Risk & Assurance Specialist

Overall job purpose: To provide independent and objective assurance within the First Line of Defence, periodically assess the effectiveness of key controls, risk management practices, and Frameworks/ Policies & Standards adherence across the Compliance Function. This role ensures that business areas operate within the bank’s risk appetite by conducting targeted assurance reviews, proactively identifying control gaps, and recommending remediation actions to strengthen the internal control environment and compliance regulatory posture.

·       Plan, execute, and report on risk-based assurance reviews across key operational and compliance processes.

·       Evaluate the design and operating effectiveness of controls within the Function processes to ensure risks are adequately mitigated.

·       Perform testing of evidence, sample reviews, and walkthroughs to validate compliance with internal policies, standards, and regulatory requirements.

·       Identify control deficiencies, process weaknesses, and emerging risks; escalate and track remediation actions.

·       Develop assurance scopes, testing methodologies, and work programmes aligned to the 1LOD Compliance Assurance Methodology.

·       Support the annual assurance plan based on key risk themes, KRI trends, and audit findings.

·       Contribute to the maintenance of the risk and control assessment (RCA) process by validating key control effectiveness.

·       Partner with Compliance process owners to embed a strong risk culture and improve control design and documentation.

·       Support the identification and assessment of Compliance, Operational & Resilience risk.

·       Provide insightful analysis of assurance findings to drive continuous improvement and root cause remediation.

·       Ensure alignment of 1LOD assurance activities with Second Line (2LOD) oversight and Internal Audit (3LOD) reviews to minimise duplication.

·       Prepare assurance review reports highlighting key observations, ratings, and agreed actions.

·       Present assurance outcomes to risk forums, governance committees, and senior management.

·       Monitor and report on remediation progress and the closure of control gaps.

·       Contribute to the development of management information (MI), dashboards, and thematic risk insights for decision-making.

·       Build strong relationships with Compliance performance areas, Monitoring & Testing teams, and Internal Audit.

·       Support the embedding of the 1LOD Assurance Framework and champion proactive risk management.

·       Provide guidance and advisory support on risk mitigation strategies and control enhancements.

·       Strong understanding of operational risk management frameworks (three lines of defence, RCA, control testing, KRIs, incidents).

·       Good knowledge of banking operations, regulatory compliance, and risk control processes.

·       Analytical and detail-oriented with the ability to identify root causes and recommend practical solutions.

·       Excellent report writing, communication, and presentation skills.

·       Ability to work independently and manage multiple assurance reviews concurrently.

·       Strong stakeholder management and influencing skills.

·       Integrity and commitment to maintaining high ethical standards.

Minimum Qualifications

·       A Bachelor’s degree in Risk Management, Finance, Accounting, Audit, Compliance, Law, or a related discipline.

 

Preferred Qualifications / Certifications

·       Postgraduate Diploma or Honours in Risk Management, Compliance, or Internal Audit (advantageous).

·       Professional certifications such as:

o   Certified Risk Management Professional (CRM Prac / IRMSA)

o   Certified Internal Auditor (CIA)

·       Minimum 3–5 years’ experience in a risk, assurance, audit, or compliance function within a financial services or banking environment.

·       Demonstrated experience conducting control testing, assurance reviews, or process risk assessments.

·       Familiarity with South African regulatory requirements, including those set by the South African Reserve Bank (SARB), Financial Sector Conduct Authority (FSCA), Financial Intelligence Centre (FIC), and Protection of Personal Information Act (POPIA).

·       Exposure to data analytics tools or automated control testing is an advantage.

·       Risk-focused and detail-oriented

·       Proactive mindset

·       Strong ethical and professional conduct

·       Collaborative and adaptable

·       Excellent time management and prioritisation skills

·       Completion of risk-based assurance reviews aligned to the annual plan.

·       Clear and actionable assurance reports delivered on time.

·       Improved control environment evidenced by reduced repeat findings or audit issues.

·       Effective collaboration with 2LOD and performance areas within the Function. 

·       Maintenance of up-to-date documentation and assurance evidence.