Senior Associate Risk & Compliance

Job Description

Posted Tuesday, September 23, 2025 at 4:00 AM

Deliver independent, risk-based monitoring and assurance over the firm’s compliance with FAIS, CISCA, FICA, POPIA and PAIA, and verify alignment to Group Risk & Compliance standards. The role executes thematic and routine reviews, issues clear remediation recommendations, tracks closure and produces high quality MI for management and governance forums. It also supports the FICA Section 42A Compliance Officer and MLRO with monitoring and reporting activities, in line with the RSA RMCP and Group frameworks.

• Implement the Compliance Monitoring Programme (CMP):
  Ensure the effective implementation of the compliance monitoring programme in conjunction with Group monitoring teams, applying Group documentation and reporting standards.
• Comprehensive coverage:
  Ensure the CMP covers applicable internal and external requirements (Group policies/standards and RSA laws/regulations) and remains current with business risks and regulatory changes.
• Timely, risk‑based testing:
  Ensure monitoring testing is conducted on time and on a risk‑based basis; maintain robust work papers and evidence.
• Change integration & CRA:
  Identify and incorporate changes to the CMP and feed into the Combined Risk Assessment (CRA) as appropriate when new/changed risks are identified.
• Stakeholder engagement & remediation:
  Manage and proactively work with stakeholders on findings, providing sound advice on the nature and appropriateness of remediation actions, taking related risks into account.
• Escalation:
  Escalate higher‑risk findings to the Head of Risk & Compliance – RSA as they arise, in line with Group escalation protocols.
• Closure tracking:
  Ensure remediation or follow‑up actions are and closed within agreed timelines; minimise repeat findings.
• Internal Audit:
  Work with Internal Audit regarding oversight/coordination of compliance monitoring activities to avoid duplication and strengthen second/third‑line coverage.
• Control effectiveness:
  Monitor the efficiency and consistency of compliance controls and assist with enhancement of procedures and controls, including drafting/refreshing local SOPs where needed.

• Lead the monitoring activities in alignment with the Compliance Manual and associated governance frameworks, ensuring consistent oversight and adherence to regulatory standards.
• General Code of Conduct:
  Monitor TCF outcomes, disclosures, suitability & record of advice, complaints handling, advertising and conflicts.
• Fit & Proper (BN 194/2017):
  Monitor competence, honesty/integrity, operational ability and financial soundness; maintain MI.
• Regulator interface:
  Operate an effective second‑line monitoring function and compile reports/returns requested by the FSCA.

• Test adherence to the RMCP across CDD/EDD, risk rating, sanctions screening and record keeping; recommend RMCP enhancements where gaps are found.
• Support the S.42A Compliance Officer and MLRO with written updates to the governing body on AML/CFT monitoring progress.
• Verify quality and timeliness of reporting via goAML and evidence logs; maintain red‑flags library and training inputs.

• Assess POPIA controls: lawful basis, purpose limitation, data minimisation, accuracy, retention/destruction, cross‑border transfers, operator agreements/oversight, and security safeguards (tech/organisational).
• Breach readiness & notifications (s.22):
  Monitor and evidence timely, content‑complete breach notifications to the Information Regulator and data subjects.
• PAIA s.51 manual & requests:
  Coordinate periodic review/publication of the Section 51 PAIA Manual.

• Group & management reporting:
  Assist with the preparation of compliance reports to management, committees and Group governance (MI, heat‑maps, issue status, trends, control effectiveness).
• Regulatory reporting:
  Assist with the preparation of reports and regulatory submissions to authorities (FSCA/FIC/Information Regulator), ensuring quality, timeliness and auditability.