that roles and responsibilities for risk management are clearly understood across ARPC and they
align with delegations.
- Develop a vision for risk management which supports ARPC to achieve strategic business goals whilst
appropriately managing current, emerging, and future risks.
- Establish appropriate risk policy and frameworks, including management framework, risk appetite and
tolerance statement, risk register, risk related policies, procedures, and control frameworks.
- Provide strategic risk advice, including current and emerging risks, to the ARPC Board, Board
Committees and the ARPC Senior Executive Team
- Contribute strategic thinking on risk management as part of corporate planning and reporting
processes and oversee actions to build organisational capability to appropriately manage risk.
- Ensure compliance to risk management obligations in the PGPA Act and, where relevant, best practice
informed by APRA guidelines for risk management.
- Monitor and report on ARPC's risk profile and risk appetite.
- Provide advice and guidance on risk-related issues and opportunities to the executive team and ARPC
Board.
- Support the newly created ARPC Board Risk Committee through appropriate reporting and
documentation (in-progress).
2
OFFICIAL
OFFICIAL
OFFICIAL
OFFICIAL
- Support the development of risk appetite and tolerance.
- Ensure the data within ARPC to assess risks is fit-for-purpose.
- Ensure the Executive Team has a comprehensive understanding of the whole of entity risk profile.
- Embed the risk framework into ARPC's business operations.
- Oversight the risk framework.
- Provide oversight of the systems and controls, noting risks are owned by the respective business areas.
- Oversee enterprise level analysis and reporting on the risk profile and risks for the ARPC Senior Executive Team, Board and Board Committees
- Measure and report on the risk culture within ARPC
- Implement and ensure the use of a common risk language within ARPC.
- Facilitate and promote an environment where informed risk-based decision making can occur.
- Establish frameworks processes which enable the creation of an appropriate risk culture within the
organisation.
- Establish risk culture within ARPC to reflect the sensitivities and complexities of government and
relationships with ministers and stakeholders.
- Exemplify and model integrity, ethics, values, and the desired cultural behaviours.
- Bring an innovative, holistic, and objective lens to decision-making conversations.
- Establish programs of work which serve to develop the capability of the organisation to be able to
harness opportunities through effective risk management.
- Identify and implement appropriate training and awareness programs to build the capability of officials
Business continuity (including Agency Security Advisor responsibility)
- Lead the strategic response planning to provide assurance that ARPC is able to effectively respond before, during and after an incident or crisis (such as a pandemic, IT outage, physical premisesinterruption) which may impact ARPC's business operations.
- Oversight the regulatory responsibility of Agency Security Advisor to be led within the Risk team. Theseresponsibilities, detailed in the 'Key Legislative / Regulatory Role Responsibilities' section, includestrategic planning for protective security matters in compliance with the law and Australian
Functional leadership
- Empower and enable the Risk team to design and deliver strategic risk management plans which
support ARPC to achieve its strategic priorities.
- Lead small teams of professional employees (in accordance with ARPC's Capability Framework) and
manage end to end employee matters such as recruitment, performance management anddevelopment.
- Establish and maintain a culture of high engagement and performance, with a focus on continuousimprovement
As a member of the Senior Leadership Team:
- Develop and maintain a commercial understanding of the markets in which ARPC operates in order to
contribute to short, medium, and long-term business planning and development.
- Identify immediate and forward-looking opportunities and risks impacting the business and recommend
actions which mitigate risks and/or seize opportunities.
- Develop and maintain a commercial understanding of the markets in which ARPC operates to inform
short, medium, and long-term business planning and development.
- Lead the development of frameworks to measure the effectiveness of ARPC's strategic objectives.
- Support the CEO in execution of corporate strategies.
3
OFFICIAL
OFFICIAL
OFFICIAL
OFFICIAL
- In accordance with the Business Continuity Management Procedure, as part of the response team,contribute to the organisational response.
- Contribute to overall leadership and management of the Corporation to achieve its strategic objectives.
- Contribute to the identification of business process improvement opportunities
Key legislative / regulatory role responsibilitiesYour responsibilities in relation to the Agency Security Advisor function:
(Note - The Agency Security Advisor Role is currently an Executive Manager (EL2) role. The CRO is tooversee the agency security advisor role.)
- Provide assistance, seek, and provide advice or information on physical protective security mattersand the day-to-day performance of physical protective security functions (such as office access, pincodes, security passes, alarms, alarm alerts, and physical protective security)
- Lead the develop an appropriate organisational risk mitigation and security culture that promotesand protects agency information and assets.
- Oversee compliance with the law and Australian Government policies.
- Provide frameworks which ensure the safety and security of ARPC employees, contractors, and
clients as a member of the building's Emergency Control team (Floor Warden)
- Contribute to the business continuity procedure, the fraud control policy and associated training and
awareness programs.
- Develop, implement, and maintain ARPC's security procedures and systems.
- Assist staff to understand ARPC's risk vulnerabilities and openly discuss security issues or concerns.
Personal Interest Disclosure Act (PID), as an Authorised Officer:
- Ensure the development, review, and maintenance of ARPC's PID Policy
- Delivering staff awareness sessions to staff, and to AOs on their rights and responsibilities
- Receive disclosures from public officials on disclosable conduct and provide advice to them.
o Assess the risk of reprisals against the person making the disclosure.O Examine the PID;
ando Document the PID information.
Privacy Act, as the designated ARPC Privacy Champion:
- Reporting to the CEO and ARPC Board on personal information data breaches, including any privacy
issues arising from ARPC's handling of personal information.
- Providing strategic direction to the management of personal information.
- Reviewing and/or approving the Privacy Management Plan.
- Documented reviews of the agency's progress against the Privacy Management Plan at least once
each calendar year;
and
- Promoting a culture of privacy that values and protects information.
Freedom of information Act (FOI), Delegated Officer responsible for:
- Making decisions in relation to requests for information;
and
- Leading ARPC's work on implementing the IPS requirements under the FOI Act.
- The CSOO will also arrange ARPC's IPS documents, which are not available on the ARPC website, to be
made available upon request,
- Managing the IPS and ensuring that the IPS documents are accurate. click apply for full job details