Head of Risk & Compliance

About the Role

• We are seeking a Head of Risk & Compliance to lead the design, implementation, and continuous enhancement of Virtual pay’s enterprise risk management and regulatory compliance frameworks. The role is responsible for ensuring that the company operates within its approved risk appetite, maintains full compliance with all applicable legal and regulatory obligations, and sustains a strong control environment that supports business growth, operational resilience, and financial crime prevention. The ideal candidate will bring deep expertise in risk management, regulatory compliance, fraud prevention, AML/CTF, information security governance, and payments regulation, with significant leadership experience within fintech, payment services, banking, or broader financial services.

Key Responsibilities

Enterprise Risk Management

• Develop and implement a comprehensive enterprise risk management strategy aligned with Virtual pay’s business objectives, growth plans, and regulatory requirements. 
• Lead the identification, assessment, measurement, monitoring, and reporting of strategic, operational, financial, compliance, technology, and fraud risks. 
• Define risk appetite statements, tolerance thresholds, and escalation protocols. 
• Oversee enterprise-wide risk registers and mitigation action plans. 

Payment Risk Management

• Lead the payment risk management framework covering transaction risk, merchantrisk, chargebacks, settlement exposure, and payment abuse.
• Oversee real-time transaction monitoring controls across cards, wallets, bank transfers, and alternative payment channels.
• Establish merchant onboarding, underwriting, reserve requirements, and continuous
  exposure monitoring standards.
• Monitor chargeback ratios, fraud-to-sales thresholds, authorization decline trends, refund abuse, and scheme compliance indicators.
• Strengthen controls over settlement risk, reconciliation breaks, payment exceptions, and partner bank exposure

Compliance Strategy & Governance

• Develop, implement, and maintain a robust compliance governance framework, including policies, procedures, standards, and internal controls. 
• Ensure compliance with all relevant laws, regulations, licensing obligations, card scheme rules, AML/CTF obligations, consumer protection requirements, and data privacy standards. 
• Provide continuous oversight of policy adherence and control effectiveness across all business units. 

Regulatory Engagement & Reporting

• Serve as the primary liaison with regulators, external auditors, banking partners, and other oversight bodies on risk and compliance matters. 
• Monitor global and local regulatory developments affecting PSPs, fin-techs, and digital financial services. 
• Oversee timely submission of regulatory returns, board reports, audit responses, and statutory filings. 
• Present risk and compliance reports, dashboards, and key findings to senior leadership and the Board. 

Financial Crime, AML & Transaction Monitoring

• Lead the design and implementation of robust AML, CTF, KYC, CDD, EDD, sanctions screening, and transaction monitoring frameworks. 
• Ensure effective detection, investigation, escalation, and reporting of suspicious activities. 
• Oversee fraud risk management controls, card transaction monitoring, and merchant risk reviews. 
• Continuously strengthen controls to mitigate money laundering, fraud, and payment abuse risks. 

Operational Risk, Fraud & Information Security

• Oversee operational risk management, including fraud prevention, cyber risk, business continuity, and third-party risk. 
• Lead the implementation and continuous improvement of the Information Security
• Management System (ISMS) aligned to ISO/IEC 27001 standards. 
• Identify information security risks and implement proportionate controls to mitigate vulnerabilities. 
• Coordinate internal and external audits to maintain compliance and certification requirements. 

Risk Assessment, Assurance & Controls

• Conduct periodic enterprise risk and compliance risk assessments. 
• Lead internal control reviews, compliance testing, and remediation tracking. 
• Ensure closure of audit findings and regulator action points within agreed timelines. 
• Drive continuous improvement of governance, risk, and control processes. 

Leadership, Culture & Cross-Functional Collaboration

• Build, lead, and develop a high-performing Risk & Compliance function. 
• Promote a strong culture of risk awareness, ethical conduct, and compliance accountability across the organization. 
• Partner closely with product, operations, legal, technology, and commercial teams to embed risk and compliance considerations into business initiatives. 
• Support new product development, market expansion, and strategic partnerships through proactive advisory

Qualifications & Experience

• Bachelor’s degree in Risk Management, Finance, Law, Business, Accounting, or a related field.
• Professional certifications such as FRM, PRM, CFA, ACAMS, ICA, CCEP, CCO, ISO 27001 Lead Implementer/Auditor, or equivalent are highly desirable.
• Minimum 7–10 years of progressive leadership experience in risk, compliance, AML, fraud, or governance roles within fintech, PSPs, banking, EMIs, or financial services.
• Strong understanding of Kenyan, regional, and global regulatory frameworks governing payment service providers.
• Proven expertise in AML/KYC, fraud risk, transaction monitoring, regulatory reporting, and information security governance.
• Demonstrated success in building scalable second-line risk and compliance frameworks in a high-growth environment.
• Strong leadership, strategic thinking, stakeholder management, and board-level reporting capabilities.
• High integrity, sound judgment, and exceptional analytical skills.