Risk and Compliance Officer at Standard Chartered Bank Kenya

Responsibilities

Incumbent will be responsible for supporting the CEO, Agritech Kenya as well as the Agritech senior management team in managing and leading the Risk and Compliance responsibilities for Agritech Kenya and aligning this to the vision and strategy of the venture, the Enterprise Risk Management Framework (ERMF), and delegation of authority documents where relevant.

Incumbent will have the second line responsibility for the implementation of the risk and compliance policies related to the Agritech Kenya Products identified, in line with the SC Ventures Group’s process universe as set out in the Risk Profile Document Risk Framework.

In so far as they relate to conduct, financial crime and compliance, incumbent will also be responsible for providing details of developments giving rise to serious regulatory breaches or breaches of risk tolerances (as agreed by the Board from time to time) that may occur and notifying any such breaches to the relevant parties.

Incumbent will be required to have an appreciation of the country specific nuances and in particular: -

• The regulatory scrutiny on the Agritech product offering and its clients & other stakeholders following high risk investigations conducted across the Fintech industry players including Agritech Kenya and the various recommendations for enhanced compliance from various regulatory bodies; the risk of personal liability for decisions taken particularly in the Financial Crime space.
• The strategic position of the SC Ventures Africa as an innovation hub for the SC Ventures Group with the pilot of various novel projects as well as the hosting of the SC Ventures hub for AME in Kenya and the conduct, compliance, and Financial Crime Risk solution delivery in support of these initiatives and ventures.
• Define and implement risk management and risk assessment framework according to international standards like ISO and NIST.
• Define, review, and update the information security policies and procedures on periodic basis.
• Define compliance assessment framework based on all the regulatory and other international compliances to be met.
• Define KPI’s and KRI’s to measure, track and improve the overall security posture.
• Conduct risk assessments / compliance assessment as per the defined process, identify and report the gaps along with mitigation recommendations.
• Conduct gap / maturity assessment as per the regulatory cybersecurity frameworks.
• Report the findings from the assessments and explain the same to the relevant stakeholders along with clear recommendations to mitigate the identified risks.
• Work with / guide the relevant stakeholders in mitigating identified risks and track and report the status of the identified risks on a periodic basis.
• Conduct regular sessions on building awareness about the organization’s risk posture and information security polices and best practices to be followed.
• For maintaining independence, delivering timely responses, and timely escalation of risks and issues where the management tolerance of the firm is exceeded.
• For maintaining constructive and effective stakeholder relationships with the relevant business and supporting functions.
• Drive high standards of regulatory compliance and deliver key priorities and initiatives, aligned to the Ventures performance scorecard.

Processes

• Act under delegation from the respective Risk Framework Owners for the principal risk types of Compliance, Financial Crime in discharging the responsibilities contained in the ERMF to the extent that is appropriate.
• Support the Process Owner to develop, maintain and embed effective processes/DOIs (including training, advice and support) to address risks across venture business aligning with relevant group policies and regulatory requirements where relevant.
• Provide governance and oversight over the implementation of venture related policies and procedures relevant to the venture business model (to enable compliance with such policies and procedures).
• Provide support and challenge to the ventures senior management to ensure that they establish and monitor appropriate processes for compliance with policies, procedures and standards (including meeting regulatory obligations and maintaining high standards of conduct).

People and Talent

• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from Risk and Governance Team and work in collaboration with risk and control partners.
• Promote and embed a culture of openness, trust and risk awareness, where ethical, legal, regulatory and policy compliant conduct is the norm.
• Stimulate an environment where forward planning, prioritisation, deadline management and streamlined workflows and collaborative, inclusive yet effective and efficient work practices are the norm.
• Set and monitor job descriptions and objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives.
• Ensure the provision of ongoing training and development in order that team members are competent, suitably skilled and qualified for their roles, ensuring that they have effective supervision in place to mitigate any risks.
• Review team structure/capacity plan to ensure an effective  and efficient risk management framework
• Ensure regular and documented management meetings with the senior management team on Risk and Governance Reviews.

Risk Management

• In accordance with the Ventures Enterprise Risk Management Framework, act as second line Risk Owner for appropriate and relevant Venture processes.
• Collaborate with the other Risk and Compliance Team Members to anticipate horizon risks that may have a significant impact on the Ventures and develop effective strategies to mitigate such horizon risks including global standards for conduct of business.
• Collaborate with relevant senior managers to support a programme for conduct, financial crime and compliance monitoring, surveillance and/or assurance for the Agritech, Kenya
• In the event of serious regulatory breaches, or where risk tolerances have been breached, assist the Venture Lead to ensure senior management in the Venture and relevant regulators are informed and that actions are taken quickly to remediate and/or activities are ceased.
• Ensure proactive and timely identification, assessment, advice and dissemination of evolving regulatory changes/practices and associated risks, and proactive engagement in regulatory reform.
• Liaise with the internal audit function to ensure that any weakness identified by the internal audit function relating to the Agritech Venture in Kenya are appropriately followed up and closed in a timely manner.
• Provide reports to the relevant venture management teams on key conduct, financial crime and compliance risks and issues pertaining to the Agritech in Kenya
• Maintain adequate management MI / trackers across all aspects of coverage and responsibility to ensure all issues and matters relating to the Agritech business in Kenya are tracked, followed, regularly assessed, and reported on, including oversight of risk acceptance and/or mitigating action plans, identification and management of high risk clients or specific country reviews relating to Agritech Kenya
• Provide advice on the application of risk management frameworks (e.g., ERMF) to relevant stakeholders on outcomes of risk identification and assessment methodologies.
• Maintain oversight of risk acceptance and/or mitigating action plans relating to Agritech business in Kenya
• Understand technical aspects of systems relevant to the Agritech Kenya
• Assess risks arising from products / segments / geographies / customers / transactions.
• Ensure global standards are understood and implemented across the region, with any identified exceptions, or need for more/less stringent standards escalated when appropriate.

Governance

• Attend relevant leadership meetings, and provide relevant reports to senior management and governance/risk fora.
• Identification and escalation of potential risks and issues to senior management through appropriate governance channels and the Quality Assurance framework.
• Ensure appropriate product governance measures are in place so that product approval documents reflect all relevant requirements.
• Propose control effectiveness and efficiency improvements and simplifications where appropriate.
• Ensure the end-to-end life cycle of audit, assurance and regulatory reviews is managed appropriately, including tracking, remediation and preparing lessons learned from such reviews.
• Within the Group's Enterprise Risk Management Framework, establish and maintain appropriate risk based framework for identifying, assessing, managing, monitoring, mitigating and reporting compliance (including regulatory and financial crime) risks across Agritech Kenya.

Regulatory & Business Conduct

• Display exemplary conduct and live by the Group’s Values and Code of Conduct.
• Effectively and collaboratively identify, escalate, mitigate and resolve risk and CFCC matters.
• Support relevant stakeholders to respond to regulatory questions.
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Agritech Kenya. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

Key Stakeholders

• Venture Lead, CEO Agritech Kenya
• Agritech Business Leads
• SCV Risk Leads
• Other Risks and Control Functional Heads (Risk, Audit, etc)
• Relevant Regulators

Other Responsibilities

• Embed SC Venture’s brand and values in the Kenya’s Agritech Team.
• Perform other responsibilities assigned under Group, Regional, Business or Functional policies and standards as may be relevant.

Our Ideal Candidate

• Experience in Information Security Governance, Risk Assessment, creating customized Risk Assessment framework
• Experience in conducting risk assessments of hybrid environments, mix of cloud and on-premises applications and systems.
• Experience in Business Continuity Management and Information Security Incident Management will be an added advantage
• Experience with GRC automation tools will be an added advantage.
• Experience of working in Agile development environment.
• Understanding of security risks associated with using AI, ML, NLP and blockchain technologies.
• 6+ years of experience in the relevant industry.
• Bachelor’s or master’s degree in business administration/commerce/engineering/science
• ISO 27001 Lead Implementor certification is a must and other relevant certifications like CISA/CISM/CISSP will be an added advantage.