Business Risk and Controls Manager Technology: (IT Engineering, InfoSec, Data Analytics, Product House, Fit for Purpose & FinServe) at Equity Bank Kenya

Job Purpose:

Our purpose is transforming lives, giving dignity, and expanding opportunities for wealth creation. 

The Group Business and Functions Risk and Controls Management Specialist is responsible for developing and implementing a risk management strategy that aligns with business objectives. This role is pivotal in safeguarding the organization against potential threats and uncertainties, promoting a proactive approach to risk management, and ensuring business resilience.

Job responsibilities:

• Develop and implement a comprehensive First Line risk management strategy aligned with strategic objectives.
• Create a process universe for the business functions and units maintain an up-to-date universe
• Identify and assess risks across various business functions and maintain an up-to-date risk register.
• Create a risk universe for the business functions and units and maintain an up-to-date control library, Key Risk Indicators (KRIs), Key Control Indicators (KCIs)
• Liaison with department heads to integrate risk management into business and functions processes and decision-making.
• Establish and maintain risk management policies, procedures, and frameworks within the business function.
• Conduct regular risk assessments to identify emerging risks and update risk profiles accordingly.
• Monitor and evaluate Inherent risks against controls, key risk indicators (KRIs) and liaise with business functions to remediate potential issues.
• Ensure compliance with regulatory requirements and industry standards related to risk management.
• Implement internal and external audit recommendations.
• Implement risk management findings and recommendations in liaison with senior management and relevant stakeholders.
• Serve as the secretary to Business Risk Forums/ DNFRC
• Serve as a member of GNFRC, GFCRC and business & functions management committees
• Train and guide employees at all levels on risk awareness and mitigation strategies within the business functions.
• Design and implement Quality Assurance programs
• Lead the development and maintenance of business continuity and crisis management plans.
• Keep abreast about changes in the business environment, regulations, and industry trends that may impact risk exposure.
• Manage a team of risk management professionals, providing leadership, direction, and support.
• Develop an Operational resilience strategy

Qualifications and Experience

Education Qualifications:

• Bachelor’s degree in information technology, Computer Science, Cybersecurity, Data Science, or a related field. Relevant certifications (e.g., Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC)) is a plus.

Knowledge and Experience Required:

• At least 3 years of experience in technology risk management, IT governance, cybersecurity, or a related domain, within a large organization or financial institution.
• Proven experience in developing and implementing technology-driven risk management strategies and frameworks.
• Strong analytical skills with the ability to identify and assess technology risks.
• Proactive problem-solving abilities to develop effective mitigation strategies within complex IT environments.
• Experience in developing and implementing technology-driven business continuity and operational resilience strategies, ensuring IT systems are prepared for potential disruptions.
• Proven leadership and people management skills.
• Excellent verbal and written communication skills