Job Purpose:
Brief
We are looking for a qualified Risk Management and Control officer expected to be a strategic business partner responsible for the technical and operational control and compliance of the company. The officer is also responsible to ensure minimal losses across every area of the organisation as well as ensuring legal and regulatory compliance across the business.
Job Responsibilities
Sales Activities
Supports in the implementation of an overall Risk Management, Internal Control process & programs;
Supports Head, Legal & Compliance to conduct Enterprise Risk Assessment on Business Groups and as required to support the requirements of Regulators or adopted certification Standards;
Works with Business Group to ensure the development of Risk Register, RCSA and continuous update of the Risk Register as the business environment changes;
In Collaboration with Business Groups, design and develop controls to mitigate identified risks;
Ensures Risk Assessment of newly developed business processes are conducted before they are signed-off by their Owners. Update the Risk Register with the new details of the risk assessment;
Develops Key Risk Indicators (KRI) for proactive monitoring of risks across Business Groups;
Develops and ensures the implementation of Risk Management Policies and Processes
Conducts Vendors and other Third-Parties Risk Assessment to support business and partners’ requirements;
Conducts Product-Level Risk Assessment on existing and new Products and Services; ensures concerns raised are owned and addressed before Go-Live;
Develops risk awareness presentation and conducts same across Business Groups to promote and raise risk management culture and awareness in the organization;
Monitors and Reports losses, Claims and Refunds;
Engages concerned Business Group to perform root cause analyses on identified risk events to recommend improvements to prevent these risk events from re-occurring in future. When necessary, refer to Internal Audit for investigation;
Supports Business Groups to review Systems and Processes for adequacy of controls as documented in policies and processes and in line with best practice;
Develops appropriate controls to close gaps identified during Internal, Surveillance, or External Audits; Ensure Business Groups review concerned processes or policies to address issues raised;
Supports in the development of an Internal Control Plan and procedures for the review of controls such as Cybersecurity, Business Continuity, Networks, Application Development, Electronic/Transaction Systems, Information and Environmental Security, Human Resources, Finance, etc.;
Possesses technical competences to conduct control assessments/reviews as planned in the Internal Control Plan and in fulfillment of the requirements of adopted standards such as PCI DSS, ISO 9001, ISO 27001, ISO 20000, ISO 22301, etc.;
Evaluates integration and change requests and grants approval if requests meets requirements before implementation in the live environment;
Conducts Business Impact Analysis and ensures the Business Continuity Plans across the Business Groups are reviewed and updated in line with current business environment;
Ensures continuous monitoring of security pledges and timely reporting on the Company’s exposures;
Develops monthly Risk and Control reports for Departmental review;
Assists the Head, Legal & Compliance in preparing reports to Senior Management Committee and the Board Audit and Risk Committee.
Offers expert opinion in an advisory capacity to Business Groups.
Risk Reporting
Accurate and timely rendition of risk reports to Head, Legal & Compliance
Key Risk Indicators
Root causes assessment and reporting of operational loss events
Settlement Banks exposure based on pledged securities
Risk Assessment
Risk assessment and review of Risk Registers
Risk assessment conducted on Existing and new Products & services before Go-live
Control Review/Assessment
Development of Internal Control Plan and procedures
Controls reviews in line with Internal Control Plan, Adopted Standard requirements, or regulation
Documentation of loss events – refunds and claims
Integration and Change Request exceptions/Authorization
Business Continuity
Business Impact Analysis and Business Continuity test coordinated with Business Owners
Risk and business continuity awareness across the Business
Academic Qualification(s)
Minimum of Bachelor’s Degree in a related discipline.
Professional Qualification
CRISC – ISO27001
CIA – ISO31000
PCI DSS – ISo223001
Experience
Minimum of 3 years of relevant experience in Risk Management and Internal/Business Control. Knowledge of Payment Industry and System is an added advantage.
