Career Opportunity in Sui Southern Gas Company Limited

Engineering Graduate or MBA from HEC recognized university with at least 4 years of relevant experience. 

Registration with PEC is mandatory for Engineers.

JOB SUMMARY

The purpose of this position is to facilitate the implementation of risk management framework at technical or operational units including Transmission and Distribution functions in accordance with SSGC’s policies and applicable regulatory guidelines. The incumbent is also responsible to guide the departments in controlling the identified risks.

JOB RESPONSIBILITIES

1. Providing consultative oversight and programs to the business units with respect to the Risk Management. 
2. Planning, designing and implementing of overall operational / engineering risk management process. 
3. Provide guidance in light of the ERM Framework, facilitates the first line of defense, in identifying, assessing, evaluating, categorizing, prioritizing, monitoring and controlling all significant risks facing the Entity.
4. Provide guidance in identifying and assessing risk and determining the adequacy and cost effectiveness of controls
5. Processes, systems, procedures and data management capabilities to support the enterprise-wide risk management framework
6. Develops and implements risk dashboards to monitor key operational risks using Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
7. Lead risk identification, assessment and on-going monitoring activities for high risk operational / engineering processes. 
8. Conduct analysis, develop risk methodologies, and drive the implementation of strategies, policies, procedures, and internal controls to identify issues resulting from internal and/or external audits
9. Identify and/or resolve risk issues impacting the business, including conducting control reviews or gap analyses for existing processes, as needed. Perform Process mapping analysis and process re-engineering
10. Review the plan to maintain the enterprise risk management system up-to-date through periodic updates of risk registers.
11. Guide the technical departments to finalize and fill in the risk related entries and mitigation actions within the risk registers. 
12. Work closely with the technical departments to undertake a thorough risk assessment in order to obtain an understanding of the risks to assets, systems and manpower and with a view to identify threats, vulnerabilities, probabilities of occurrence and potential impact. 
13. Encourage the technical departments to highlight the risks for which there may not be any appropriate mitigation action available for the time being.
14. Support the department in classifying the identified risk in terms of level of severity and probability of occurrence. 
15. Prioritize high risk areas for effective mitigation measures.
16. Monitor the departments’ progress on a regular basis to check if necessary actions have been taken to mitigate the risks. 
17. Conduct training and awareness sessions for the employees of the user departments to create a culture where risks are timely identified and removed with appropriate actions, including correct entry in the risk register templates.
18. Initiate steps to develop e-learning module to create awareness of the risk related concepts and enterprise risk management program at SSGC. 
19. Ensure that employees undergo the initial course of e-learning module and then complete the refresher course once every two years.
20. Coordinate with the training function to include risk management training as part of new employees’ induction program. 
21. Review the monthly reports prior to submission to the management, includes the status of the identified risks and the corresponding mitigation actions. 
22. Review the annual performance report on SSGCL and departmental risk prior to submission to the management and Board Risk Committee.
23. Keep abreast with the trends and developments in risk management that may be significant to the gas transportation and distribution industry.
24. Support SSGC’s senior management with any aspect of risk management development and deliver risk management training for the senior management.
25. Apply the relevant approach in taking steps in risk reduction, risk acceptance where risks are accepted, risk transference where all or most of the assets are insured and risk avoidance where the department decides not to engage in a risky activity.
26. Write articles to create risk awareness for publication in the company’s magazines. 
27. The individual shall ensure compliance to the Enterprise Risk Management Framework enforced in the Company while performing job responsibilities in accordance with his assigned role.
28. The individual shall ensure compliance to the Business Principles and Ethics Policy / Code of Conduct.
29. Perform any other task assigned by superiors.

CA or ACMA with at least 4 years of post-membership experience.

Or

ACCA or MBA preferably in Accounting & Finance from HEC recognized university with at least 6 years of relevant experience.

Certification like CIMA or CIA will be an added advantage.

JOB SUMMARY

The purpose of this position is to lead process improvement initiatives including mapping of current processes, identifies the gaps and design of new/improved processes, document the policies and implement the changes. The position is also responsible to ensure maintenance of archiving, version controls, coordination in drafting, signing off from HoDs and stakeholders on the Policies and Procedures.

JOB RESPONSIBILITIES

1. Communicates and coordinates with the departmental heads to organize mapping of processes for improvement purpose.
2. Provides guidance on ERM   framework, facilitates in first line of defense, in identifying, assessing, evaluating, categorizing, prioritizing, monitoring and controlling all significant risks facing the Entity by reviewing and approving risk management methodologies
3. Provides methodologies and guides in identifying and assessing risk and determines the adequacy and cost effectiveness of controls
4. Processes, systems, procedures and data management capabilities to support the enterprise-wide risk management framework
5. Ensures that on regular intervals gaps and improvements are identified in the existing processes and policies. Highlight the gaps to the respective department and arrange to present the policies and procedures for approvals from respective authorities
6. Organize the design and development of revised processes with the active involvement of respective department’s management.
7. Automates ERM Processes through implementation and maintenance of ERM Software
8. Responsible to ensure that the respective department’s management provides their consent on the “to-be” or revised processes prior to the implementation stage.
9. Work with the departments in the development of documentation (policies, procedures and work instructions) conforms the requirements of quality assurance standards and applicable regulations (if any). Undertakes a joint periodic review of the documentation along with the user department’s management and ensures that any required changes are incorporated in the documentation.
10. Coordinates with the respective Head of Department and facilitates in implementation of process improvement.
11. Plans and organizes regular management review and quality assurance meetings with the senior management and middle management representatives respectively to explore improvement opportunities.
12. Reviews work practices and provides feedback on continuous basis to recommend ways to improve processes and systems.
13. Ensures that the risks pertaining to conditions included in contracts are identified and the relevant users take necessary actions to mitigate the risks.
14. The individual shall ensure compliance to the Enterprise Risk Management Framework enforced in the Company while performing job responsibilities in accordance with his assigned role.
15. The individual shall ensure compliance to the Business Principles and Ethics Policy / Code of Conduct.
16. Undertake any other task /assignment / project as assigned by the management.
17. Sound knowledge in Risk Management in Financial matters and have good knowledge of IFRS, Relevant laws, rules & regulations, SECP, Industry, Public Sector Procurement Rules, and corporate governance rules
18. Sound understanding of applicable accounting standards and reporting framework, ERM & Internal control framework including compliance &contractual risk management
19. Best Practices in Risk Management, COSO framework and ISO 31000.
20. Familiarity with Oracle Applications, CC&B, GIS systems preferable.

Engineering Graduate (Mechanical / Electrical) with at least 9 years of relevant experience.

Or

BCS or equivalent with at least 10 years of relevant experience. Candidate must have at least 04 years of relevant experience as a Functional / Team Lead. Registration with PEC is mandatory for Engineers. Preferred Certifications in CISA, CRISC, CISSP, etc. Training in ISO 31000 on risk management will be a plus.

JOB SUMMARY

The purpose of this position is to ensure implementation of the risk management framework at SSGC’s IT and Operational/Technical departments.

JOB RESPONSIBILITIES

1. Establishes and communicates the organization’s Enterprise Risk Management Framework, objectives and direction and provide guidance to achieve the ERM maturity model developed by the company
2. Implements ERM Framework, Risk Culture and Recommends risk management policies, risk appetite and risk limits to Executive Management.
3. Designs, communicates and facilitates the use of appropriate Enterprise Risk Management methodologies, tools and techniques across the organization.
4. Controls enterprise-wide risk assessments and monitors priority risks across the organization.
5. Lead the development / implementation of system-wide risk management function of the information security program to ensure information security risks are identified & monitored
6. Must have knowledge and experience of implementation of Information Security Management Systems based on ISO 2700X
7. Advance the design, delivery, and performance of lT risk metrics and reports including the Business Impact Assessment, lT Risk Management Framework, and the management of configurations and standards 
8. Assess, evaluate and make recommendations to management regarding the adequacy of the security controls, risks involved for the organization's information and technology systems 
9. Lead the system-wide information security compliance program, ensuring lT activities, processes, and procedures to meet defined requirements, policies and regulations 
10. Lead enterprise, network, application, and cloud infrastructure risk assessments while maintaining process and procedural documentation 
11. Coordinate and track all Operational, lT Risks, information technology and security related assessments including scope of assessment, parties involved, timelines, and outcomes 
12. Provides insight and guidance to IT processes and projects to ensure best practices and security standards are maintained 
13. Operate with a high degree of independence with regard to project management activities, including development of project plans and budget/resource estimates 
14. Excellent knowledge and experience of information security, audit, risk management, compliance or risk consulting experience 
15. Arranges and conducts Risk Workshops for confirmation of the Risk Registers and for identifying risks and mitigation controls of Risks
16. Provides guidance, coordination and subject matter expertise to business functions to ensure the implementation of the agreed risk management strategy.
17. Works with all functional groups to establish, maintains and continuously improve risk management capabilities.
18. Manage relationships with external consultants and supervise work programs.
19. Plan the risk management related awareness amongst SSGC IT and Operation / Technical departments regarding the need and importance of this exercise as well as correct implementation of the program through guided training sessions and/or e-learning modules. 
20. Guide the IT function to undertake a thorough information systems risk assessment in order to obtain an understanding of the risks to the availability, integrity and confidentiality of data and systems. Ensure that such risk assessment encompasses all systems, including hardware, software, data, networks and any business processes to identify threats, vulnerabilities, probabilities of occurrence and potential impact. 
21. Ensure close coordination with individual technical or operational departments in proper articulation of key risks and determination of the severity of impact as well as probability of its occurrence, using a top-down as well as a bottom-up approach.
22. Develop a common set of assessment criteria that can be used across operating departments and determine how much risk the organization faces. 
23. Identify and analyze risks and risk indicators pertaining to loss of critical systems, key suppliers, key employees etc. into the risk management program along with the corresponding business continuity decisions.
24. Help the departments in categorization of the risks according to a pre-defined criterion into categories including “critical”, “catastrophic” etc. based on level of severity and likelihood of happening (e.g. almost certain, likely, possible). 
25. Assess key risk areas including operations risk, compliance risk, legal risk, liquidity risk etc. and provide feedback to departmental heads on steps needed to mitigate these risks.

CA or ACMA with at least 6 years of post-membership relevant experience.

Or

ACCA or MBA (Finance) from HEC recognized university with at least 9 years of relevant experience. Certification like CIMA or CIA will be an added advantage. Candidate must have at least 04 years of relevant experience as a Functional / Team Lead. Training in ISO 31000 on risk management will be a plus.

JOB SUMMARY

The purpose of this position is to ensure implementation of Strategic, Financial and Compliance Risk Management activities as defined in the ERM framework of SSGC The position is also responsible to implement and maintain ERM Framework, maintains and implement company processes and policies across SSGC.

JOB RESPONSIBILITIES

1. Oversees and promotes the development and implementation of:
2. Implementation of ERM Framework for providing guidance, facilitation to the first line of defense, in identifying, assessing, evaluating, categorizing, prioritizing, monitoring and controlling all significant risks facing the entity by reviewing and approving risk management methodologies
3. Provides guidance in identifying and assessing risk and determining the adequacy and cost effectiveness of controls
4. Implements Processes, systems, procedures and data management capabilities to support the enterprise-wide risk management framework
5. Implements Risk management information requirements (including risk metrics, and reports), reporting thresholds, early warning indicators;
6. Reports all Risk exposures identified with the help of risk owner’s departments at SSGC in relation to approved risk appetite and tolerance limits to CRO
7. Works with other head of departments to ensure monitoring and compliance with the approved Enterprise Risk Management Framework; 
8. Monitors internal controls and systems of SSGC relevant to risk management;
9. Arranges Risk Workshops and drives action points for implementation in coordination with the HoDs, Risk Champions and Risk Owners
10. Develops and recommends the risk appetite and risk tolerance limits for the consideration of RMC; 
11. Monitors risk parameters against the risk tolerance limits, approved by the RMC and BRMC as reported and identified by the Risk Owners and Head of Departments 
12. Presents Risk Reports to CRO periodically; and
13. Drafts risk policies and procedures for review and recommendation of RMC.
14. Plans the risk management related awareness amongst SSGC departments regarding the need and importance of this exercise and ensures the correct implementation of the program through guided training sessions and/or e-learning modules
15. Presents updated Contract registers to the CRO, RMC and BRMC as and when required
16. Automates ERM Processes through implementation and maintenance of ERM Software
17. Ensures close coordination with individual departments in proper articulation of risks and determination of the severity of impact as well as probability of its occurrence, using a top-down as well as a bottom-up approach.
18. Coordinates with Internal Audit Department for arrangement of Risk based Audits
19. Facilitates business and support groups in risk based performance evaluation.
20. Conducts risk related reviews as assigned by CRO, RMC and BRMC and ensures that findings of those reviews are reported to business units, Senior Management and if appropriate to the Board.
21. Convene RMC / BRMC meetings as per TORS and approved rules of business.
22. Ensures identification of successors for key positions through proper development.
23. Facilitates learning through trainings in co-ordination with Human Resource Management Group and interactive sessions among the employees.
24. Appraise the performance of employees deputed in the ERM department
25. Report Key Risks in the Annual Report
26. Oversees quality reviews of Divisional and Departmental risk management, policies, process, people, Audit & Compliance Reports to identify iterative risks and systems.
27. Assist the departments in categorization of the risks s per pre-defined criteria into categories including “critical”, “catastrophic” etc. based on level of severity and likelihood of happening (e.g. almost certain, likely, possible) as defined in the ERM Framework.
28. Builds and improves capabilities to respond effectively to low probability, critical, and catastrophic risks.
29. Develops risk registers for documenting, storing and maintaining risk information and conducts in depth analysis of key risks by obtaining information and data from SSGC departments. 
30. Manages the program to update the Risk Registers on a monthly basis with the active participation of the respective departments. 
31. Ensures to prepare comprehensive management reports from the consolidated risk related information. 
32. Present the reports to the Risk Management Committee and Board’s Risk Committee on quarterly basis for inputs and monitor progress of the necessary actions by departments in order to mitigate the identified risks.