Risk Officer

Job Purpose

The Risk Officer is responsible for establishing, implementing, and maintaining an effective enterprise risk management (ERM) framework across Sadad in accordance with QCB Corporate Governance Guidelines, regulatory expectations, and international risk management standards.

The role ensures that all material risks — including operational, credit, liquidity, fraud, cyber, compliance, and third-party risks — are properly identified, assessed, mitigated, monitored, and reported. The Risk Officer supports the Board, senior management, and risk committees in maintaining a strong risk culture, effective internal controls, and regulatory compliance.

Key Responsibilities

1. Enterprise Risk Management Framework

• Develop and maintain Sadad’s Enterprise Risk Management (ERM) framework, policies, and procedures.
• Ensure alignment with QCB governance expectations, regulatory circulars, and fintech supervisory requirements.
• Define risk taxonomy covering:
• Operational risk
• Technology & cyber risk
• Fraud risk
• Liquidity risk
• Settlement risk
• Compliance risk
• Third-party/vendor risk
• Establish risk appetite statements and risk tolerance limits in coordination with senior management.

2. Risk Identification & Assessment

• Conduct periodic risk assessments and risk control self-assessments (RCSA) across all departments.
• Maintain and update the enterprise Risk Register.
• Identify emerging risks associated with:
• New products and services
• Payment gateway operations
• Merchant onboarding
• Technology infrastructure
• Regulatory changes
• Evaluate risk impact and likelihood using structured risk scoring methodologies.

3. Operational & Payment Risk Oversight

• Monitor risks related to:
• Transaction processing failures
• Fraudulent transactions
• Chargebacks and disputes
• Settlement and reconciliation mismatches
• Review incident reports and ensure proper root cause analysis and corrective actions.
• Ensure risk controls are embedded within operational workflows.

4. Technology & Cyber Risk Oversight

• Coordinate with IT and Security teams to assess:
• System vulnerabilities
• Access control effectiveness
• Data protection measures
• Business continuity and disaster recovery readiness
• Review penetration testing results, vulnerability scans, and remediation tracking.
• Ensure technology risk management aligns with QCB expectations.

5. Third-Party & Vendor Risk Management

• Conduct due diligence and risk assessments for vendors and service providers.
• Monitor service level agreements (SLAs) and operational dependencies.
• Ensure outsourcing arrangements comply with regulatory requirements.
• Assess concentration risks and business continuity exposures.

6. Risk Monitoring & Reporting

• Develop and maintain Key Risk Indicators (KRIs) for all major risk categories.
• Prepare periodic risk reports for:
• Senior Management
• Risk Committee
• Board (as applicable)
• Escalate material risks, control weaknesses, and regulatory concerns promptly.
• Maintain dashboards highlighting risk exposure trends and mitigation status.

7. Incident Management & Root Cause Analysis

• Oversee documentation and classification of operational incidents.
• Lead or coordinate root cause analysis (RCA) for significant risk events.
• Ensure corrective and preventive actions (CAPA) are implemented and tracked.
• Report significant incidents to regulators when required.

8. Regulatory Compliance & Governance Support

• Support internal and external audits related to risk management.
• Assist in regulatory reporting and QCB submissions.
• Ensure policies and procedures reflect current regulatory requirements.
• Participate in governance committees and risk review meetings.

9. Risk Culture & Training

• Promote a strong risk-aware culture across the organization.
• Conduct training sessions on risk management practices and internal controls.
• Guide department heads on embedding risk controls into daily operations.

Governance & Independence

• Maintain independence from operational functions.
• Ensure objective reporting of risk exposures without conflict of interest.
• Uphold segregation of duties and confidentiality in all risk assessments.

Qualifications & Experience

Education

• Bachelor’s degree in Finance, Risk Management, Business Administration, Economics, or related field.
• Professional certifications preferred:
• FRM (Financial Risk Manager)
• CRM (Certified Risk Manager)
• CIA, CISA, or equivalent

Experience

• 5–8 years of experience in risk management within banking, fintech, or financial services.
• Experience working in a regulated environment with exposure to governance and compliance frameworks.
• Hands-on experience in operational risk and technology risk oversight is highly desirable.

Key Skills & Competencies

• Strong understanding of enterprise risk management principles.
• Knowledge of fintech payment operations and digital transaction risks.
• Ability to interpret regulatory guidelines and translate them into controls.
• Strong analytical and quantitative risk assessment skills.
• Excellent report writing and presentation skills.
• High integrity and strong ethical standards.
• Ability to influence senior stakeholders and challenge constructively.

Job Type: Full-time

Work Location: On the road