AirAsia MOVE
FinTech, Aviation, e-commerce
RiskManager
Neural analysis suggests this role is
optimal for Mid candidates.
“Risk Manager at AirAsia MOVE. Skills: First Line of Defense (LOD 1) Risk Management, PCI DSS Compliance, Business Impact Analysis (BIA), Regulatory Adherence, Control Frameworks (ISO 27001, NIST). Ensure business operations, processes, and products adhere to internal policies, regulatory requirements, and industry standards. Implement and oversee compliance controls”
What You'll Achieve.
Ensure adherence to internal policies, regulatory requirements, and industry standards; Effective implementation and oversight of compliance controls; Proactive management of operational risks; Successful support of PCI DSS certification programs; Effective operation of PCI DSS security controls; Accurate and timely Business Impact Analysis (BIA) outcomes; Alignment of DR/BCP plans with BIA outcomes; Ensured compliance with relevant regulations; Effective remediation of compliance gaps; Regular, data-driven reporting on controls, compliance, and KRIs
Industry & Context.
Proactive identification, assessment, and monitoring of operational risks; Remediation of gaps in PCI DSS security controls; Managing remediation plans for compliance requirements
What They're Looking For.
Must Have
5+ years of experience in GRC, Internal Audit, or Compliance within the FinTech, Aviation, or e-commerce/critical infrastructure sectors, Demonstrable expertise and practical experience with PCI DSS standards, Solid understanding of Business Continuity Management principles and experience conducting Business Impact Analysis (BIA), Knowledge of control frameworks such as ISO 27001 and NIST
Nice to Have
Relevant professional certifications (e.g. , CISA, CRISC, PCI-P/ISA, COBIT) are highly desirable
What You'll Do.
Ensure business operations
and products adhere to internal policies
regulatory requirements
and industry standards
Implement and oversee compliance controls
Proactively manage operational risks
Support critical certification programs like PCI DSS
Translate enterprise-wide governance and security policies into actionable controls
Perform internal compliance checks and self-assessments
and monitor operational risks
Collaborate with product and engineering teams to embed risk controls
Act as the internal coordinator for PCI DSS compliance
Manage evidence collection for PCI DSS audits
Oversee validation and testing of PCI DSS security controls
Drive and facilitate the annual Business Impact Analysis (BIA)
Align disaster recovery and business continuity plans with BIA outcomes
Ensure compliance with relevant local and international regulations
Advise leadership on compliance implications
Develop and deliver compliance and governance training
Provide regular reports on controls
How You'll Work.
Team & Collaboration
Collaborate with product and engineering teams; Coordinate with IT and Security Operations teams; Work with the Technology team; Liaise with Enterprise Governance, Risk, and Compliance (GRC) team
Communication Scope
Advising local leadership and business heads on compliance implications; Developing and delivering targeted compliance and governance training
Process & Methodology
Program Management for PCI DSS certification, Managing evidence collection and review, Coordinating control validation and testing, Driving the BIA process, Managing remediation plans
Full Job Description
_Job Description_ **Role Summary** The LOD 1 Risk Manager serves as a key pillar within the First Line of Defense (LOD 1) for AirAsia MOVE, ensuring that all business operations, processes, and products adhere to internal policies, regulatory requirements, and industry standards. This role is responsible for the day-to-minute implementation and oversight of compliance controls, the proactive management of operational risks, and the direct support of critical certification programs like PCI DSS. The manager acts as the primary governance link between business execution and enterprise control functions. **Location:** Manila, Philippines **Key Responsibilities** **First Line of Defense (LOD 1) Governance** * **Policy Implementation:** Translate enterprise-wide governance and security policies into actionable, day-to-day controls and procedures for AirAsia MOVE business units (e.g., booking, payments, mobile app functions). * **Process Assurance:** Perform internal compliance checks and self-assessments to ensure controls are operating effectively before escalation to LOD 2 functions (Risk, Compliance). * **Risk Monitoring:** Proactively identify, assess, and monitor operational risks, maintaining a local risk register focused on LOD 1 activities and controls. * **Control Design:** Collaborate with product and engineering teams to embed security, compliance, and risk controls directly into new products and feature rollouts (Shift-Left approach). **PCI DSS Certification Support** * **Program Management:** Act as the internal coordinator for all activities related to maintaining and achieving PCI DSS compliance for AirAsia MOVE’s cardholder data environment (CDE). * **Evidence Collection:** Manage the timely collection and review of evidence required for annual PCI DSS audits and quarterly self-assessment questionnaires (SAQs). * **Control Validation:** Oversee the validation and testing of PCI DSS security controls, coordinating with IT and Security Operations teams for
Applying for this Risk Manager role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about AirAsia MOVE?
Real rants from real employees. Read before you apply.