The Risk Analyst is responsible for assisting the Risk Manager in identifying, assessing, mitigating and reporting risks and control gaps. The scope of work also includes enhancing the risk management culture through awareness training, supporting business continuity tests and third party risk assessments. The Risk Analyst reports to the Risk Manager within the Risk & Compliance Department and works closely with respective functional heads and risk champions to implement risk management tools and close agreed action plans.
Key Responsibilities
Risk Identification and Assessment
Conduct comprehensive risk assessments (RCSA) for Shared Services processes, including HR, Finance, Procurement, IT, Legal, ESG, and Administration.
Identify emerging risks, update risk registers in line with the Group taxonomy, and evaluate the design and effectiveness of controls to ensure compliance with regulatory and operational standards; and to drive consistency in risk assessment methodologies across the Group.
Risk Monitoring and Reporting
Monitor Key Risk Indicators (KRIs) for Shared Services and escalate breaches promptly.
Prepare monthly and quarterly risk reports for Management and Board Committees, ensuring accurate and timely data capture in the GRC system and maintaining dashboards that provide clear visibility of risk trends.
Consolidate risk insights across the Group for strategic decision-making.
Incident Management
Capture operational loss events and near misses in the GRC system, investigate incidents to determine root causes, and track corrective actions to closure.
Prepare incident trend analyses and reports for Management Risk Committees and Board Risk Committees to provide a comprehensive view of risk exposure.
Business Continuity Management
Champion the Group’s BCM and Disaster Recovery (DR) program as a center of excellence.
Coordinate the development and maintenance of Business Continuity Plans (BCP) and Disaster Recovery (DR) strategies across the Group, ensuring alignment with regulatory requirements and industry best practices.
Organize and document BCM and DR tests, track remediation of gaps identified during testing, and ensure compliance with recovery time objectives (RTO) and recovery point objectives (RPO); whilst ensuring technology dependencies are well-mapped in BCPs for all Shared Services.
Provide training and awareness sessions to embed a resilience culture across the Group.
Policy and Procedure Governance
Administer Policy Hub for Shared Services policies, ensure timely reviews, retire outdated documents, and support policy risk reviews and compliance checks.
Drive consistency in policy governance across all entities to maintain Group-wide standards.
Third-Party Risk Management
Establish and lead the Group-wide Third-Party Risk Management framework as a center of excellence.
Develop policies, standards, and tools for vendor risk assessment, onboarding, and ongoing monitoring.
Coordinate risk reviews for critical suppliers across all business units, ensuring compliance with contractual and regulatory requirements.
Track remediation of identified vendor risks and maintain accurate records to ensure compliance with Group standards.
Provide training and guidance to business units on third-party risk practices and report consolidated vendor risk metrics to Management and Board Committees.
Technology Risk Management
Support assessment of technology risks across Shared Services, including system availability, data integrity, access management, and IT change processes.
Monitor key technology risk indicators, track and report breaches, and follow up remediation actions.
Log and investigate technology-related incidents and outages, conduct root cause analysis, and track corrective actions to closure.
Conduct third-party technology risk reviews for critical ICT vendors and track closure of identified risks.
Promote technology risk awareness and good cyber hygiene practices across Shared Services.
Risk Culture and Awareness
Drive risk awareness within Shared Services by conducting training sessions, supporting risk culture initiatives, and promoting adherence to ERM processes and controls.
General Support
Provide data and documentation for internal audits, regulatory inspections, and external reviews.
Act as a functional administrator for ERM systems related to Shared Services and perform any other duties as assigned to support ERM objectives and Group Risk strategy.
Knowledge, Experience and Qualifications
Bachelor’s Degree in Finance, Business Administration or a related field is required.
Professional certifications in Risk Management.
At least 3 years’ experience in enterprise, operational, or technology risk within a high‑performing insurance or financial services environment.
Working knowledge of ICT controls, Cyber Risk concepts & Business Continuity / Disaster Recovery is an added advantage.
How to Apply
Interested and qualified candidates should apply online via the Britam Taleo recruitment portal. You can find the application link here: https://www.myjobmag.co.ke/apply-now/1160894 which will redirect you to the official Britam career page (britam.taleo.net).
.jpg){kind=logo}
