Risk Management & Control Officer at Interswitch

Job Purpose:

 Brief

We are looking for a qualified Risk Management and Control officer expected to be a strategic business partner responsible for the technical and operational control and compliance of the company. The officer is also responsible to ensure minimal losses across every area of the organisation as well as ensuring legal and regulatory compliance across the business.

Job Responsibilities

Sales Activities

• Supports in the implementation of an overall Risk Management, Internal Control process & programs;
• Supports Head, Legal & Compliance to conduct Enterprise Risk Assessment on Business Groups and as required to support the requirements of Regulators or adopted certification Standards;
• Works with Business Group to ensure the development of Risk Register, RCSA and continuous update of the Risk Register as the business environment changes;
• In Collaboration with Business Groups, design and develop controls to mitigate identified risks;
• Ensures Risk Assessment of newly developed business processes are conducted before they are signed-off by their Owners. Update the Risk Register with the new details of the risk assessment;
• Develops Key Risk Indicators (KRI) for proactive monitoring of risks across Business Groups;
• Develops and ensures the implementation of Risk Management Policies and Processes
• Conducts Vendors and other Third-Parties Risk Assessment to support business and partners’ requirements;
• Conducts Product-Level Risk Assessment on existing and new Products and Services; ensures concerns raised are owned and addressed before Go-Live;
• Develops risk awareness presentation and conducts same across Business Groups to promote and raise risk management culture and awareness in the organization;
• Monitors and Reports losses, Claims and Refunds;
• Engages concerned Business Group to perform root cause analyses on identified risk events to recommend improvements to prevent these risk events from re-occurring in future. When necessary, refer to Internal Audit for investigation;
• Supports Business Groups to review Systems and Processes for adequacy of controls as documented in policies and processes and in line with best practice;
• Develops appropriate controls to close gaps identified during Internal, Surveillance, or External Audits; Ensure Business Groups review concerned processes or policies to address issues raised;
• Supports in the development of an Internal Control Plan and procedures for the review of controls such as Cybersecurity, Business Continuity, Networks, Application Development, Electronic/Transaction Systems, Information and Environmental Security, Human Resources, Finance, etc.;
• Possesses technical competences to conduct control assessments/reviews as planned in the Internal Control Plan and in fulfillment of the requirements of adopted standards such as PCI DSS, ISO 9001, ISO 27001, ISO 20000, ISO 22301, etc.;
• Evaluates integration and change requests and grants approval if requests meets requirements before implementation in the live environment;
• Conducts Business Impact Analysis and ensures the Business Continuity Plans across the Business Groups are reviewed and updated in line with current business environment;
• Ensures continuous monitoring of security pledges and timely reporting on the Company’s exposures;
• Develops monthly Risk and Control reports for Departmental review;
• Assists the Head, Legal & Compliance in preparing reports to Senior Management Committee and the Board Audit and Risk Committee.
• Offers expert opinion in an advisory capacity to Business Groups.

Risk Reporting

• Accurate and timely rendition of risk reports to Head, Legal & Compliance

Key Risk Indicators

• Root causes assessment and reporting of operational loss events
• Settlement Banks exposure based on pledged securities

Risk Assessment

• Risk assessment and review of Risk Registers
• Risk assessment conducted on Existing and new Products & services before Go-live

Control Review/Assessment

• Development of Internal Control Plan and procedures
• Controls reviews in line with Internal Control Plan, Adopted Standard requirements, or regulation
• Documentation of loss events – refunds and claims
• Integration and Change Request exceptions/Authorization

Business Continuity

• Business Impact Analysis and Business Continuity test coordinated with Business Owners
• Risk and business continuity awareness across the Business

Academic Qualification(s)

Minimum of Bachelor’s Degree in a related discipline.

Professional Qualification

CRISC - ISO27001

CIA - ISO31000

PCI DSS -  ISo223001

Experience

Minimum of 3 years of relevant experience in Risk Management and Internal/Business Control. Knowledge of Payment Industry and System is an added advantage.