Assistant Manager - Risk Management

Assistant Manager – Risk Management

Union Assurance is a leading corporate and one of the fastest growing entities in the Life Insurance industry backed by the strength and stability of John Keells Holdings PLC, one of Sri Lanka's largest conglomerates.

The Job Role:

The person will be responsible to manage and overseeing risk management function including business continuity aspects while offering the organization support in coordination with the JKH Group, external consultants, industry forums and regulatory authorities. The role also contributes to the overall management and execution of Personal Data Protection implementation and related processes, documentation and reporting.

Principle Accountabilities:

• The person will be responsible for supporting the Manager – Risk Management/DPO in overseeing the risk management function including below responsibilities.
• Assist the Data Protection Officer (DPO) to ensure compliance with PDPA requirements.
• Lead the rollout and governance of the company’s Data Protection Policy across all departments.
• Provide guidance on Data Protection Impact Assessments (DPIAs) for new systems/projects and monitor their implementation.
• Investigate DLP alerts and potential breaches, and escalate as necessary
• Timely review and updating data flow maps with all cross functional departments.
• Review all operational documents and agreements to ensure PDPA related clauses are included and Data Processing Agreements (DPAs) are executed.
• Ensure compliance with regards to personal data protection when onboarding Partners.
• Represent the company at the Group DPO Forum, providing regular updates to the Group PDPA Governance Committee, BACC, and Board.
• Conduct PDPA/ BCP awareness sessions and develop content relating to same.
• Coordinate with consultant to define the BCP scope, obtain approvals, and execute activities as per the plan.
• Conduct Business Impact Analysis (BIA) across departments and update documentation accordingly.
• Maintain and update the BCP manual to reflect organizational changes.
• Organize and execute Call Tree Drills, analyze results, and report to management.
• Facilitate training sessions and desktop drills for Business Units, Support Teams, Incident Command Team, and IT Recovery Team.
• Update the Incident Command Team and BCP Coordinators as needed based on changes in staff.
• Provide quarterly BCP/ PDPA and Risk updates to the BACC and Board.
• Prepare the Risk Report for inclusion in the Annual Report.
• Support the implementation of SLFRS S1 and S2 and work closely with external consultants and internal stakeholders.
• Collaborate with IT to review and update Policies and Procedures for ISO 27701: 2019 standard.
• Participate in risk review meetings with IT, HR, and Logistics to support ISO 27001:2022 certification related risk assessments.

Qualifications and Experience

• A bachelor’s degree from a recognized University in Business Administration/Management or equivalent discipline.
• Minimum 02-03 Years in Senior Executive capacity/relevant experience, with 6+ years overall experience.
• Professional qualifications in Risk Management/ Business Continuity or Cyber Security
• Sound knowledge on Microsoft office packages
• Knowledge of relevant laws and regulations (PDPA/ GDPR)
• Expertise in Risk management and Economics
• Excellent problem-solving skills, Negotiation and analytical skills.
• Strong adaptability, work under pressure and capacity to work in fast-paced environments.
• Ability to work independently and in a team-oriented environment.

The selected candidate for the above position will be entitled to an attractive remuneration package. Applicants who are interested are encouraged to apply on or before 15th November 2025.