Senior Risk & Compliance Officer Job Qona Sacco

The Senior Risk and Compliance Officer is responsible for the strategic leadership and oversight of SACCO’s enterprise risk management, compliance, and internal control functions. The role ensures that effective frameworks and systems are in place to identify, assess, mitigate, and monitor risks across all operations. The position plays a critical advisory role to senior management and the Board, safeguarding SACCO’s assets, reputation, and regulatory compliance.

Key Responsibilities

Risk Governance and Strategy

• Lead the development, review, and implementation of the SACCO’s Risk Management
• Framework, Policy, and risk appetite statement.
• Embed a risk-aware culture across departments and provide guidance on risk
• management best practices aligned with SACCO’s strategic goals.
• Ensure risk management practices are integrated into strategic planning, decisionmaking, and business processes.

Enterprise Risk Management

• Oversee and co-ordinate the identification, assessment, and mitigation of risks across all risk categories—operational, financial, credit, regulatory, strategic, ICT/cybersecurity, and reputational.
• Maintain and update corporate and departmental risk registers, including emerging risks related to products, services, customer segments, geographies, and delivery channels.
• Oversee the design and implementation of internal controls and ensure they are effectively mapped to key risk areas.

Compliance Management

• Ensure SACCO operates in full compliance with applicable laws, regulations, and internal policies.
• Maintain and continuously update a comprehensive regulatory compliance universe.
• Monitor, evaluate, and report on compliance risks, breaches, and regulatory changes affecting SACCO.
• Provide leadership in the interpretation and implementation of regulatory requirements, including Central Bank, Sacco Societies Regulatory Authority (SASRA) Financial Reporting Centre (FRC) and other regulatory bodies.

Risk Monitoring and Reporting

• Design and monitor Key Risk Indicators (KRIs) to detect early warning signs of risk exposure and ensure timely mitigation. C2 – Safaricom Internal
• Lead the preparation and submission of periodic risk reports eg. Product Risk Assessments to the CEO, senior leadership, and the Audit Risk & Compliance Committee.
• Analyze risk data and trends to support strategic decision-making and recommend riskbased solutions.
• Anti-Money Laundering, Counter-Financing of Terrorism and Counter Proliferation Financing (AML/CFT/CPF)
• In charge of the role of Anti -Money Laundering Reporting Officer (AMLRO) for the Sacco and response to Targeted Financial Sanctions from Financial Reporting Centre.
• Provide oversight and guidance on AML/CFT/CPF compliance in line with KYC/AML/CFT/CPF policies and other required legal requirements.
• Monitor AML/CFT/CPF-related risks and lead the implementation of preventative and detective measures.
• Document a risk- based methodology of managing ML/TF/PF risks and Conduct ML/TF/PF risk assessments for all products and systems in the Sacco.
• Establish and AML program and ensure AML/CFT/CPF training, awareness, and reporting mechanisms are in place and effective.

Policy Management and Internal Controls

• Lead the development and periodic review of organizational policies and Standard Operating Procedures (SOPs).
• Ensure internal controls are aligned with best practices and regulatory expectations.
• Conduct policy attestations and compliance reviews to ensure policies are adhered to across departments.
• Maintain a Fraud, Gift, conflict of interest registers and conduct preliminary investigations for cases relating to breach of security and policies within the Sacco.

ESG and Sustainability Risk

• Champion Environmental, Social, and Governance (ESG) compliance and integrate ESG risks into the SACCO’s risk framework.
• Guide departments in identifying and managing ESG-related risks and opportunities.

Collaboration and Assurance

• Work closely with Internal Audit, Legal, and other assurance functions to promote a coordinated approach to governance and assurance.
• Track, follow up, and report on the implementation of audit and risk review recommendations.

Qualifications and Experience

• Bachelor’s degree in risk management or in a Business-related field.
• At least completed CPA/ACCA part 2.
• Professional certification in Risk, Compliance, Audit or related areas (e.g. CRMA, CISA, CPA, CIA, CISM) is an added advantage.
• Minimum 5 years of progressive experience in risk management and compliance.
• Strong knowledge of regulatory frameworks, enterprise risk management principles, and internal controls.
• Proven experience in risk analysis, regulatory reporting, board reporting, and policy development.

Key Competencies

• Strategic thinking and leadership
• Excellent communication and presentation skills
• Strong knowledge of financial services regulations
• High integrity and professional ethicsAnalytical and data-driven decision-making ability
• Ability to influence and work across diverse teams and functions
• Proficiency in risk management systems and tools

How to Apply

If you meet the minimum requirements, please submit a detailed curriculum vitae (CV), to careers@qonsacco.com by 30 September 2025.

Join our WhatsApp channel here for the latest job postings and career tips