Key Purpose
- To perform risk management activities by observing, recording and communicating operational and business risk in accordance to Group Risk Management methodology and strategy.
- Mitigate these risks by gathering data and assembling risk-assessment models and methodologies. Maintain input and data quality for risk assessment systems, and produce reports and management information that demonstrate the risks they have identified, as well as potential mitigation strategies.
- Development of the risk management plans and update of policies, frameworks, standards, processes and guidelines and risk incident guidelines
- Rollout and implementation of policies, frameworks, standards, processes and guidelines to business and IT
- Review and provide input on policies, frameworks, standards, processes and guidelines
- Plan and facilitate the risk and process control self-assessments. Ensure understanding of issues that may impact risks and controls
- Ensure that the mitigation action plans are appropriate for the risks
- Interact with business to identify practical solutions to address control weaknesses and process deficiencies
- Create and maintain an accepted risk register
- Ensure that accepted risks are reviewed, signed off and escalated / reported as required
- Conduct risk deep dives on risk topics / issues that require additional insight including analysis of information
- Development and implementation of the key risk indicators and rollout of key risk indicator guideline
- Facilitate risk assessment for overdue actions to Internal Audit findings
- Assist with business policy assessments as required
- Rollout of risk incident guideline and Identify and report risk incidents per the risk incident template to Group Risk Management
- Develop and review a KRI Dashboard and obtain data, update the KRI dashboard and report results to Risk Officer
- Manage and maintain operations and technology risk registers and Incident logs and ensure that action plans are developed for the indicators that have breached the amber and red thresholds as well as ensure that they are completed within the agreed target dates
- Perform attestations for Audits where all actions have been reported as complete
- Monthly and Bi-Monthly Reporting.
Education:
- Bcom degree or equivalent (essential)
- Relevant risk or internal audit qualification (advantageous)
- VitalityLife/Health experience (essential)
- Business and technology risk (essential)
- Relevant Legislative experience (essential)
- Relevant UK legislative experience (advantageous)
- Insurance and financial services industry (essential).
- Risk management process, programme and policy implementation (advanced)
- Working knowledge of business and technology risk (advanced)
- MS Office (advanced).
- Communication skills, verbal and written(advanced).