Head: Operations Risk (MT4) - COO Risk & Compliance
Listing reference: capbw_003093
Listing status: Online
Apply by: 12 March 2026
Position summary
Industry: Banking
Job category: Other: Banking, Finance, Insurance, Stockbroking
Location: Windhoek
Contract: Permanent
Remuneration: Market Related
EE position: No
Introduction
• Support the Chief Operating Officer (COO) with the development, implementation, operation and enhancement of the internal control environment of business units that report into the COO space
• Monitor the activities of business units reporting to the COO to ensure delivery within agreed service levels and that risk exposure remains within approved tolerance
• Provide risk management support as the COO’s principal risk coordinator to develop, implement, operate and enhance the operations principal risk control framework
• Responsible for enterprise-wide business continuity policy development, oversight, and reporting
• Establish and oversee group-wide policies and standards for operations risk, and business continuity, ensuring consistency, relevance, and alignment with international best practices and regulatory requirements. The head will champion a culture of preparedness and resilience, including the design of business continuity plans and testing and recovery strategies
Job description
KEY PERFORMANCE AREAS (KPAs)
1. COO internal control environment (COO space)
• Develop, agree, implement and continuously enhance a framework for the monitoring and evaluation of risk exposure and service levels within the COO's scope of responsibility
• Monitor, review and challenge control definitions, control assessments, risk indicators and remediation plans reported by business units
• Escalate material deficiencies within the framework and potential or actual issues (i.e. control gaps, non-compliance) within the operating environment to the COO (when necessary)
• Support line management reporting to the COO with the implementation/adaption of the process to enable efficient and effective operation
• Pro-actively identify control deficiencies from Internal Audit, Management Assurance Services, Forensic and Business Continuity Management (BCM) reports and external sources (those outside of immediate environment) and through gap analysis to ensure ‘fit for purpose’ remediation by the department of any risk exposures
• Monitor, review and challenge control definitions, control assessments, risk indicators and remediation plans reported by business units
• Escalate material deficiencies within the framework and potential or actual issues (i.e. control gaps, non-compliance) within the operating environment to the COO (when necessary)
• Support line management reporting to the COO with the implementation/adaption of the process to enable efficient and effective operation
• Pro-actively identify control deficiencies from Internal Audit, Management Assurance Services, Forensic and Business Continuity Management (BCM) reports and external sources (those outside of immediate environment) and through gap analysis to ensure ‘fit for purpose’ remediation by the department of any risk exposures
2. COO Risk support
• Ensure all risk-related action plans developed by direct reports are comprehensive, feasible, and aligned with internal and external audit requirements
• Track progress of remedial actions, verify evidence of implementation, and ensure timely closure of issues on the risk management system (no overdue issues)
• Engage regularly with action owners and escalate delays or challenges to executive management to prevent overdue issues
• Act as central liaison between the COO and the risk function[AS1.1]
• Support the risk function with the implementation of existing and new agreed-on risk initiatives within the COO space
• Perform all other duties as reasonably assigned
• Track progress of remedial actions, verify evidence of implementation, and ensure timely closure of issues on the risk management system (no overdue issues)
• Engage regularly with action owners and escalate delays or challenges to executive management to prevent overdue issues
• Act as central liaison between the COO and the risk function[AS1.1]
• Support the risk function with the implementation of existing and new agreed-on risk initiatives within the COO space
• Perform all other duties as reasonably assigned
3. Entity Operations Risk Control Framework
• Maintain an updated operations risk framework, including up-to-date risk capacity, appetite and tolerance thresholds, and agree changes to the framework with the COO
• Analyse the operations risk loss event reports on a monthly basis and identify weaknesses / trends and recommend measures to mitigate operations risks identified from reported incidents
• Evaluate the effectiveness of remediation actions and assist line management with developing appropriate action plans when necessary
• Assist the PRO with the monthly operations risk data collection (metrics, risk register, etc.) to be reported to the Operational Risk department by the agreed due dates
• Assist the PRO with the bi-annual operations risk attestation to the MD and ensure that the attestation documentation is submitted to the Operational Risk department by the agreed due date
• Assist the PRO with the calculation of any exposures, including but not limited to the additional Basel 2 Pillar 2 capital charge for operations risk and forward the ICAAP return to the Operational Risk department by the agreed due date
• Provide advice, support and guidance to operations risk within Bank Windhoek assisting with achievement of required levels of framework compliance and if required conduct periodic self-assessment compliance reviews
• Continuously enhance operations risk awareness and conduct awareness campaigns as necessary
• Train and educate line management and their support staff on the control framework
• Where appropriate and with the help of the Operational Risk department, operate and document processes that test the impact on the operations risk profile of different scenarios - for example with stress testing
• Collaborate with the compliance function to develop and maintain compliance risk management plans for business units within the COO domain.
• Ensure the monitoring, and assessment of the adequacy and effectiveness of key controls implemented to address compliance deficiencies, ensuring alignment with regulatory, third party and scheme expectations to mitigate the risk of penalties.
• Ensure that compliance requirements are embedded into daily operational processes and procedures during reviews and updates of functional workflows.
• Analyse the operations risk loss event reports on a monthly basis and identify weaknesses / trends and recommend measures to mitigate operations risks identified from reported incidents
• Evaluate the effectiveness of remediation actions and assist line management with developing appropriate action plans when necessary
• Assist the PRO with the monthly operations risk data collection (metrics, risk register, etc.) to be reported to the Operational Risk department by the agreed due dates
• Assist the PRO with the bi-annual operations risk attestation to the MD and ensure that the attestation documentation is submitted to the Operational Risk department by the agreed due date
• Assist the PRO with the calculation of any exposures, including but not limited to the additional Basel 2 Pillar 2 capital charge for operations risk and forward the ICAAP return to the Operational Risk department by the agreed due date
• Provide advice, support and guidance to operations risk within Bank Windhoek assisting with achievement of required levels of framework compliance and if required conduct periodic self-assessment compliance reviews
• Continuously enhance operations risk awareness and conduct awareness campaigns as necessary
• Train and educate line management and their support staff on the control framework
• Where appropriate and with the help of the Operational Risk department, operate and document processes that test the impact on the operations risk profile of different scenarios - for example with stress testing
• Collaborate with the compliance function to develop and maintain compliance risk management plans for business units within the COO domain.
• Ensure the monitoring, and assessment of the adequacy and effectiveness of key controls implemented to address compliance deficiencies, ensuring alignment with regulatory, third party and scheme expectations to mitigate the risk of penalties.
• Ensure that compliance requirements are embedded into daily operational processes and procedures during reviews and updates of functional workflows.
4. Entity Risk & Compliance Reporting
• Escalate material non-compliance to the COO and compliance function
• Report identified non-compliance incidents and impact both in value and volume to the relevant governance structures
• Report identified non-compliance incidents and impact both in value and volume to the relevant governance structures
• Ensure the COO Operations Risk Register is kept current and relevant by incorporating emerging risks and systematically documenting the management and resolution of existing risks
• Prepare risk reporting to the governance structure (Operational Risk Forum, Risk Committee, EMT and Board Audit, Risk and Compliance Committee)
• Report on specific metrics and highlight whether they are within tolerance levels and forecast these as well
5. Entity Loss Management
• Prepare risk reporting to the governance structure (Operational Risk Forum, Risk Committee, EMT and Board Audit, Risk and Compliance Committee)
• Report on specific metrics and highlight whether they are within tolerance levels and forecast these as well
5. Entity Loss Management
• Structured Loss Management System: Establish and maintain a comprehensive and structured system for reporting, monitoring, and managing of all Operations related losses including penalties from regulatory authorities and schemes impacting both the Bank and its customers.
• Loss Monitoring & Analysis: Manage and ensure continuous monitoring, analysing, and reporting on financial losses incurred by the Bank or customers across all payment systems, schemes, and operational channels, including detailed tracking of transaction values and volumes.
• Recovery & Loss Minimization: Encourages recovery initiatives and implement measures to minimize final financial losses wherever possible.
• Root Cause Analysis & Risk Mitigation: Ensure loss events are investigated to identify control deficiencies, unusual trends, or underlying root causes. Recommend and ensure timely implementation of appropriate risk mitigation strategies.
• Loss Monitoring & Analysis: Manage and ensure continuous monitoring, analysing, and reporting on financial losses incurred by the Bank or customers across all payment systems, schemes, and operational channels, including detailed tracking of transaction values and volumes.
• Recovery & Loss Minimization: Encourages recovery initiatives and implement measures to minimize final financial losses wherever possible.
• Root Cause Analysis & Risk Mitigation: Ensure loss events are investigated to identify control deficiencies, unusual trends, or underlying root causes. Recommend and ensure timely implementation of appropriate risk mitigation strategies.
6. Group Operations Risk Control Framework (enterprise-wide)
• Maintain an updated group operations risk framework, including up-to-date risk capacity, appetite and tolerance thresholds, and agree changes to the framework with the GPRO
• Stand in for the GPRO with the quarterly operations risk data collection to be reported to the Group Operational Risk department by the agreed due dates
• Offer advice, support, and guidance regarding operations risk within the Group Entities and Bank Windhoek, assist with reaching required framework compliance levels, and, if necessary, perform periodic self-assessment compliance reviews for the entity and review self-assessments completed by group entities
• Assist the GPRO with the bi-annual operations risk attestation and ensure that the attestation documentation is submitted to the Operational Risk department by the agreed due date
• Stand in for the GPRO with the quarterly operations risk data collection to be reported to the Group Operational Risk department by the agreed due dates
• Offer advice, support, and guidance regarding operations risk within the Group Entities and Bank Windhoek, assist with reaching required framework compliance levels, and, if necessary, perform periodic self-assessment compliance reviews for the entity and review self-assessments completed by group entities
• Assist the GPRO with the bi-annual operations risk attestation and ensure that the attestation documentation is submitted to the Operational Risk department by the agreed due date
7. Entity and Group Governance
• Governance Document Review & Updates: Ensure that governance documents across all Operations departments—and those under the COO’s oversight as Principal Risk Officer (GPRO)—are reviewed and updated in accordance with the schedule provided by the Group Governance Reporting Department. This includes, but is not limited to, policies, procedure manuals, and frameworks.
• Alignment with Operational Practices: Ensure that all documented processes and procedures are up to date and accurately reflect the current operational practices within each functional area.
• Risk Oversight in Process Development: Provide proactive oversight and support to functional areas during the development of new processes, identifying potential risks and control weaknesses, offering guidance to mitigate identified risks.
• Timely Submission & Representation: Ensure governance documents scheduled for review are submitted on time to the Group Document Review Committee or relevant governance forums and represent document owners on these platforms when required.
• Alignment with Operational Practices: Ensure that all documented processes and procedures are up to date and accurately reflect the current operational practices within each functional area.
• Risk Oversight in Process Development: Provide proactive oversight and support to functional areas during the development of new processes, identifying potential risks and control weaknesses, offering guidance to mitigate identified risks.
• Timely Submission & Representation: Ensure governance documents scheduled for review are submitted on time to the Group Document Review Committee or relevant governance forums and represent document owners on these platforms when required.
8. Entity and Group Business Continuity & Resilience
• Develop, review, and maintain comprehensive Business Continuity Management (BCM) policies processes that align with regulatory standards and organisational objectives
• Ensure all business units are aware of, and compliant with, the latest BCM policy requirements through regular communication, training, and policy attestation cycles
• Drive the continuous improvement of BCM frameworks by incorporating insights from regulatory changes, industry best practices, and outcomes from BCM tests and incident reviews
• Lead the Business Continuity Management (BCM) programme, ensuring policy compliance, annual attestations, reviews, and testing
• Design standardised templates and reporting schedules to support executive oversight and adherence to regulatory requirements for BCM
• Maintain a central repository of signed-off BCPs and ensure readiness through call tree tests and backup site validations
• Oversee the integration of BCM into operational risk and compliance planning
• Develop, implement, and maintain effective reporting systems for Business Continuity Management (BCM) that ensure the accurate and timely dissemination of key BCM metrics, incident reports, and programme updates to all relevant stakeholders
• Oversee regular reporting cycles to track the effectiveness of business continuity plans, capturing insights and lessons learned from BCM tests, exercises, and real events for ongoing enhancement
• Ensure insights from BCM activities are thoroughly analysed, documented, and communicated to drive improvements and inform decision-making processes
• Facilitate prompt escalation, tracking, and resolution of material BCM issues, providing executive management and governance forums with clear visibility of resilience initiatives and concerns.
• Ensure all business units are aware of, and compliant with, the latest BCM policy requirements through regular communication, training, and policy attestation cycles
• Drive the continuous improvement of BCM frameworks by incorporating insights from regulatory changes, industry best practices, and outcomes from BCM tests and incident reviews
• Lead the Business Continuity Management (BCM) programme, ensuring policy compliance, annual attestations, reviews, and testing
• Design standardised templates and reporting schedules to support executive oversight and adherence to regulatory requirements for BCM
• Maintain a central repository of signed-off BCPs and ensure readiness through call tree tests and backup site validations
• Oversee the integration of BCM into operational risk and compliance planning
• Develop, implement, and maintain effective reporting systems for Business Continuity Management (BCM) that ensure the accurate and timely dissemination of key BCM metrics, incident reports, and programme updates to all relevant stakeholders
• Oversee regular reporting cycles to track the effectiveness of business continuity plans, capturing insights and lessons learned from BCM tests, exercises, and real events for ongoing enhancement
• Ensure insights from BCM activities are thoroughly analysed, documented, and communicated to drive improvements and inform decision-making processes
• Facilitate prompt escalation, tracking, and resolution of material BCM issues, providing executive management and governance forums with clear visibility of resilience initiatives and concerns.
9. People Management
• Attend to all staffing matters of the department
• Provide advice guidance to staff to enable them to achieve their objectives
• Manage the coaching and development of staff
• Ensure succession planning within the area
• Pursue effective reaching of diversity targets
• Provide advice guidance to staff to enable them to achieve their objectives
• Manage the coaching and development of staff
• Ensure succession planning within the area
• Pursue effective reaching of diversity targets
10. Other
• Maintain an awareness of new developments in technology and relevant risk processes
• Develop and control the budget for the department
• Oversee the preparation of statistical information of the department
• Attend and participate in relevant industry forums and structures on behalf of the Bank when required.
• Be willing to perform any other reasonable and lawful duties assigned by management
• Develop and control the budget for the department
• Oversee the preparation of statistical information of the department
• Attend and participate in relevant industry forums and structures on behalf of the Bank when required.
• Be willing to perform any other reasonable and lawful duties assigned by management
Minimum requirements
JOB SPECIFICATIONS
Qualifications
• Grade 12
• Possess B-degree Honours or equivalent post graduate degree in auditing, risk management, compliance, commerce or operational management
• Registered with an internal audit body, qualified accountant, completed articles will be an advantage
Experience
• 8 – 10 years banking experience of which at least 5 years at management level
• Excellent interpersonal and negotiating skills
• Excellent time management
• Excellent problem-solving skills
• Ability to influence and implement executive tasks
• Ability to conceptualise opportunities within this space and of the industry
• Strong presentation and communication/report writing skills
• Proven ability to compile and design policies and procedures
• Good working knowledge of Microsoft office tools – Word, PowerPoint & Excel