Vacancies at I&M Bank

Job Purpose:

• This role will involve supporting the implementation of strategies and procedures to monitor and mitigate fraud across the enterprise, particularly focusing on the prevention, detection and investigation of fraud across all bank channels including digital, card, merchant, and alternative banking channels. The associate will work under the guidance of the Manager fraud risk management.

Key Responsibilities:

• Monitor all transactions for signs of fraudulent activity, maintaining and operating fraud detection systems and tools. 
• Collect and analyze data related to all transactions to identify potential fraud risks and interpret data patterns and trends.
• Prepare initial reports on suspicious activities for further investigation and maintain accurate records and documentation of fraud monitoring activities. 
• Identify and evaluate risks associated with card products, such as credit cards, debit cards, prepaid cards and ecommerce.
• Analyze trends and patterns in all channels’ usage to anticipate potential risks.
• Develop and update risk models to predict and manage fraud risks.
• Ensure card services comply with relevant laws, regulations, and standards (e.g., PCI-DSS for card security).
• Stay informed about regulatory changes and adapting risk management strategies accordingly.
• Work with compliance teams to prevent money laundering and other illegal activities through card transactions.
• Work collaboratively with other departments, such as IT and customer service, call centre, cards operations to gather information and enhance fraud monitoring processes.
• Participate in cross-functional meetings and discussions related to fraud risk.
• Adhere to fraud risk policies, procedures, and card scheme requirements.
• Assist in the technical aspects of fraud detection tools, including basic troubleshooting.
• Stay abreast of technological advancements in fraud detection and risk management.
• Assist in the response to detected fraud incidents under the direction of Senior team members.
• Develop educational materials and programs to inform customers about safe card usage and fraud prevention.
• Provide support and guidance to customers affected by fraud or security breaches.

Academic Qualifications:

• Bachelor’s degree in relevant fields such as Finance, Criminal Justice, or Information Technology.

Work Experience:

• At least three (3) years' experience working in risk management of a financial services/Fintech (preferred), payments or technology (growth) company.
• Professional / Technical Qualifications / Diplomas: 
• Certified Fraud Examiner (CFE), Professional Certified Investigator (PCI) or other similar qualifications.

Key Skills & Competencies:

• Demonstrated interest in fraud risk management, financial crime prevention, and payments. 
• Strong analytical capability with excellent attention to detail. 
• Understanding of banking operations is an added advantage. 
• Ability to learn quickly and consistently follow established processes and procedures. 
• Effective communication skills and a collaborative approach to teamwork. 
• High levels of integrity, professionalism, respect and confidentiality. 
• Proficiency in Information Technology, with the ability to work confidently with digital systems and tools.
• Basic understanding of fraud risk management, particularly in card and merchant transactions.

go to method of application »

Job purpose:

• The primary purpose of this role is to assist in implementing a comprehensive operational risk management framework. 
• The role holder will play a crucial part in identifying, measuring, mitigating, monitoring, and reporting risks across various business units within the bank.
• You will also perform independent reviews and control validation tests to assess controls' adequacy, ascertain compliance with the bank’s policies, procedures, and adherence to regulatory requirements, and highlight exceptions or violations.

Key Responsibilities:
Implement an Operational Risk Management Framework:

• Support the Implementation of an Operational Risk Management Framework that is consistent with the Group Enterprise Risk Management Framework (policies and procedures).
• Support the implementation of Operational Risk Management digital (Automation) and automation strategy.

Governance:
Policies and Procedures:

• Participate in the annual review of risk procedures in liaison with the Assistant, Manager Risk and Compliance, and Manager, Enterprise risk.
• Participate in the review of business procedures/processes to identify areas of potential improvement or weakness in risk management controls.
• Follow up on unit procedure reviews with unit risk champions.

Unit Operational Risk and Compliance Committee:

• Support and participate in the Unit Operational risk and Compliance committees for business units across the bank with the respective risk champions.
• Support the Operational Risk Department with the collation of all UORCCO meeting Packs across the departments for record-keeping purposes and follow up on open action plans.

Reporting:

• Support the preparation of reports for Management and the Board through the collation of data required for the same.

Risk & Control Self-Assessment Register (RCSA):

• Coordinating the implementation of the Risk & Control Self-Assessment (RCSA) framework across the various Business and Support units. 
• Participate In the embedment of all new and emerging operational and financial risks into units’ risk registers.
• Support in the Maintenance of the banks’ Risks and Controls Library by ensuring all new risks or controls across the bank are maintained in the risk library.
• Review & follow up on the unit’s quarterly Risk and control self-assessments to identify top risks, control gaps, issues raised, and track for closure.
• Identify thematic risks across units, escalate to respective stakeholders, recommend mitigating controls, and follow up to ensure closure.

Key Risk Indicators (KRI):

• Participate in the designing of the Bank’s Key Risk Indicators framework (KRIs).
• Responsible for the Maintenance of the bank KRI Library by ensuring all KRIs identified are maintained in the KRI library.
• Review Key Risk Indicators (KRI) reports from respective units and report any outside approved tolerance limits i.e. exceptions for follow-up and action planning.
• Participate and support the risk owners to define key risk metrics for operational risk within the Business and Support functions.

Incident Reporting and Loss Data Management:

• Support the Implementation of the incident management and loss data reporting framework.
• Follow up, track, and analyze risk incidences across the business units to ensure proper identification of root cause and follow up on the implementation of comprehensive action plans/measures to close loopholes by respective business units. 
• Monitor the Operational Loss Database to monitor operational losses and their respective root causes while Reconciling the Loss data report against the incident report to ensure completeness and comprehensive loss reporting.
• Participate in the validation of reported operational incidences and exceptions, perform root cause analysis, and recommend opportunities for improvement of the process/system.

Control Testing/Assessment:

• Participate in developing Control testing checklists in Business units as per control Testing procedure.
• Actively participate in carrying out independent Control testing at Business units, to ensure that policies and procedures are effectively implemented, discuss the test results with the business teams, and follow up on closures of the action plans.
• Follow up with business units to update risk registers accordingly after control testing findings to reflect the unit's control environment.
• Through the process, identify control gaps, debrief the business units, and agree on action plans to close the gaps.
• Assisting in following up for closure/management of Key Risk matters arising from the Control Testing exercise across the Bank.

Training and Awareness:

• Assisting in the preparation of Operational Risk training modules for the bank employees.
• Raise awareness and provide training for bank employees on Operational risk policies and procedures.
• Raise awareness by championing the same through newsletters, and direct email communication to the business risk champions.

Audit:

• Participate in the review of all Internal reports to extract relevant risk & control information for use in reporting and remediation.
• Follow up with units on the resolution of all associated Internal Audit recommendations post-audit issues.

New Product Development and Project Assessment:

• Assist and provide guidance role on Operational Risk matters in products, projects, or new developments.
• Participate in carrying out Risk assessments for project change initiatives and process reviews.

Academic Qualifications:

• Bachelor’s degree in a Business-related field from a recognized institution.
• Professional Qualifications / Membership to professional bodies/ Publication:
• CPA (K), CIA, CSIA, FRM, GARP, PRMIA, or CFA certification.

Work Experience Required:

• At least a year (1) of relevant experience in a similar sized organization.

Competencies:

• Planning & Organizational skills.
• Analytical skills and attention to detail.
• Strong oral and written communication skills.
• Interpersonal skills to manage stakeholders at all levels.
• Ethics and integrity.
• Excellent judgment and analytical abilities and impeccable integrity.
• Strong commercial awareness and an ability to connect to business goals.

go to method of application »

Job Purpose:

• The role holder is responsible for delivering the annual Information Systems (IS) audit plan, with a focus on integrity, confidentiality, and availability of information. This includes evaluating the effectiveness of security controls and ensuring compliance with both internal policies and external regulatory requirements.
• The role also ensures adequate assurance coverage of IS-related risks across the bank’s entire technology infrastructure, in alignment with Governance, Risk, and Compliance (GRC) frameworks. The role holder also advises the Deputy General Manager, Internal Audit, on audit coverage, emerging risk trends, and the maturity of control environments.

Key Responsibilities:

• Provide input to the Deputy General Manager, Internal Audit, in preparing the annual audit plan for approval by the BAC. This is through review of prior audit reports, incidents within the consulting areas, financial performance, risk areas in projects, products, strategy, and areas specially requested by process owners.
• Review work done by the team in planning, such as document review, prior reports, data analysis, walkthroughs, risk assessments, and all related planning items. 
• Review the audit planning memo for target assignments to determine that all relevant planning bases have been covered as per the audit planning manual. 
• Prepare an audit planning memorandum and obtain agreement from the Deputy General Manager, Internal Audit, on the audit objectives, audit methodology, and scope of work, and key risk areas for review on each assignment.
• Evaluate audit tests prepared and ensure they address identified risks and will achieve the desired audit objectives. Continuously monitor the tests for efficiency and effectiveness.
• Perform quality assurance to ensure that all evidence and working papers meet the standards required to support audit findings, root causes, risks, recommendations, and conclusions.
• Monitor the audit progress and timescale per the planning memo. Assess with the team, areas of improvement on the effectiveness and efficiency of the audit procedures. 
• Lead / Conduct special audits, including reviews of functions undergoing significant change, and draft suitable audit reports. 
• Ensure that key weaknesses and existing or potential risks are highlighted and well-presented before final report approval and issuance.
• Engage audit clients to establish correct root causes and establish relevant management actions. 
• Present IS audit findings and assurance reports to relevant stakeholders, coordinate post-audit surveys, and support special audits involving information systems.
• Lead the follow-up on post-exit clarifications and status of management actions.
• Assess training needs in consultation with the team and with agreement with the Deputy General Manager, Internal Audit, assign appropriate learning programs.
• Serve as an ongoing subject matter expert on information security controls and technologies.

Academic Qualifications:

• Bachelor's in information systems / computer science / IT / Business-related field, or equivalent.
• Master’s (MBA, MSc Information Systems/ Information Security / IT/ IT-related field (added advantage).

Professional Qualifications / Membership to professional bodies/ Publication: 
Professional Qualifications:

• Certified Information Systems Auditor (CISA) – required.
• One (1) of: CISM/ CRISC/ CGEIT /CIA /ISO/IEC 27001 Lead Auditor or Lead Implementer/ CISSP.
• CIAQA / CCNA/ CPA /CEH / CHFI (added advantage).

Membership Affiliations:

• Information Systems Audit and Control Association (ISACA).
• Institute of Internal Auditors (IIA).

Work Experience Required:

• Over Seven (7) years’ relevant experience with over a year in a management role in a similar-sized organization.

Competencies:

• Planning & Organizational skills.
• Analytical skills and attention to detail.
• Strong oral and written communication skills.
• Interpersonal skills to manage stakeholders at all levels. 
• Ethics and integrity.
• Excellent judgment and analytical abilities, and impeccable integrity.
• Strong commercial awareness and an ability to connect to business goals.
• Banking Knowledge.
• Strong understanding of enterprise, technology, and operational risk management.