Job Purpose Statement

To lead the execution of non-financial risk (NFR) monitoring, control assurance, and intelligence reporting for LOOP DFS across six African markets, covering 9 functions and 35 subunits in Kenya alone. This role owns the post-deployment 2LOD risk oversight process for all digital B2B, B2C- consumer, merchant and ecosystem CVPs, ensuring that controls remain effective, risk exposure is proactively monitored, and governance reporting is timely and action oriented.

The Manager is accountable for facilitating RCSA cycles, conducting control effectiveness reviews, coordinating policy and process deep-dives, and embedding quality assurance and risk performance scoring across business functions and markets. Using BI/AI-enabled platforms, the role maintains and evolves KRIs, KCIs, loss incident classification logic, and risk intelligence dashboards to track emerging and residual risks in real time.

The scope includes subject matter expertise on ongoing assessment of ICT/cybersecurity, third-party/vendor risk, compliance, operational risk, conduct, product risk, people/process risks, ESG, and delivery assurance. The role also guides quarterly thematic reviews, leads incident root cause analyses, and shapes the combined assurance reporting process for Executive, NFRMC, Stratco, and Board-level forums at both Digital Business and NCBA Group levels. The incumbent ensures that NFRs are identified, quantified, controlled, and governed through embedded engagement with 1LOD Value Streams, digital platforms, and support functions.

The Manager also supports the design and execution of fintech’s combined assurance model for NFRs, leads quarterly deep dives on high-risk processes, and guides the development of KRIs/KCIs, control testing, risk loss incident analysis, and NFR scenario stress testing. The role will shape NFR advisory in agile delivery, contribute to operational resilience, and lead enterprise-wide awareness and capability uplift across all markets.

Job Specifications

Academic Qualifications

• Bachelor’s degree in risk management, Business Administration, Information Systems, Finance, Audit, Actuarial Science or a related field
• A master’s degree in risk, Compliance, Governance, Information Security, or a related discipline is an added advantage

Professional Certifications (Preferred/Desirable)

• Operational Risk: IRM (Institute of Risk Management), ORM, or equivalent
• Control & Assurance: Certified Internal Auditor (CIA), CISA, CRMA
• IT/Cyber Risk: ISO 27001, CRISC, CISSP (for platform control testing and resilience)
• Fraud/AML: CAMS, CFE (Certified Fraud Examiner), CFCS
• Agile/Lean methodologies and BI/AI analytics proficiency are highly desirable

 Experience

• Minimum 5-8 years in Non-Financial Risk Management, Operational Risk, Internal Audit, or Control Assurance functions
• Strong experience in leading RCSA programs, control testing, remediation tracking, and issue closure governance