​

Enterprise Risk Management

• Develop, implement, and maintain the Enterprise Risk Management (ERM) framework covering operational, IT, financial, regulatory, strategic, legal, and reputational risks.
• Maintain the corporate risk register, ensuring risks are identified, assessed, mitigated, monitored, and reported.
• Embed risk management into decision-making across all departments – IT, Finance, Operations, Administration, and Business Development.
• Lead risk assessments for new products, services, partnerships, and projects.
• IT & Cybersecurity Risk & Compliance (Heavy Emphasis)
• Oversee compliance with Bank of Uganda’s NPS regulations, the Data Protection & Privacy Act, and other applicable laws.
• Ensure adherence to PCI-DSS, ISO 27001, and other relevant IT security frameworks.
• Lead vulnerability assessments, penetration tests, and remediation tracking.
• Oversee cybersecurity incident detection, response, and recovery processes.
• Ensure secure systems design and implementation in collaboration with IT teams, including change management and vendor controls.

Operational Risk & Compliance

• Monitor and assess risks in agent network management, service delivery, reconciliation, and customer support.
• Ensure adequate controls for fraud prevention, transaction monitoring, and dispute resolution.
• Oversee compliance with service level agreements (SLAs) and internal operational procedures.

Financial & Procurement Risk & Compliance

• Ensure compliance with financial regulations, tax obligations, and anti-money laundering (AML/CFT) requirements.
• Oversee controls for financial reporting, asset management, and expense approvals.
• Ensure procurement processes are transparent, competitive, and compliant with policy.
• Monitor risks related to payments, reconciliations, and treasury operations.

Human Resources, Legal & Governance Compliance

• Ensure HR policies comply with labour laws, employee data privacy requirements, and ethical standards.
• Oversee whistleblowing, grievance, and disciplinary processes to ensure fairness and legal compliance.
• Ensure corporate governance practices meet regulatory and Board expectations.
• Monitor legal risks, oversee contract reviews, and track compliance with contractual obligations.

Business Continuity & Operational Resilience

• Lead the design, testing, and improvement of Business Continuity Plans (BCP) and Disaster Recovery (DR) strategies.
• Coordinate simulations and post-incident reviews to strengthen resilience.
• Integrate resilience measures into vendor and third-party agreements.

Regulatory Engagement & Reporting

• Liaise with regulators, auditors, and industry associations on compliance matters.
• Prepare and present quarterly risk and compliance reports to the Board Audit & Risk Committee.
• Ensure timely and accurate submission of all required regulatory returns.

Training & Awareness

• Develop and deliver enterprise-wide training on risk management, IT security, compliance obligations, AML/CFT, and data privacy.
• Promote a strong compliance and risk-aware culture across all business units.