Assistant Manager - Risk Management

Assistant Manager – Risk Management

Union Assurance is a leading corporate and one of the fastest growing entities in the Life Insurance industry backed by the strength and stability of John Keells Holdings PLC, one of Sri Lanka's largest conglomerates.

The Job Role:

The person will be responsible for supporting the Manager – Risk Management in preparing the risk report for the Annual Report and implementing SLFRS S1 and S2. The role also contributes to the overall management and execution of Personal Data Protection processes, Business Continuity Planning, ISO 27000:2022 Internal Audits, CIS Maturity Assessments, and IT General Controls (ITGC).

Principle Accountabilities:

• Act as the designated Data Protection Officer (DPO) for the company, ensuring full compliance with PDPA requirements.
• Serve as the primary contact for the supervisory authority on all data processing matters, including prior consultations under Section 25 of the PDPA.
• Ensure that data subject rights (access, rectification, erasure) are respected and that mechanisms (e.g., web portal) are in place for individuals to exercise these rights.
• Lead the rollout and governance of the company’s Data Privacy Policy across all departments.
• Provide guidance on Data Protection Impact Assessments (DPIAs) for new systems/projects and monitor their implementation.
• Review and evaluate DLP and SOC alerts daily, investigate potential breaches, and escalate as necessary.
• Oversee the PDPA gap assessment process, including departmental engagement, data flow mapping, consultant coordination, and implementation of recommendations.
• Review all operational documents and agreements to ensure PDPA-compliant clauses are included and Data Processing Agreements (DPAs) are executed.
• Support the Partnership Distribution team during onboarding to ensure data protection compliance.
• Represent the company at the Group DPO Forum, providing regular updates to the Group, BACC, and Board.
• Develop and maintain PDPA awareness training content, including Sinhala and Tamil translations.
• Coordinate with consultants to define the BCP scope, obtain approvals, and execute activities as per the plan.
• Conduct Business Impact Analysis (BIA) across departments and update documentation accordingly.
• Maintain and update the BCP manual to reflect organizational changes.
• Organize and execute Call Tree Drills, analyze results, and report to management.
• Facilitate training sessions and desktop drills for Business Units, Support Teams, Incident Command Team, and IT Recovery Team.
• Update the Incident Command Team and BCP Coordinators as needed based on staffing changes.
• Provide quarterly BCP updates to the BACC and Board.
• Promote BCP awareness across the organization.
• Prepare and submit the Risk Report for inclusion in the Annual Report.
• Support the implementation of SLFRS S1 and S2, working closely with consultants and internal stakeholders.
• Collaborate with IT to review and update Policies and Procedures for ISO 27000:2022 compliance.
• Participate in risk review meetings with IT, HR, and Logistics to support ISO risk assessments.
• Define the scope for IT General Controls (ITGC) and manage vendor engagement for quotations.
• Assist in conducting CIS Maturity Assessments and support implementation of improvement actions.

Qualifications and Experience

• A Bachelor’s Degree from a recognized University in Business Administration/Management or equivalent discipline.
• Minimum 02-03 Years in Senior Executive capacity/relevant experience, with 6+ years overall experience.
• Expertise in Risk Management & Mitigation.
• Sound knowledge on Microsoft office packages
• Excellent problem-solving skills, Negotiation and analytical skills.
• Strong adaptability, work under pressure and capacity to work in fast-paced environments.
• Ability to work independently and in a team-oriented environment.

The selected candidate for the above position will be entitled to an attractive remuneration package. Applicants who are interested are encouraged to apply on or before 15th November 2025.