AirAsia MOVE
FinTech
RiskManager
Neural analysis suggests this role is
optimal for Mid candidates.
“Risk Manager at AirAsia MOVE. Skills: First Line of Defense (LOD 1) Governance, PCI DSS Certification Support, Business Resilience & Impact Analysis (BIA), Compliance & Stakeholder Management. Translate enterprise-wide governance and security policies into actionable, day-to-day controls and procedures. Perform internal compliance checks and self-assessments”
What You'll Achieve.
Ensuring that all business operations, processes, and products adhere to internal policies, regulatory requirements, and industry standards; Proactive management of operational risks; Direct support of critical certification programs like PCI DSS; Ensure controls are operating effectively; Determine recovery objectives (RTO/RPO); Ensure the business remains compliant with relevant local and international regulations; Manage remediation plans
Industry & Context.
What They're Looking For.
Must Have
5+ years of experience in GRC, Internal Audit, or Compliance within the FinTech, Aviation, or e-commerce/critical infrastructure sectors, Demonstrable expertise and practical experience with PCI DSS standards, Solid understanding of Business Continuity Management principles and experience conducting Business Impact Analysis (BIA)
Nice to Have
Relevant professional certifications (e.g. , CISA, CRISC, PCI-P/ISA, COBIT) are highly desirable
What You'll Do.
Translate enterprise-wide governance and security policies into actionable
day-to-day controls and procedures
Perform internal compliance checks and self-assessments
and monitor operational risks
maintaining a local risk register
Collaborate with product and engineering teams to embed security
and risk controls directly into new products and feature rollouts
Act as the internal coordinator for all activities related to maintaining and achieving PCI DSS compliance
Manage the timely collection and review of evidence required for annual PCI DSS audits and quarterly self-assessment questionnaires (SAQs)
Oversee the validation and testing of PCI DSS security controls
coordinating with IT and Security Operations teams for remediation of gaps
Drive and facilitate the annual Business Impact Analysis (BIA) process
Work with the Technology team to align disaster recovery and business continuity plans with the outcomes of the BIA
Ensure the business remains compliant with relevant local and international regulations pertaining to digital platforms and payments
Advise local leadership and business heads on the implications of new compliance requirements and manage remediation plans
Develop and deliver targeted compliance and governance training to LOD 1 personnel
data-driven reports on the status of LOD 1 controls
and key risk indicators (KRIs)
How You'll Work.
Team & Collaboration
Collaborate with product and engineering teams; Coordinating with IT and Security Operations teams; Work with the Technology team; Advisory to local leadership and business heads; Provide reports to AirAsia MOVE leadership and the Enterprise Governance, Risk, and Compliance (GRC) team
Communication Scope
Develop and deliver targeted compliance and governance training
Process & Methodology
Program Management for PCI DSS, Coordination of BIA process
Full Job Description
_Job Description_ **Role Summary** The LOD 1 Risk Manager serves as a key pillar within the First Line of Defense (LOD 1) for AirAsia MOVE, ensuring that all business operations, processes, and products adhere to internal policies, regulatory requirements, and industry standards. This role is responsible for the day-to-minute implementation and oversight of compliance controls, the proactive management of operational risks, and the direct support of critical certification programs like PCI DSS. The manager acts as the primary governance link between business execution and enterprise control functions. **Key Responsibilities** **First Line of Defense (LOD 1) Governance** * **Policy Implementation:** Translate enterprise-wide governance and security policies into actionable, day-to-day controls and procedures for AirAsia MOVE business units (e.g., booking, payments, mobile app functions). * **Process Assurance:** Perform internal compliance checks and self-assessments to ensure controls are operating effectively before escalation to LOD 2 functions (Risk, Compliance). * **Risk Monitoring:** Proactively identify, assess, and monitor operational risks, maintaining a local risk register focused on LOD 1 activities and controls. * **Control Design:** Collaborate with product and engineering teams to embed security, compliance, and risk controls directly into new products and feature rollouts (Shift-Left approach). **PCI DSS Certification Support** * **Program Management:** Act as the internal coordinator for all activities related to maintaining and achieving PCI DSS compliance for AirAsia MOVE’s cardholder data environment (CDE). * **Evidence Collection:** Manage the timely collection and review of evidence required for annual PCI DSS audits and quarterly self-assessment questionnaires (SAQs). * **Control Validation:** Oversee the validation and testing of PCI DSS security controls, coordinating with IT and Security Operations teams for remediation of gaps. **Business Re
Applying for this Risk Manager role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about AirAsia MOVE?
Real rants from real employees. Read before you apply.