"Be a part of the SCBX mothership's GRC transformation"

Are you a risk, compliance, or governance leader looking for a high-impact transformation opportunity? SCBX is building out the Group GRC team and we are hiring multiple specialist roles to drive the design, implementation, and operation of our enterprise GRC platform across the Group and its subsidiaries.

We are looking for experienced professionals across four key areas to join this strategic, multi-year transformation. Each role plays a central part in shaping how SCBX Group manages risk, compliance, and internal control at scale — from designing enterprise frameworks and standards, to embedding them across business entities, to driving the operational change required to make them stick.

Open Roles

• GRC Design & Governance Lead — SCBX Group — Own the Group GRC framework, taxonomy, change governance, and standards across all entities. Senior advisory and challenger role to subsidiaries and Group leadership.

• Operational Risk & Internal Control Lead — ORM / ERM / Policy / ICM Process Owner — Define and operate enterprise ORM, ERM, Policy Governance, and Internal Control Management — RCSA, KRIs, incident management, risk appetite, policy lifecycle, control library and testing.

• Operational Risk & Business Continuity Lead — ORM / TPRM / BCM Process Owner — Own operational risk, third-party risk management, and business continuity processes — vendor due diligence, BCP/BIA, crisis management, and operational resilience.

• Technology Risk & IT Third-Party Risk Lead — Tech Risk / Cyber / IT TPRM Process Owner — Own technology risk and IT third-party risk processes — IT risk assessment, cybersecurity governance, cloud and outsourcing risk, IT regulatory compliance.

• Non-Tech PMO Lead — GRC Project — Establish and manage project governance, integrated plans, deliverables, dependencies, vendor coordination, steering committees, and reporting across the GRC transformation programme.

• Change Management Lead — GRC Project — Own the change strategy, stakeholder engagement, communications, capability building, training, and adoption across the Group for the GRC platform rollout.

Common Requirements

• Experience in financial services, fintech, insurance, or other regulated environments
• Strong knowledge of risk frameworks (Basel, COSO, COSO ERM) or large-scale transformation delivery methodologies
• Experience in enterprise-wide GRC transformation or system implementation (GRC platforms such as Archer for specialist roles; project management tools such as MS Project / Jira / Confluence for PMO and Change Management roles)
• Cross-entity / multi-entity engagement experience preferred
• Strong stakeholder management, communication, and the ability to engage senior leadership
• Professional certifications relevant to your discipline (e.g. CIA, CRMA, GRCP, FRM, PMP) — advantage
• Excellent Thai and English communication skills