Background information about the job or company (e.g., role context, company overview)

Britam is a leading diversified financial services group, listed on the Nairobi Securities Exchange. The group has interests across the Eastern and Southern Africa region, with operations in Kenya, Uganda, Tanzania, Rwanda, South Sudan, Mozambique and Malawi. The group offers a wide range of financial products and services in Insurance, Asset management, Ban...

Responsibilities or duties

The Risk Analyst is responsible for assisting the Risk Manager in identifying, assessing, mitigating and reporting risks and control gaps. The scope of work also includes enhancing the risk management culture through awareness training, supporting business continuity tests and third party risk assessments.

The Risk Analyst reports to the Risk Manager within the Risk & Compliance Department and works closely with respective functional heads and risk champions to implement risk management tools and close agreed action plans.

Key responsibilities:

Risk Identification and Assessment

• Conduct comprehensive risk assessments (RCSA) for Shared Services processes, including HR, Finance, Procurement, IT, Legal, ESG, and Administration.
• Identify emerging risks, update risk registers in line with the Group taxonomy, and evaluate the design and effectiveness of controls to ensure compliance with regulatory and operational standards; and to drive consistency in risk assessment methodologies across the Group.

Risk Monitoring and Reporting

• Monitor Key Risk Indicators (KRIs) for Shared Services and escalate breaches promptly.
• Prepare monthly and quarterly risk reports for Management and Board Committees, ensuring accurate and timely data capture in the GRC system and maintaining dashboards that provide clear visibility of risk trends.
• Consolidate risk insights across the Group for strategic decision-making.

Incident Management

• Capture operational loss events and near misses in the GRC system, investigate incidents to determine root causes, and track corrective actions to closure.
• Prepare incident trend analyses and reports for Management Risk Committees and Board Risk Committees to provide a comprehensive view of risk exposure.

Business Continuity Management

• Champion the Group’s BCM and Disaster Recovery (DR) program as a center of excellence.
• Coordinate the development and maintenance of Business Continuity Plans (BCP) and Disaster Recovery (DR) strategies across the Group, ensuring alignment with regulatory requirements and industry best practices.
• Organize and document BCM and DR tests, track remediation of gaps identified during testing, and ensure compliance with recovery time objectives (RTO) and recovery point objectives (RPO); whilst ensuring technology dependencies are well-mapped in BCPs for all Shared Services.
• Provide training and awareness sessions to embed a resilience culture across the Group.

Policy and Procedure Governance

• Administer Policy Hub for Shared Services policies, ensure timely reviews, retire outdated documents, and support policy risk reviews and compliance checks.
• Drive consistency in policy governance across all entities to maintain Group-wide standards.

Third-Party Risk Management

• Establish and lead the Group-wide Third-Party Risk Management framework as a center of excellence.
• Develop policies, standards, and tools for vendor risk assessment, onboarding, and ongoing monitoring.
• Coordinate risk reviews for critical suppliers across all business units, ensuring compliance with contractual and regulatory requirements.
• Track remediation of identified vendor risks and maintain accurate records to ensure compliance with Group standards.
• Provide training and guidance to business units on third-party risk practices and report consolidated vendor risk metrics to Management and Board Committees.

Technology Risk Management

• Support assessment of technology risks across Shared Services, including system availability, data integrity, access management, and IT change processes.
• Monitor key technology risk indicators, track and report breaches, and follow up remediation actions.
• Log and investigate technology-related incidents and outages, conduct root cause analysis, and track corrective actions to closure.
• Conduct third-party technology risk reviews for critical ICT vendors and track closure of identified risks.
• Promote technology risk awareness and good cyber hygiene practices across Shared Services.

Risk Culture and Awareness

• Drive risk awareness within Shared Services by conducting training sessions, supporting risk culture initiatives, and promoting adherence to ERM processes and controls.

General Support

• Provide data and documentation for internal audits, regulatory inspections, and external reviews.
• Act as a functional administrator for ERM systems related to Shared Services and perform any other duties as assigned to support ERM objectives and Group Risk strategy.

Qualifications or requirements (e.g., education, skills)

Knowledge, experience and qualifications required:

• Bachelor’s Degree in Finance, Business Administration or a related field is required.
• Professional certifications in Risk Management.
• Working knowledge of ICT controls, Cyber Risk concepts & Business Continuity / Disaster Recovery is an added advantage.

Experience needed

At least 3 years’ experience in enterprise, operational, or technology risk within a high‑performing insurance or financial services environment.

• Conduct comprehensive risk assessments (RCSA) for Shared Services processes, including HR, Finance, Procurement, IT, Legal, ESG, and Administration.
• Identify emerging risks, update risk registers in line with the Group taxonomy, and evaluate the design and effectiveness of controls to ensure compliance with regulatory and operational standards; and to drive consistency in risk assessment methodologies across the Group.
• Monitor Key Risk Indicators (KRIs) for Shared Services and escalate breaches promptly.
• Prepare monthly and quarterly risk reports for Management and Board Committees, ensuring accurate and timely data capture in the GRC system and maintaining dashboards that provide clear visibility of risk trends.
• Consolidate risk insights across the Group for strategic decision-making.
• Capture operational loss events and near misses in the GRC system, investigate incidents to determine root causes, and track corrective actions to closure.
• Prepare incident trend analyses and reports for Management Risk Committees and Board Risk Committees to provide a comprehensive view of risk exposure.
• Champion the Group’s BCM and Disaster Recovery (DR) program as a center of excellence.
• Coordinate the development and maintenance of Business Continuity Plans (BCP) and Disaster Recovery (DR) strategies across the Group, ensuring alignment with regulatory requirements and industry best practices.
• Organize and document BCM and DR tests, track remediation of gaps identified during testing, and ensure compliance with recovery time objectives (RTO) and recovery point objectives (RPO); whilst ensuring technology dependencies are well-mapped in BCPs for all Shared Services.
• Provide training and awareness sessions to embed a resilience culture across the Group.
• Administer Policy Hub for Shared Services policies, ensure timely reviews, retire outdated documents, and support policy risk reviews and compliance checks.
• Drive consistency in policy governance across all entities to maintain Group-wide standards.
• Establish and lead the Group-wide Third-Party Risk Management framework as a center of excellence.
• Develop policies, standards, and tools for vendor risk assessment, onboarding, and ongoing monitoring.
• Coordinate risk reviews for critical suppliers across all business units, ensuring compliance with contractual and regulatory requirements.
• Track remediation of identified vendor risks and maintain accurate records to ensure compliance with Group standards.
• Provide training and guidance to business units on third-party risk practices and report consolidated vendor risk metrics to Management and Board Committees.
• Support assessment of technology risks across Shared Services, including system availability, data integrity, access management, and IT change processes.
• Monitor key technology risk indicators, track and report breaches, and follow up remediation actions.
• Log and investigate technology-related incidents and outages, conduct root cause analysis, and track corrective actions to closure.
• Conduct third-party technology risk reviews for critical ICT vendors and track closure of identified risks.
• Promote technology risk awareness and good cyber hygiene practices across Shared Services.
• Drive risk awareness within Shared Services by conducting training sessions, supporting risk culture initiatives, and promoting adherence to ERM processes and controls.
• Provide data and documentation for internal audits, regulatory inspections, and external reviews.
• Act as a functional administrator for ERM systems related to Shared Services and perform any other duties as assigned to support ERM objectives and Group Risk strategy.

• Working knowledge of ICT controls
• Cyber Risk concepts
• Business Continuity / Disaster Recovery

• Bachelor’s Degree in Finance, Business Administration or a related field is required.
• Professional certifications in Risk Management.