Group Business and Functions Risk and Controls Management Specialists -Technology: (IT Engineering, InfoSec, Data Analytics, EPMO, Fit for Purpose) at Equity Bank Kenya

The Group Business and Functions Risk and Controls Management Specialist is responsible for developing and implementing a risk management strategy that aligns with business objectives. This role is pivotal in safeguarding the organization against potential threats and uncertainties, promoting a proactive approach to risk management, and ensuring business resilience.

Job Responsibilities/ Accountabilities/ Operational Efficiency:

• Develop and implement a comprehensive First Line risk management strategy aligned with strategic objectives.
• Create a process universe for the business functions and units maintain an up-to-date univers    Identify and assess risks across various business functions and maintain an up-to-date risk register. 
• Create a risk universe for the business functions and units and maintain an up-to-date control library, Key Risk Indicators (KRIs), Key Control Indicators (KCIs)
• Liaison with department heads to integrate risk management into business and functions processes and decision-making.
• Establish and maintain risk management policies, procedures, and frameworks within the business function.
• Conduct regular risk assessments to identify emerging risks and update risk profiles accordingly.
• Monitor and evaluate Inherent risks against controls, key risk indicators (KRIs) and liaise with business functions to remediate potential issues.
• Ensure compliance with regulatory requirements and industry standards related to risk management.
• Implement internal and external audit recommendations.
• Implement risk management findings and recommendations in liaison with senior management and relevant stakeholders.
• Serve as the secretary to Business Risk Forums/ DNFRC
• Serve as a member of GNFRC, GFCRC and business & functions management committees
• Train and guide employees at all levels on risk awareness and mitigation strategies within the business functions.
• Design and implement Quality Assurance programs
• Lead the development and maintenance of business continuity and crisis management plans.
• Keep abreast about changes in the business environment, regulations, and industry trends that may impact risk exposure.
• Manage a team of risk management professionals, providing leadership, direction, and support.
• Develop an Operational resilience strategy 

Required Skills and Qualifications

• Bachelor’s degree in information technology, Computer Science, Cybersecurity, Data Science, or a related field. Relevant certifications (e.g., Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP)) is a plus.
• At least 5 years of experience with at least 3 years in technology risk management, IT governance, cybersecurity, Systems audit, IT Compliance assessments, Data Governance or a related domain, within a large organization or financial institution.
• Proven experience in developing and implementing technology-driven risk management strategies and frameworks.
• Strong understanding of cybersecurity frameworks and standards including NIST, ISO/IEC 27001 and/or IT Governance standards including COBIT 2019, ITIL.
• Strong analytical skills with the ability to identify and assess technology risks.
• Proactive problem-solving abilities to develop effective mitigation strategies within complex IT environments.
• Experience in developing and implementing technology-driven business continuity and operational resilience strategies, ensuring IT systems are prepared for potential disruptions.
• Proven leadership and people management skills.
• Excellent verbal and written communication skills