Job Description
To act as the senior Non-Financial Risk (NFR) leader within the second line of defense, providing strategic leadership and independent oversight for the development, localization, implementation, and continuous enhancement of NFR frameworks across the country. The role ensures alignment with Group Risk standards, internationally recognized risk management frameworks (including COSO and ISO 31000), and the Central Bank of Kenya (CBK) Prudential Risk Management Guidelines.
The role drives the embedding of a strong risk culture and control environment across the organization, enabling the business to operate within approved risk appetite through proactive identification, assessment, monitoring, and mitigation of non-financial risks. It also provides independent challenge and oversight across a broad range of risk areas, including operational, technology, conduct, third-party, financial crime, and compliance risks.
Qualifications
Type of Qualification:
First Degree
Field of Study:
Risk Management, Finance, Accounting, Economics, or related disciplines
Professional / Technical Certifications: (Strongly Preferred); FRM / PRM / CFA (Risk specialization); CPA / ACCA; CISA / CRISC / CIA
Experience Required
8-10 years
Minimum 8-10 years risk management experience (2nd 3rd line)
Demonstrated ownership of end-to-end NFR lifecycle: Risk identification, assessment, monitoring, reporting, and response
Hands-on experience implementing and embedding enterprise risk frameworks, including: COSO ERM / ISO 31000 (or equivalent)
Proven experience covering multiple risk types
Demonstrated experience in: Preparing and presenting risk reports to senior governance forums (EXCO / RCC / BRC); Escalating material risks and influencing decision-making
Ability to provide independent challenges to senior stakeholders while maintaining credibility
Proven ability to: Conduct risk assurance reviews / control effectiveness assessments; Drive remediation actions and close control gaps
Experience with combined assurance or coordination across assurance providers (Risk, Compliance, Internal Audit) preferred
Practical experience in: End-to-end incident management (identification → escalation → RCA → remediation)
Evidence of identifying systemic issues and driving sustainable fixes, not just reporting incidents
Strong track record of: Influencing Business Heads / Senior Management; Acting as a trusted advisor while maintaining second line independence
Ability to balance challenge vs. partnership, particularly in complex stakeholder environments
Additional Information
Behavioural Competencies:
Challenging Ideas
Convincing People
Developing Expertise
Developing Strategies
Embracing Change
Making Decisions
Providing Insights
Upholding Standards
Technical Competencies:
Advanced knowledge of:
Risk identification, assessment, measurement and reporting
Risk response strategies and control effectiveness evaluation
Strong understanding of:
Non-Financial Risk (NFR) frameworks, policies, and risk appetite implementation
Combined Assurance and governance integration
Data, risk reporting, and analytics for decision-making
Practical experience in:
Incident management and root cause analysis
Risk scenario analysis and stress testing
Third Party Risk Management and due diligence oversight
Familiarity with risk tools/systems