OQ8 - Expert, Enterprise Risk Management

Job title

Expert, Enterprise Risk Management (ERM)

Company

OQ8

Function

Finance

Department

Corporate Planning

Section

Business Transformation & Performance Analysis

Location

Oman – Muscat

Budget control

*OPEX and/or CAPEX and/or Revenue amount as relevant*

Reporting to

Head Business Transformation & Performance Analysis

Direct reports

-

Job purpose

Protect Organizational Value: Safeguarding the company's assets, earnings capacity, and overall business objectives from potential threats and vulnerabilities. Support Strategic Goals: Aligning risk management activities with the organization's mission and strategic plans, helping leaders make informed decisions that balance risk and reward. Ensure Compliance: Ensuring the organization adheres to relevant laws, regulations, industry standards, and internal policies to avoid penalties, legal sanctions, and reputational damage. Improve Operational Efficiency: Developing and implementing robust risk controls and processes to minimize disruptions, improve business continuity, and enhance overall operational effectiveness

Main tasks and responsibilities:

Strategy

Support leadership in operationalizing company’s risk appetite and tolerance, embedding ERM into strategy-setting, business planning, and decision-making.
Define consistent risk criteria (likelihood, impact, velocity, resilience) and maintain dynamic risk profiles and a portfolio view that adapts to business changes, digital innovations, and regulatory shifts (ISO & COSO).

Risk Assessment Identification

Leading or supporting regular risk assessments to identify potential risks (strategic, financial, operational, compliance, etc.) and evaluating their potential impact and likelihood of occurrence.
Facilitate the identification of potential risks across the organization and conduct detailed risk assessments

Risk Mitigation and Control

Guide business areas in designing and executing mitigation and business continuity plans, and validate corrective actions through closure for effectiveness and sustainability
Collaborating with department heads to develop and implement risk response strategies (avoidance, reduction, sharing, or acceptance) and establish internal controls to manage identified risks effectively.
Assist in developing and monitoring mitigation strategies and action plans to address identified risks.

Monitoring and Reporting

Continuously monitoring key risk indicators (KRIs) and the overall risk environment, preparing comprehensive risk reports and presentations for senior management and the board of directors.
Monitor internal and external risk indicators, including those specific to behavioral and operational risks.
Prepare clear, decision-oriented reporting for the ERM Committee, senior leadership, and other stakeholders, leveraging risk registers, analytics, and technology platforms.

Policy and Framework Management

Ensuring that risk management policies, procedures, and frameworks (such as COSO or ISO 31000) are up to date, communicated to stakeholders, and followed consistently across the organization.
Help establish and maintain an ERM framework, including policies, metrics, and reporting.

Business Continuity Planning

Supporting the development and testing of business continuity and crisis management plans to ensure the organization can respond effectively to major disruptions

Data Analysis

Use quantitative methods to analyze risk data and support decision-making.

Stakeholder collaboration

Work with various departments, management, and other assurance providers to coordinate risk management efforts and provide guidance.
Collaborate across Corporate Compliance, Information Security, Quality, and Legal to align ERM with compliance, continuity, and resilience frameworks, and provide a portfolio-level risk view to support governance and oversight.

Compliance and best practices

Help ensure compliance with regulatory requirements and implement industry best practices in risk management.

Education requirements

Bachelor's degree in business administration, risk management, or a related field.
A master's degree and relevant certifications (e.g., COSO ERM, CRM, PMI-RMP) is preferred.

Background and experience

Competencies and skills

10 years of relevant experience in oil and gas industry, progressive experience in risk management.
Proven success in embedding risk management frameworks into business practices, not just developing them.
Ability to translate complex risk concepts into actionable strategies that support organizational objectives.
Familiarity with relevant laws, regulations, and industry standards in risk management, compliance, digital health, and business continuity.
Strong organizational skills and experience managing complex projects from end to end, with a track record of achieving measurable outcomes.
Demonstrated ability to work across functions and build strong relationships with senior leaders and operational teams.

Strong knowledge of enterprise risk management principles, methodologies, and best practices.
Excellent analytical and problem-solving skills, with the ability to think strategically and tactically to identify and mitigate potential risks.
Exceptional project management skills, with the ability to manage multiple projects simultaneously and meet tight deadlines.
Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization.
Knowledge of relevant regulatory requirements and industry standards related to enterprise risk management.
Strong attention to detail and organizational skills, with the ability to prioritize tasks and resources effectively.
Ability to adapt to changing circumstances and quickly develop innovative solutions.
Strong presentation and reporting skills, with the ability to effectively communicate complex concepts and recommendations to diverse audiences