The position will report to the Internal Audit and Risk Manager and will be responsible for identifying, assessing, monitoring and mitigating risks while ensuring the organization complies with regulatory and internal policies. 

Job Responsibilities

• Work with management to identify, assess  and develop mitigation plan for risks according to the organization’s Enterprise Risk Management framework and update the enterprise risk profile.
• Provide assurance over strategic risks faced by the organization and develop relationships with both internal and external stakeholders in managing the risks.
• Perform risk assessments, scenario analysis and stress tests on financial, operational, business continuity and compliance risks
• Implement risk mitigation strategies tailored to identify and address potential threats and identify opportunities for the organization to harness.
• Proactively follow up on action plans developed by management or various committees to address risk exposures and report on the outcomes
• Prepare risk and compliance reports for presentation to senior management and the Board
• Monitor key risk indicators (KRIs) using both lagging and predictive indicators
• Implement and maintain internal risk and compliance policies and procedures
• Support with the development ,implementation and testing of comprehensive business continuity planning (BCP) strategies and disaster recovery plans
• Conduct ICT   related risk assessments, vulnerability and penetration testing around the ICT  infrastructure and related assets. A
• Identify and investigate compliance breaches, fraud or unethical practices
• Conduct training sessions for employees on risk management to facilitate the embedding of a risk-conscious culture across the organization
• Work closely with Heads of Departments and Sectional Managers  to address risk and compliance concerns
• Keep abreast with the applicable laws, regulations, rules and standards in the risk and compliance fraternity and advice on emerging developments
• Act as a point of contact for regulators, auditors, and external compliance bodies on issues relating to risk management within the organization.

Qualifications

• Bachelor’s degree in accounting, finance, or any related business degree from a recognized institution
• Be a Certified Public Accountant (K) or other recognized equivalent qualifications
• Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA) qualification or equivalent is an added advantage.
• At least 5 years of experience in Risk Management and/or auditing
• Ability to work with and therefore provide assurance over ICT  infrastructure and Assets various IT systems and ERPs, Syspro ERP is an added advantage.
• Experience in implementing risk management is desired
• Technical competencies; Knowledge of Auditing Standards, information systems auditing, Risk Management principles, Financial analysis, Data analytics and Regulatory compliance standards
• Behavioural competencies: Communication skills, problem-solving skills, analytical skills, high level of integrity self-driven, confidentiality and interpersonal skills

Deadline: Nov 5, 2025