Risk Analyst

ABOUT THE COMPANY

Britam is a leading diversified financial services group, listed on the Nairobi Securities Exchange. The group has interests across the Eastern and Southern Africa region, with operations in Kenya, Uganda, Tanzania, Rwanda, South Sudan, Mozambique and Malawi. The group offers a wide range of financial products and services in Insurance, Asset management, Banking and Property.

JOB SUMMARY

Knowledge, experience and qualifications required:Bachelor’s Degree in Finance, Business Administration or a related field is required.Professional certifications in Risk Management.At least 3 years’ experience in enterprise, operational, or technology risk within a high‑performing insurance or financial services environment.Working knowledge of ICT controls, Cyber Risk concepts & Business Continuity / Disaster Recovery is an added advantage.

RESPONSIBILITIES

Risk Identification and AssessmentConduct comprehensive risk assessments (RCSA) for Shared Services processes, including HR, Finance, Procurement, IT, Legal, ESG, and Administration. Identify emerging risks, update risk registers in line with the Group taxonomy, and evaluate the design and effectiveness of controls to ensure compliance with regulatory and operational standards; and to drive consistency in risk assessment methodologies across the Group.Risk Monitoring and ReportingMonitor Key Risk Indicators (KRIs) for Shared Services and escalate breaches promptly. Prepare monthly and quarterly risk reports for Management and Board Committees, ensuring accurate and timely data capture in the GRC system and maintaining dashboards that provide clear visibility of risk trends.Consolidate risk insights across the Group for strategic decision-making.Incident ManagementCapture operational loss events and near misses in the GRC system, investigate incidents to determine root causes, and track corrective actions to closure. Prepare incident trend analyses and reports for Management Risk Committees and Board Risk Committees to provide a comprehensive view of risk exposure.Business Continuity ManagementChampion the Group’s BCM and Disaster Recovery (DR) program as a center of excellence. Coordinate the development and maintenance of Business Continuity Plans (BCP) and Disaster Recovery (DR) strategies across the Group, ensuring alignment with regulatory requirements and industry best practices.Organize and document BCM and DR tests, track remediation of gaps identified during testing, and ensure compliance with recovery time objectives (RTO) and recovery point objectives (RPO); whilst ensuring technology dependencies are well-mapped in BCPs for all Shared Services.Provide training and awareness sessions to embed a resilience culture across the Group.Policy and Procedure GovernanceAdminister Policy Hub for Shared Services policies, ensure timely reviews, retire outdated documents, and support policy risk reviews and compliance checks.Drive consistency in policy governance across all entities to maintain Group-wide standards.Third-Party Risk ManagementEstablish and lead the Group-wide Third-Party Risk Management framework as a center of excellence.Develop policies, standards, and tools for vendor risk assessment, onboarding, and ongoing monitoring. Coordinate risk reviews for critical suppliers across all business units, ensuring compliance with contractual and regulatory requirements. Track remediation of identified vendor risks and maintain accurate records to ensure compliance with Group standards.Provide training and guidance to business units on third-party risk practices and report consolidated vendor risk metrics to Management and Board Committees.Technology Risk ManagementSupport assessment of technology risks across Shared Services, including system availability, data integrity, access management, and IT change processes.Monitor key technology risk indicators, track and report breaches, and follow up remediation actions.Log and investigate technology-related incidents and outages, conduct root cause analysis, and track corrective actions to closure.Conduct third-party technology risk reviews for critical ICT vendors and track closure of identified risks.Promote technology risk awareness and good cyber hygiene practices across Shared Services.Risk Culture and AwarenessDrive risk awareness within Shared Services by conducting training sessions, supporting risk culture initiatives, and promoting adherence to ERM processes and controls.General SupportProvide data and documentation for internal audits, regulatory inspections, and external reviews. Act as a functional administrator for ERM systems related to Shared Services and perform any other duties as assigned to support ERM objectives and Group Risk strategy. 

REQUIRED SKILLS

Risk management, Reporting, Risk analysis, Fraud risk assessment and management

REQUIRED EDUCATION

Bachelor's degree