Chief Risk Officer

OFFICIAL

OFFICIAL

OFFICIAL

OFFICIAL

ARPC Position Description

Location: Sydney Security clearance: Baseline

Role Reports to (role title): Chief Executive Officer

Direct Reports (role titles): 1+ Direct Report

Key Attributes of the Chief Governance OfficerThe Chief Risk Officer (CRO) plays an important leadership role within the organisation by providing afoundation upon which to support ARPC’s risk framework and to support risk in the executive teams acrossARPC through business risk partnering. The CRO works closely with the senior executive team to identify,measure and evaluate current, emerging and future risks. The CRO establishes people, processes and systemsstrategies which influence the risk culture within ARPC. The CRO is expected to work closely with the Board,Senior Executive, employees, and other stakeholders to ensure that ARPC has a robust and effective riskmanagement framework that aligns with our corporate plan and legislative and regulatory obligations.

Purpose of the role (Why the role exists; how the role contributes to the ARPC’s strategic objectives)The Chief Risk Officer will drive a developing risk maturity through the identification of potential risks andrealised risk incidents, and the design and implementation of mitigation and remediation strategies. This roleoversees risk management operations and activities across the business and works closely with leaders acrossthe team to maintain an overall risk-aware culture.The role has operational responsibility for a functional team and the teams may change from time to timedepending on ARPC’s operational requirements.

Key Accountabilities (Key activities, tasks, and outcomes to be achieved)• Role model ARPC’s Values and Code of Conduct and capabilities set out in ARPC’s Capability Framework

Strategic policy and framework• Design and implement a fit-for-purpose risk management strategy, policies, and procedures within

ARPC.• Ensue that roles and responsibilities for risk management are clearly understood across ARPC and they

align with delegations.• Develop a vision for risk management which supports ARPC to achieve strategic business goals whilst

appropriately managing current, emerging, and future risks.• Establish appropriate risk policy and frameworks, including management framework, risk appetite and

tolerance statement, risk register, risk related policies, procedures, and control frameworks.• Provide strategic risk advice, including current and emerging risks, to the ARPC Board, Board

Committees and the ARPC Senior Executive Team• Contribute strategic thinking on risk management as part of corporate planning and reporting

processes and oversee actions to build organisational capability to appropriately manage risk.• Ensure compliance to risk management obligations in the PGPA Act and, where relevant, best practice

informed by APRA guidelines for risk management.• Monitor and report on ARPC’s risk profile and risk appetite.• Provide advice and guidance on risk-related issues and opportunities to the executive team and ARPC

Board.• Support the newly created ARPC Board Risk Committee through appropriate reporting and

documentation (in-progress).

2

OFFICIAL

OFFICIAL

OFFICIAL

OFFICIAL

• Support the development of risk appetite and tolerance.• Ensure the data within ARPC to assess risks is fit-for-purpose.• Ensure the Executive Team has a comprehensive understanding of the whole of entity risk profile.• Embed the risk framework into ARPC’s business operations.• Oversight the risk framework.• Provide oversight of the systems and controls, noting risks are owned by the respective business areas.• Oversee enterprise level analysis and reporting on the risk profile and risks for the ARPC Senior

Executive Team, Board and Board Committees• Measure and report on the risk culture within ARPC• Implement and ensure the use of a common risk language within ARPC.• Facilitate and promote an environment where informed risk-based decision making can occur.• Establish frameworks processes which enable the creation of an appropriate risk culture within the

organisation.• Establish risk culture within ARPC to reflect the sensitivities and complexities of government and

relationships with ministers and stakeholders.• Exemplify and model integrity, ethics, values, and the desired cultural behaviours.• Bring an innovative, holistic, and objective lens to decision-making conversations.• Establish programs of work which serve to develop the capability of the organisation to be able to

harness opportunities through effective risk management.• Identify and implement appropriate training and awareness programs to build the capability of officials

Business continuity (including Agency Security Advisor responsibility)• Lead the strategic response planning to provide assurance that ARPC is able to effectively respond

before, during and after an incident or crisis (such as a pandemic, IT outage, physical premisesinterruption) which may impact ARPC’s business operations.

• Oversight the regulatory responsibility of Agency Security Advisor to be led within the Risk team. Theseresponsibilities, detailed in the ‘Key Legislative / Regulatory Role Responsibilities’ section, includestrategic planning for protective security matters in compliance with the law and Australian

Functional leadership• Empower and enable the Risk team to design and deliver strategic risk management plans which

support ARPC to achieve its strategic priorities.• Lead small teams of professional employees (in accordance with ARPC’s Capability Framework) and

manage end to end employee matters such as recruitment, performance management anddevelopment.

• Establish and maintain a culture of high engagement and performance, with a focus on continuousimprovement

As a member of the Senior Leadership Team:• Develop and maintain a commercial understanding of the markets in which ARPC operates in order to

contribute to short, medium, and long-term business planning and development.• Identify immediate and forward-looking opportunities and risks impacting the business and recommend

actions which mitigate risks and/or seize opportunities.• Develop and maintain a commercial understanding of the markets in which ARPC operates to inform

short, medium, and long-term business planning and development.• Lead the development of frameworks to measure the effectiveness of ARPC’s strategic objectives.• Support the CEO in execution of corporate strategies.

3

OFFICIAL

OFFICIAL

OFFICIAL

OFFICIAL

• In accordance with the Business Continuity Management Procedure, as part of the response team,contribute to the organisational response.

• Contribute to overall leadership and management of the Corporation to achieve its strategic objectives.• Contribute to the identification of business process improvement opportunities

Key legislative / regulatory role responsibilitiesYour responsibilities in relation to the Agency Security Advisor function:(Note – The Agency Security Advisor Role is currently an Executive Manager (EL2) role. The CRO is tooversee the agency security advisor role.)

• Provide assistance, seek, and provide advice or information on physical protective security mattersand the day-to-day performance of physical protective security functions (such as office access, pincodes, security passes, alarms, alarm alerts, and physical protective security)

• Lead the develop an appropriate organisational risk mitigation and security culture that promotesand protects agency information and assets.

• Oversee compliance with the law and Australian Government policies.• Provide frameworks which ensure the safety and security of ARPC employees, contractors, and

clients as a member of the building’s Emergency Control team (Floor Warden)• Contribute to the business continuity procedure, the fraud control policy and associated training and

awareness programs.• Develop, implement, and maintain ARPC's security procedures and systems.• Assist staff to understand ARPC’s risk vulnerabilities and openly discuss security issues or concerns.

Personal Interest Disclosure Act (PID), as an Authorised Officer:• Ensure the development, review, and maintenance of ARPC’s PID Policy• Delivering staff awareness sessions to staff, and to AOs on their rights and responsibilities• Receive disclosures from public officials on disclosable conduct and provide advice to them.

o Assess the risk of reprisals against the person making the disclosure.o Examine the PID; ando Document the PID information.

Privacy Act, as the designated ARPC Privacy Champion:• Reporting to the CEO and ARPC Board on personal information data breaches, including any privacy

issues arising from ARPC’s handling of personal information.• Providing strategic direction to the management of personal information.• Reviewing and/or approving the Privacy Management Plan.• Documented reviews of the agency’s progress against the Privacy Management Plan at least once

each calendar year; and• Promoting a culture of privacy that values and protects information.

Freedom of information Act (FOI), Delegated Officer responsible for:• Making decisions in relation to requests for information; and• Leading ARPC’s work on implementing the IPS requirements under the FOI Act.• The CSOO will also arrange ARPC’s IPS documents, which are not available on the ARPC website, to be

made available upon request,• Managing the IPS and ensuring that the IPS documents are accurate, up-to-date, and complete.

4

OFFICIAL

OFFICIAL

OFFICIAL

OFFICIAL

Working Relationships (Key stakeholders, clients, customers, suppliers, providers, consultants, etc.)

Internal Relationships• Build and maintain strong relationships with all members of the ARPC teamExternal Relationships• Build and maintain strong relationships with vendors and partners

Person specification

Qualifications and experienceQualifications (indicate whether mandatory or desired)

• Tertiary qualification - Mandatory

Experience (minimum type and level of experience required to perform the role)• Experience working with a Board - Mandatory• Experience developing and managing risk management frameworks in insurance regulated markets –

Mandatory• Experience in the Government sector (ideally with a Corporate Commonwealth Entity) - Desired• Experience in understanding and interpreting legislation - Desired

Technical Capabilities (skills, knowledge, technical or specialist capabilities)• Ability to think vertically and laterally to approach business issues from different angles.• Meticulous attention to detail and adherence with legislative and regulatory requirements• Deep risk expertise coupled with energy and passion for the risk profession.• Deep understanding of risk management principles and effective risk management• Good judgement regarding key risks to an entity and those that require focused attention.• Have the ability to communicate complex matters with clarity and succinctness.• Strong written and verbal communication skills• Excellent analytical skills with the ability to derive simple insights from complex data.• Excellent interpersonal skills with the ability to effectively negotiate and influence.• Ability to build strong relationships with various stakeholders.• Well-developed commercial acumen• Deep legislative and regulatory interpretation and application skills• Natural application of insight, initiative, and innovation• Courteous assertiveness

Authorities Limits/ Type

HR Delegations: As per ARPC Enterprise Agreement

Declared Incident: As per ARPC Response Plan

Additional requirements

5

OFFICIAL

OFFICIAL

OFFICIAL

OFFICIAL

ARPC Values

• Integrity• Service• Respect

ARPC Capabilities (ARPC Capability Framework)ARPC Capabilities describe behavioural expectations for all employees, by classification broadband.

• Shapes strategic thinking• Achieves results.• Cultivates productive working relationships.• Exemplifies personal drive and integrity.• Communicates with influence.

Refer to ARPC’s intranet for detailed information on each of the capability areas.

Distinguishing characteristics of ARPC Senior Executives (classification level SES1)

• The focus of interactions, while often across the agency or directed inwardly with staff reporting tothe role, extends to broader corporate leadership, and cross-government and externalrepresentation.

• Takes responsibility for performance outcomes for a specific program, initiative, or for quality ofadvice provided.

• Takes responsibility for the management and development of all team members in the function.• Leads a branch/group in implementing programs, projects, and initiatives.• Contributes to one or more elements of agency governance.• Recommends decisions on performance improvement initiatives and options.• Plans and manages budgeted resources.• Influential source of advice related to a specific area of knowledge or practice, which will form a key

input to agency decision making processes.• Primary planning focus assumes an immediate current year but with an understanding of future

implications

Prepared by:(Name & position)

Head of People and CEO Office

Date:

April 2024

Approved by:(Name & position)

Dr. Chris Wallace,CEO Date:

April 2024

#J-18808-Ljbffr

---