FAIS Ombud SA
Key Performance Areas:
Risk Management: Support the Head: GRC in developing, implementing, and maintaining the Enterprise Risk Management Framework (ERMF) in line with international standards. Facilitate and monitor risk management processes, including risk identification, assessment, mitigation, and reporting. Coordinate departmental risk workshops, maintain strategic and operational risk registers, conduct audits, and review key processes to identify control weaknesses and recommend improvements. Monitor and analyse risk trends, provide guidance on mitigation strategies, and ensure the effective use and maintenance of ERM software to support organisational risk management objectives. Follow up on the implementation of planned/future mitigation controls and audit the effectiveness and the efficiency of the controls implemented to mitigate existing risks.
Business Continuity Management: Develop, implement, and maintain the FAIS Ombud’s BCM framework, policies, and systems in line with international standards. Oversee the full BCM lifecycle, including crisis management structures, business impact assessments, risk assessments, and the development and annual review of business continuity plans. Coordinate simulation exercises, test and audit recovery procedures, and ensure alignment between business and ICT disaster recovery plans. Lead and guide departmental BCM Champions to ensure organisational preparedness, effective incident response, and the safeguarding of operations during unforeseen disruptions.
Effective Implementation of ERMF, Risk Management process and tools: Champion and drive the implementation of the Enterprise Risk Management Framework (ERMF), systems, and processes across business units in collaboration with the Head: GRC. Ensure effective utilisation of ERM software, providing ongoing support, onboarding, and training for Risk Champions, Risk Owners, and new users. Monitor and report on the performance of the ERMF to support continuous improvement and enhance the organisation’s risk management capability.
Risk and Business Continuity Awareness Culture: Promote and sustain a strong culture of risk awareness and business continuity through formal campaigns, presentations, inductions, audits, and regular communications. Review and update key governance documents, maintain effective reporting channels, and engage with business units to embed continuous risk assessment practices. Ensure all personnel with BCM responsibilities are trained and familiar with continuity plans, provide guidance to BCM Champions, coordinate plan access and distribution, arrange annual disaster recovery site visits with ICT, and maintain the Battlebox to ensure organisational readiness.
Reporting: Prepare and contribute to high-quality, timely reports for EXCO, the Audit and Risk Committee, and other governance structures in line with standard reporting formats. Consolidate departmental risk reports into organisation-wide registers, ensure consistency and quality, and tailor risk reporting for different audiences to support awareness, accountability, and decision-making. Provide accurate information to the Head: GRC to enable escalation of significant risks and maintain regular analysis and follow-up on operational risk registers.
Requirements
Matric certificate or equivalent.
An appropriate bachelor’s degree or equivalent qualification in the Governance, Risk, and Compliance or Audit fields.
A certificate in Risk Management and membership of the Institute of Risk Management South Africa (or meeting the registration requirements) would be an added advantage.
Certification in ISO 22301 and BCI Good Practice Guidelines will be advantageous.
Minimum 3 to 5 years’ appropriate experience in Risk Management and/or BCM and/or Audit field.
Demonstrated experience and knowledge in corporate enterprise risk management and/or the BCM and/or Audit field.
Ability and knowledge to maintain and manage the BCM Management System and Software.
Apply via company website ( ) or
faisombud.mcidirecthire.com