Risk & Governance Lead(Fintech/Payments)

Job Type: Full Time/Permanent

Location: Cape Town

Work Place: Hybrid

Reporting Line: Head of Legal (with dotted line direct to the board)

Division: Enabling

Department: Legal

• Proven experience in risk management, ideally within financial services, fintech, or another regulated industry.
• Solid understanding of risk management frameworks and corporate governance structures.
• Strong ability to work with cross-functional teams, consolidate information, and challenge constructively.
• Excellent reporting, communication, and stakeholder management skills - confident in presenting to senior leadership and boards.

• Degree in Commerce, Law (LLB) or Risk Management
• Recognised professional qualification or certification in governance, risk and compliance management will be advantageous
• IT risk experience is an advantage
• 3 - 5 years’ experience in risk management within the financial services, banking or payment industry
• Regulatory reporting experience is essential

• Team player - across all departments.
• Pragmatic risk judgment - calibrates risk to business context, proposes mitigations and clear trade-offs rather than “no”, has a successful track record of aligning legal priorities with organisational objectives.
• Bias to clarity and action - produces crisp, plain-language summaries and recommended paths and is comfortable making calls with imperfect information.
• Prioritisation and throughput - juggles multiple matters, sets/keeps SLAs, and escalates smartly on pre-defined triggers.
• Negotiation and stakeholder management - credible with customers and partners and balances firmness with deal momentum.
• Ownership and reliability - high agency, low ego, high bar for quality and follow-through under pressure.

• Design, implement, and maintain an integrated and centralised enterprise risk management framework for our Group and/or its subsidiary companies, including policies, risk registers, reporting standards, and control documentation.
• Work with the board and senior leadership to define, communicate, and embed our client’s risk appetite across all subsidiaries and functions of our client’s Group.
• Ensure alignment with regulatory requirements, group procedures and audit standards.
• Develop and maintain monitoring plans for key controls, ensuring compliance with frameworks and control environments
• Drive a combined assurance approach, engaging assurance partners and specialists on key risk matters.
• Serve as chairperson or participant, as appropriate, for relevant risk committees and forums ensuring agendas, minutes, and follow-ups are effectively managed.

• Oversee operational risk processes and reporting in line with the enterprise risk management framework.
• Evaluate, monitor, and challenge internal controls through reviews, testing, and root cause analyses.
• Ensure operational risk mitigation strategies are in place and aligned with business continuity management plans.
• Liaise with all applicable stakeholders to ensure adherence to statutory requirements.

• Facilitate enterprise-wide risk workshops and risk & control self-assessments.
• Ensure risk identification, assessment, and monitoring of key risks across all respective risk management functions (including, Compliance, Infosec, Operations).
• Act as second line of defence, providing challenge and oversight of risks and controls identified by business leads.
• Support risk assessments for new products, services, business ventures, third-party arrangements, and acquisitions.
• Anticipate and assess emerging risks, regulatory changes, and external trends relevant to our client’s operations.

• Maintain and consolidate the enterprise risk register and related risk management systems.
• Prepare and present enterprise risk dashboards and reports for risk committees and the board.
• Escalate incidents, breaches, and critical risk events to relevant governance forums, ensuring lessons learned feed back into frameworks.
• Ensure accurate, timely, and reliable data integrity in risk reporting and analysis.
• Monitor and track action plans and remediation activities.
• Stakeholder Engagement & Strategic Enablement
• Partner with business units to understand drivers, concerns, and risk exposures.
• Build a strong risk management culture through training, awareness campaigns, and guidance on the application of risk tools.
• Review and optimise risk management processes and procedures, providing guidance on areas for improvement.
• Drive innovation in risk capabilities and solutions that support operational efficiency.
• Engage in cross-functional relationships to enhance the quality of risk management outcomes.