Job overview

Job title: Manager, Internal Controls

Reports to: Head of Operations

Unit: Operations

Department: Technology and Operations

Grade: Band 5

Organization: NCBA Bank

Job purpose

The purpose of this role is to perform internal controls reviews to ensure adherence to established procedures and controls, while identifying process improvements across the bank’s operations units and branches. The role contributes to maintaining a strong control environment by preventing losses and strengthening operational effectiveness.

The position involves monitoring open control issues and ensuring they are resolved satisfactorily within set timelines to prevent crystallization of losses. It also requires escalation of significant control failures to senior management where potential or actual losses may arise.

Additionally, the role is responsible for coordinating the Business Continuity Program (BCP) across the bank.

Key accountabilities and responsibilities

Operational risk management (40%)

• Conduct ongoing control assessments across branches and central operations.
• Provide assurance to first-line management on the effectiveness of internal controls.
• Identify and communicate internal control risks through analysis of control evidence.
• Collaborate with business process owners to implement and monitor remediation plans.
• Track control exceptions and ensure timely closure within agreed deadlines.
• Promote effective control design using continuous improvement techniques.
• Partner with business units to define appropriate preventive and detective controls.
• Collect and analyze data to identify root causes, trends, and emerging risks.
• Escalate potential and actual risk issues where necessary.
• Provide subject matter expertise and guidance on control-related matters.
• Regularly assess key controls for effectiveness, efficiency, and relevance.
• Report risk events, policy deviations, and risk exceptions to relevant stakeholders.

Business continuity management (40%)

• Establish strategic objectives for crisis and incident response.
• Develop short-, medium-, and long-term business continuity strategies.
• Resolve implementation challenges and resource conflicts identified during tests.
• Identify and document priority processes and procedures.
• Sponsor the Business Recovery Program, including participation in bank-wide tests.
• Ensure integration of BCM into core business processes.
• Promote continuous improvement of the Business Continuity framework.
• Ensure BCP and DRP reviews are conducted at least annually.
• Organize quarterly crisis management exercises.
• Prepare and submit quarterly Business Continuity reports to the Board of Trustees.

Process improvement (20%)

• Participate in process reviews and process improvement initiatives.
• Support implementation of appropriate controls during process redesign.
• Conduct training and awareness sessions across the organization.
• Participate in policy, procedure, and system implementation reviews.
• Ensure controls are embedded in business processes and systems.
• Train process owners and control owners on risk and control concepts.
• Use SLA measurement tools to assess and improve service quality, productivity, and performance.

Job dimensions

Reporting relationships

Direct reports: None

Indirect reports: None

Stakeholder management

Internal stakeholders

• Branch leadership
• IT
• Operational Risk
• Internal Audit
• Projects Management
• Regional Operations

External stakeholders

• External auditors
• Regulators

Decision-making authority

Operational and managerial decision-making authority.

No direct budgetary control specified.

Work cycle and impact

Planning and impact horizon: 1 month to 3 months

Ideal job specifications

Academic qualifications

Bachelor’s degree from a recognized university.

Professional qualifications

• Proficient computer skills.
• Strong understanding of core banking processes.
• Knowledge of regulatory and statutory requirements.
• Risk, compliance, or audit-related professional qualification is an added advantage.

Desired work experience

• Minimum of 6 years’ banking experience.
• At least 4 years in operations or a risk-related department.

NCBA Bank core value behaviours

• Responsiveness: Speed, simplicity, innovation, and customer focus.
• Driven: Decisive, passionate, and bold.
• Open: Honest, transparent, and inclusive.
• Trusted: Teamwork, integrity, and accountability.

Ideal job competencies

Technical competencies

MS and system skills

• Advanced computer application skills for analysis, reconciliations, and reporting under tight deadlines.

Conceptual and analytical skills

• Strong analytical and evaluation skills.
• Ability to conduct independent analysis and make sound recommendations.

Banking, compliance, and regulatory knowledge

• Knowledge of operational risk, regulatory frameworks, and end-to-end banking operations.

Behavioural competencies

Leadership and initiative

• Ability to work independently with strong initiative and proactivity.

Communication skills

• Excellent written and verbal communication skills.

Planning and organizing

• Strong ability to prioritize, plan, coordinate, and monitor work.

Self-confidence

• Ability to be firm and authoritative while maintaining empathy during review and exit discussions.

• Conduct ongoing control assessments across branches and central operations.
• Provide assurance to first-line management on the effectiveness of internal controls.
• Identify and communicate internal control risks through analysis of control evidence.
• Collaborate with business process owners to implement and monitor remediation plans.
• Track control exceptions and ensure timely closure within agreed deadlines.
• Promote effective control design using continuous improvement techniques.
• Partner with business units to define appropriate preventive and detective controls.
• Collect and analyze data to identify root causes, trends, and emerging risks.
• Escalate potential and actual risk issues where necessary.
• Provide subject matter expertise and guidance on control-related matters.
• Regularly assess key controls for effectiveness, efficiency, and relevance.
• Report risk events, policy deviations, and risk exceptions to relevant stakeholders.
• Establish strategic objectives for crisis and incident response.
• Develop short-, medium-, and long-term business continuity strategies.
• Resolve implementation challenges and resource conflicts identified during tests.
• Identify and document priority processes and procedures.
• Sponsor the Business Recovery Program, including participation in bank-wide tests.
• Ensure integration of BCM into core business processes.
• Promote continuous improvement of the Business Continuity framework.
• Ensure BCP and DRP reviews are conducted at least annually.
• Organize quarterly crisis management exercises.
• Prepare and submit quarterly Business Continuity reports to the Board of Trustees.
• Participate in process reviews and process improvement initiatives.
• Support implementation of appropriate controls during process redesign.
• Conduct training and awareness sessions across the organization.
• Participate in policy, procedure, and system implementation reviews.
• Ensure controls are embedded in business processes and systems.
• Train process owners and control owners on risk and control concepts.
• Use SLA measurement tools to assess and improve service quality, productivity, and performance.

• Advanced computer application skills for analysis, reconciliations, and reporting under tight deadlines.
• Strong analytical and evaluation skills.
• Ability to conduct independent analysis and make sound recommendations.
• Knowledge of operational risk, regulatory frameworks, and end-to-end banking operations.
• Ability to work independently with strong initiative and proactivity.
• Excellent written and verbal communication skills.
• Strong ability to prioritize, plan, coordinate, and monitor work.
• Ability to be firm and authoritative while maintaining empathy during review and exit discussions.

• Bachelor’s degree from a recognized university.
• Proficient computer skills.
• Strong understanding of core banking processes.
• Knowledge of regulatory and statutory requirements.
• Risk, compliance, or audit-related professional qualification is an added advantage.