Risk Identification and Assessment

• Conduct comprehensive risk assessments (RCSA) for Shared Services processes, including HR, Finance, Procurement, IT, Legal, ESG, and Administration.
  

• Identify emerging risks, update risk registers in line with the Group taxonomy, and evaluate the design and effectiveness of controls to ensure compliance with regulatory and operational standards; and to drive consistency in risk assessment
  

  methodologies across the Group.
  

  Risk Monitoring and Reporting
  

• Monitor Key Risk Indicators (KRIs) for Shared Services and escalate breaches promptly.
  
• Prepare monthly and quarterly risk reports for Management and Board Committees, ensuring accurate and timely data capture in the GRC system and maintaining dashboards that provide clear visibility of risk trends.
  

• Consolidate risk insights across the Group for strategic decision-making.
  

  Incident Management
  

• Capture operational loss events and near misses in the GRC system, investigate incidents to determine root causes, and track corrective actions to closure.
  

• Prepare incident trend analyses and reports for Management Risk Committees and Board Risk Committees to provide a comprehensive view of risk exposure.
  

  Business Continuity Management
  

• Champion the Group’s BCM and Disaster Recovery (DR) program as a center of excellence.
  
• Coordinate the development and maintenance of Business Continuity Plans (BCP) and Disaster Recovery (DR) strategies across the Group, ensuring alignment with regulatory requirements and industry best practices.
  

• Organize and document BCM and DR tests, track remediation of gaps identified during testing, and ensure compliance with recovery time objectives (RTO) and recovery point objectives (RPO); whilst ensuring technology dependencies are
  

  well-mapped in BCPs for all Shared Services.
  

• Provide training and awareness sessions to embed a resilience culture across the Group.
  

  Policy and Procedure Governance
  

• Administer Policy Hub for Shared Services policies, ensure timely reviews, retire outdated documents, and support policy risk reviews and compliance checks.
  

• Drive consistency in policy governance across all entities to maintain Group-wide
  

  standards.
  

  Third-Party Risk Management
  

• Establish and lead the Group-wide Third-Party Risk Management framework as a center of excellence.
  

• Develop policies, standards, and tools for vendor risk assessment, onboarding, and
  

  ongoing monitoring.
  

• Coordinate risk reviews for critical suppliers across all business units, ensuring compliance with contractual and regulatory requirements.
  
• Track remediation of identified vendor risks and maintain accurate records to ensure compliance with Group standards.
  

• Provide training and guidance to business units on third-party risk practices and report consolidated vendor risk metrics to Management and Board Committees.
  

  Technology Risk Management
  

• Support assessment of technology risks across Shared Services, including system availability, data integrity, access management, and IT change processes.
  
• Monitor key technology risk indicators, track and report breaches, and follow up remediation actions.
  
• Log and investigate technology-related incidents and outages, conduct root cause analysis, and track corrective actions to closure.
  
• Conduct third-party technology risk reviews for critical ICT vendors and track closure of identified risks.
  

• Promote technology risk awareness and good cyber hygiene practices across Shared Services.
  

  Risk Culture and Awareness
  

• Drive risk awareness within Shared Services by conducting training sessions, supporting risk culture initiatives, and promoting adherence to ERM processes and controls.
  

  General Support
  

• Provide data and documentation for internal audits, regulatory inspections, and external reviews.
  

• Act as a functional administrator for ERM systems related to Shared Services and perform any other duties as assigned to support ERM objectives and Group Risk strategy.