Assistant - Risk Management

Job Purpose:

The job holder is responsible for supporting the implementation and continuous enhancement of the Enterprise Risk Management Framework in line with CBB regulations and industry standards. Ensure effective independent identification, assessment, monitoring, control, and reporting of operational risks. Key duties include coordinating RCSA exercises, developing and tracking KRIs, managing incidents and loss events, maintaining policies, supporting business continuity, overseeing outsourcing risk, and promoting a strong risk culture.

Key Accountabilities:

• Contribute to the design, implementation, and enhancement of the ORM and business continuity frameworks, systems, and controls.
• Support updates to risk policies, procedures, and taxonomies to align with best practices.
• Support identifying, assessing, monitoring, and managing operational risks, including emerging, reputational, political, outsourcing, and systems risks.
• Promote risk culture through awareness initiatives and training.
• Support the design, testing, implementation, and maintenance of the GRC system.
• Plan and execute RCSAs with Risk Owners, including assessing inherent risk, control effectiveness, and residual risk with action plans.
• Maintain risk registers and track remediation plans with Risk Owners.
• Summarize and Prepare Top Risks Reports.
• Develop and maintain KRIs with thresholds aligned to risk appetite; monitor performance against early‑warning indicators.
• Prepare KRI dashboards/reports highlighting trends, breaches, and escalation items.
• Coordinate incident/loss management, including root‑cause analysis, impact assessment, recoveries, action plans, and lessons learned.
• Analyze incidents and trends to identify recurring weaknesses and control improvement opportunities.
• Prepare incident and loss reports/dashboards for management.
• Support and strengthen the Business Continuity Management Framework.
• Support the development, maintenance, and testing of BCP plans and BCM components.
• Conduct Business Impact Assessments (BIA) and recommend recovery objectives.
• Collaborate on crisis communication and IT disaster recovery planning.
• Support the review, implementation, and monitoring of Company Policies, Processes, and Procedures (PPPs).
• Ensure PPPs are properly developed, approved, communicated, maintained, and updated per regulatory and internal requirements.
• Support risk assessments, due diligence and controls for third‑party and intra‑group arrangements ensuring compliance with regulatory outsourcing requirements.
• Monitor regulatory cybersecurity risk compliance in coordination with IT and CISO.
• Prepare operational risk reports (RCSA, KRIs, incidents, losses, emerging risks, etc.) and support other ERM/ORSA reporting and related analysis.
• Contribute to departmental projects.
• Assist with audits and regulatory/rating‑agency requests.

Qualifications:

• Bachelor’s degree with a focus in Risk Management, Finance, Accounting, or a related field.
• Passing introductory coursers toward professional certifications such as IRM, PRM, ARM, or equivalent.

Experience:

3 years of experience in operational risk, internal control, internal audit, or related risk functions in the financial services sector.

Job-Specific/ Technical Skills:

• Analytical and problem‑solving skills
• Familiarity with RCSA, KRI development, incident management, and incident/loss management tools.
• Understanding of outsourcing risk, business continuity practices, and policy and procedure governance.
• Knowledge of Excel, MS office, spreadsheets and databases.
• Familiarity with GRC platforms is a plus.