Business Risk & Compliance Officer

SUMMARY :

The Business Risk and Compliance Officer is responsible for the development, implementation, monitoring, and continuous improvement of agile, fit-for-purpose Risk Management, Business Continuity, and Compliance Frameworks and Programmes that align with the company’s strategic objectives, regulatory obligations, and operational goals.

POSITION INFO : Key performance area

• 1. Provide support to GRC Director .
• Assist with ad hoc activities and special projects related to Risk, Compliance, Business Continuity, and broader Governance functions.
• Support initiatives such as ethics investigations, governance reviews, and other strategic or operational tasks as required.
• 2. Compliance .
• Draft and update compliance policies and procedures and submit to for review and approval prior to submission to GRC Director.
• Maintain and update the compliance implementation roadmap for NCP and its sites as required and review yearly.
• Develop, maintain, and present Introduction to Compliance and any other relevant and related presentations to relevant stakeholders, across all processes, departments and sites to create an awareness and understanding of Compliance and legislative requirements on the business.
• Arrange and facilitate Compliance workshops with relevant stakeholders / departments and update / maintain NCP departmental / site specific compliance universes.
• Review and distribute legislative updates to relevant NCP departments and sites, and update on relevant departmental / sites compliance universes.
• Develop and monitor an implementation plan on gaps identified during compliance workshops to ensure that NCP remains compliant with all legislation and standards
• Report and escalate any non-compliances to legal requirements, policies, procedures, standards that could adversely affect NCP to the relevant management and GRC Director.
• Attend compliance-related meetings (e.g., MOC Meeting, Serious RCIs, Insurance) and identify any possible gaps not covered on current compliance universe and send updates to GRC Director.
• Prepare the monthly Compliance report timeously and submit it to the GRC Director.
• Prepare a quarterly dashboard Compliance report for the NCP board meetings and submit it to the GRC Director.
• Act as alternative point of contact for Compliance throughout NCP and its sites.
• Facilitate the Risk, Business Continuity Management and Compliance review meetings to EXCO.
• Draft and compile the Risk, Business Continuity and Compliance review minutes.
• Oversee the Sabinet subscription and take note of the CAIA advocacy to ensure that the business is up to date on the latest regulations, including changes to legislation and this is communicated and incorporate into the Compliance Universe, with key controls documented (where possible to show compliance) and compliance risk mitigation strategies documents to strive for compliance.
• Manages the business’ compliance with the GHS Regulations by informing the relevant stakeholders of the necessary regulations’ updates, ensures all NCP’s SDS’ and labels are reviewed and updated as per the regulatory review timeframes.
• Facilitate the Health and Safety Legal compliance audits for all NCP sites by ensuring the agreed dates are booked in the relevant persons’ calendars, the scope of the audits is shared, the relevant personnel are prepared and informed of the upcoming audit, the findings are developed into a Corrective Action Plan (CAP).
• Monitor the open findings arising from the Health and Safety legal compliance audits to ensure compliance, by verifying and ensure closure thereof on EDMS.
• 3. Enterprise Risk Management (ERM) & Operational Risk Management (ORM) .
• Update ERM & ORM business risk management policies, procedures, and framework for NCP, whilst ensuring that the ORM is integrated into the Enterprise Risk Management (ERM) Framework and there are no contradictions or differences in terminology and definitions
• Update and maintain the ERM & ORM presentations used to create, promote, and maintain a culture of risk understanding, awareness, responsibility, and accountability throughout NCP’s sites.
• Schedule and facilitate the ERM risk workshops to identify key risks and opportunities and to evaluate them accordingly.
• Analyse and ensure quality of the ERM risk registers’ information, risk rating scales are updated and accurate, and ensure that risk treatments / mitigation strategies are clearly documented and monitored for reporting purposes. Follow up on overdue items and escalate where necessary to relevant management.
• Consolidate the ERM departmental risk registers to enable the risk reporting process in determining, classifying, and rating NCP’s top 10 business risks, which will be used in EXCO and Board presentations.
• Trend the risks according to categories identified within the risk registers to enable grouping or risks for a better consolidated view of tops risk themes.
• Facilitate the insurance survey by ensuring the agreed dates are booked in the relevant persons’ calendars, the scope of the audits is shared, the relevant personnel are prepared and informed of the upcoming survey, all survey required documents are prepared and submitted to the insurer and the recommendations are developed into a Corrective Action Plan, (CAP).
• Update and maintain Insurance risk survey feedback and findings monthly between NCP and NCP’s underwriters and submit them to the GRC Director for final review and communication back to the Insurers
• Attend risk related meetings (e.g., MOC Meeting, Serious RCIs, Insurance) and identify any possible gaps not covered on current risk registers and update risk registers with ratings accordingly
• Monitor external environmental for risk trends and themes that could potentially impact or affect NCP and consider during the risk management workshop and highlight these in monthly reports.
• Act as main point of contact for ERM and ORM throughout NCP and its sites.
• 4. Business Continuity Management (BCM) .
• Develop and Maintain the Business Continuity Management Plan (BCMP) :
• Ensure the BCMP is current, comprehensive, and reflects changes in business operations, processes, and organizational structure.
• Conduct Business Impact Analyses (BIAs) :
• Identify critical business functions, assess the impact of disruptions, and determine recovery priorities and timeframes.
• Facilitate Risk Assessments Related to Continuity :
• Evaluate potential threats and vulnerabilities that could disrupt operations and integrate findings into the BCMP.
• Coordinate and Facilitate BCM Reviews and Workshops :
• Engage departments and heads of departments across all sites in reviewing and validating continuity plans, ensuring alignment with business needs and mitigating downtime risks (e.g., plant redundancy, alternative suppliers, IT failovers, remote work locations).
• Document and Update Recovery Strategies :
• Work with departmental managers to ensure recovery plans include redundancy protocols, alternative suppliers, IT failovers, and remote work capabilities etc.
• Test and Exercise the BCMP :
• Plan and conduct tabletop exercises, simulations, and drills to validate the effectiveness of continuity and recovery strategies.
• Monitor and Align BCM with Risk Management Frameworks :
• Ensure BCM risks are reflected in the enterprise and operational risk registers and are actively monitored and mitigated.
• Ensure Regulatory Compliance :
• Verify that the BCMP complies with applicable legislation, standards (e.g., ISO 22301), and industry best practices.
• Promote BCM Awareness :
• Develop and deliver training and awareness sessions to staff across all departments and sites.
• Continuously Improve BCM Processes :
• Identify opportunities to streamline and enhance BCM processes, tools, and reporting mechanisms.
• Support, arrange and coordinate actions in a crisis event supporting the GRC Director.
• 5. Budget .
• Compile cost forecast for budget inputs related to Risk, Compliance, Business Continuity, and Insurance activities.
• Submit the budget inputs to the Business Enablement Manager and GRC Director for review and inclusion in the overall departmental budget.
• 6. Related SHERQ responsibilities .

Knowledge / Skills / Competencies

Experience

Qualifications :

Technical Certifications :

Reporting structure :

This position reports to the GRC Director.

Personal Circumstances :

Other requirements : Please ensure :

Failure to comply with the above requirements will result in your application being disqualified.

Persons with disabilities are encouraged to apply, should the applicant be successful the incumbent will be reasonably accommodated depending on the inherent requirements of the job.

All applicants are thanked in advance for showing interest however correspondences will only be entered into with the shortlisted candidates.

Closing date : 31 July 2025

Applications to be sent to :

Recruitment for this position will be conducted with the intention of progressing our Employment Equity policy, targets, and objectives. The Company reserves the right not to fill this position.