Risk & Compliance Officer at Sanlam Investments East Africa (SIEA)

Purpose:

Reporting to the Head of Risk & Compliance, the Risk & Compliance Officer will play a key role in the management and coordination of enterprise-wide risk in line with the Sanlam Kenya Enterprise Risk Management and Compliance Frameworks.

Primary responsibilities:

• In line with the technical framework developed by the Head of Risk & Compliance, embed Operational Risk Management Framework within specific business line (s). Product/Initiatives Risk Assessment: Conduct Product/Initiative Risk Assessment, present to Product Development Team/other related teams and follow up to ensure closure of high and medium rated risk items.
• Together with the Head of Risk & Compliance, participate in the development of relevant key indicators and associated appetite thresholds for each business line, and monitoring the implementation of action plans to address key risk indicators out of appetite,
• Support the Head of Risk & Compliance with compliance advice to the business units on regulatory and compliance matters and financial crime which includes Anti Money Laundering, Fraud, Bribery and Corruption, Information Security and Market Conduct
• Responsible for the timely identification, assessment, mitigation, reporting and escalation of all identified Operational Risk exposures.
• Perform risk and control assessments across the business with specific emphasis on defining the risk, inherent and residual, assessment of the design and operating effectiveness of controls and the defining action plans to bring controls effectiveness,
• Responsible for recording and maintenance of all risks, incidents & issues with quality information in terms of data accuracy, completeness, and timely resolution Be Wise,
• Monitoring the implementation of action plans to address qualified risks on the risk and controls self-assessments, incidents, and audit issues,
• Perform annual BCP/DR risk analysis, planning, testing or live execution for specific lines of business,
• Monitor all relevant business areas to ensure compliance with current regulatory requirements in accordance with the Compliance Monitoring Plan.
• Maintenance and update of all regulatory registers including breaches, complaints, Gifts and Conflicts,
• Regulatory Change Management: Post domestication review of new/changes to regulatory framework to confirm ongoing compliance,
• Continuous review of policies/ procedures to confirm whether it complies with laws and regulations, and give recommendations,
• Incident Analysis, consulting with the business unit and stakeholders to conduct a root cause analysis, make recommendations on corrective/preventive action, and recommend to Head of Risk & Compliance the closure of incident items.
• Timely submission of reports to Head of Risk & Compliance, including and not limited to monthly status reports, Management Risk Committee reports, input to Board papers and ad hoc reports.
• Coordinate Management Risk Committee Meetings per business line and ensure papers and minutes are circulated in a timely manner.

Person Specifications
Academic and Professional Qualification

• Bachelor's degree in Business Administration, Finance/Accounting, Information Technology, Engineering, Actuarial Science or related field from a recognised university.
• Post-graduate qualification in risk management e.g. certification in risk management (Institute of Internal Auditors, Risk and Insurance Management Society (RIMS), Institute of Risk Management (IRM), or Institute and Faculty of Actuaries UK (IFOA) or Certified Enterprise Risk Manager (CERM)) is desirable
• Professional Membership in Risk Management (or working towards professional certification)

Experience

• Minimum Five (5) years' experience in risk management or a related field.

Skills and Attributes

Insights and Context:

• Understanding the principles of risk management and the relevance and use of theories, processes and tools
• Understanding the internal environment of an organization and its implications for risk. management practices
• Understanding how the external environment influences an organization and its implications for risk management practices.Strategy and Performance:
• The development and implementation of risk management strategy and architecture.
• The development and implementation of proportionate risk management policy, guidelines, procedures and actions plans.
• The development and implementation of a risk measurement performance and reporting framework.

Risk Management Process:

• The identification, analysis and evaluation of the nature and impact of risks and opportunities
• The development, selection and implementation of risk treatment strategies and controls.

Organizational Capability

• Communication and consultation: The development and implementation of communication structures and plans
• Change Management: The management of risk within strategic and operational change.