Manager, Non-Financial Risk
Kilimani division, Nairobi County, Kenya · Full Time
Be the first to apply
- Experience
- 8–10 yrs
- Salary
- —
- Openings
- 1
- Posted
- 4 hours ago
- Work mode
- In office
- Education
- First Degree
- Eligibility
- Professionals with a first degree in a relevant field and substantial non-financial risk experience, particularly those from second- or third-line risk roles, are suitable for this position.
- Resume
- Required to apply
Where you'll work
Job description
Role overview
This position serves as the lead non-financial risk authority for the country within the second line of defense. It is responsible for guiding the design, localization, rollout, and ongoing refinement of the non-financial risk framework, while keeping it aligned with Group Risk requirements, globally recognized practices such as COSO and ISO 31000, and the Central Bank of Kenya prudential risk guidance.
The role is also accountable for strengthening a healthy risk culture and control environment across the organization so that business activity stays within approved risk appetite. It requires proactive identification, evaluation, tracking, and mitigation of non-financial risks, along with independent review and challenge across operational, technology, conduct, third-party, financial crime, and compliance risk domains.
Qualifications
A first degree is required, ideally in Risk Management, Finance, Accounting, Economics, or a related field. Professional certifications are strongly preferred, including FRM, PRM, CFA with a risk focus, CPA, ACCA, CISA, CRISC, or CIA.
Experience
Candidates should bring 8 to 10 years of risk management experience, preferably across the second and third lines of defense. The role calls for proven ownership of the full non-financial risk lifecycle, from identification and assessment through monitoring, reporting, and response.
Core expectations
The ideal candidate will have practical experience implementing enterprise risk frameworks such as COSO ERM or ISO 31000, exposure to multiple risk categories, and the ability to prepare and present risk insights to senior governance forums including EXCO, RCC, and BRC. The role also requires confidence in escalating material issues, influencing decisions, and providing credible independent challenge to senior leaders.
Additional experience should include risk assurance reviews, control effectiveness assessments, remediation tracking, and closure of control gaps. Exposure to combined assurance or coordination with Compliance and Internal Audit is preferred. Hands-on involvement in end-to-end incident handling, including detection, escalation, root cause analysis, and remediation, is also important. The role calls for the ability to spot systemic weaknesses and deliver lasting fixes rather than only documenting incidents.
Strong stakeholder management is essential, especially influencing business heads and senior management while preserving second-line independence. The individual should be able to balance constructive challenge with partnership in complex environments.
Behavioural competencies
The role values professionals who are comfortable questioning ideas, persuading stakeholders, deepening expertise, adapting to change, making sound decisions, sharing insights, developing strategies, and upholding standards.
Technical competencies
Strong capability is needed in risk identification, assessment, measurement, and reporting; control testing and response design; NFR frameworks, policy implementation, and risk appetite embedding; governance and combined assurance; data analysis and risk reporting; incident management and root cause analysis; scenario analysis and stress testing; third-party risk management; and the use of risk tools and systems.
Additional information
This role sits within a governance-focused risk function and requires a balance of independent oversight, practical problem-solving, and strong influence across senior stakeholders and assurance partners.