Risk Management Associate

Overview of the Role

The Risk Management Associate coordinates and executes daily tasks supporting the organisation’s Enterprise Risk Management (ERM) framework, Information Security Management System (ISMS), and compliance programs.

This junior-to-mid-level role bridges the gap between administration and risk analysis by helping operational teams maintain accurate risk registers, collating audit evidence, and reviewing change requests. Through proactive tracking and structured reporting, the Associate ensures the organisation remains continuously aligned with ISO 27001, ISO 31000, SOC 2, and NIST standards.

Major Responsibilities

Risk Assessment & Tracking

• Identify, assess, and monitor operational, security, regulatory, and strategic risks.

• Conduct initial reviews of risk assessments

• Maintain, update, and quality-check the corporate risk registers [ISO 31000].

• Monitor risk treatment plans, controls and follow up with owners on remediation progress.

• Analyse risk data to help prepare dashboards for executive leadership.

• Facilitate baseline risk assessment of workflows with operational business units.

• Prepare and coordinate risk reporting for executive leadership and regulatory bodies.

• Assist coordinating and tracking implementation of controls identified during risk assessment

Audit Coordination & Evidence Gathering

• Serve as one of the points of contact for internal and external audit logistics.

• Collate, verify, and organise evidence files for internal audit, ISO 27001, ISO 22301 and SOC 2 audits.

• Track audit findings, log corrective actions, and escalate overdue items.

ISMS & Security Control Support

• Support day-to-day maintenance of ISMS and BCMS processes to protect ISO 27001 and ISO 22301 certification.

• Review, update, and distribute information security policies and procedures.

• Manage the information asset inventory and verify asset ownership logs.

• Coordinate and track mandatory employee security awareness training completion.

Incident Response & Change Management Governance

• Log security and operational incidents and track post-incident remediation tasks.

• Assist in organising data and drafting reports for risk assessments and post-incident reviews.

• Evaluate routine operational change requests for completeness and risk impact.

• Verify that proper approval of workflows and audit trails is maintained for changes.

Compliance & Governance

• Prepare documentation and responses for regulatory inquiries, client due diligence, or third-party assessments.

• Produce periodic reports on risks, incidents, audit status, ISMS performance, and compliance metrics.

• Support preparation of Board, Audit Committee, and Risk Committee materials.

• Maintain dashboards and performance indicators to measure the effectiveness of risk and security programs.

Training, Awareness & Stakeholder Engagement

• Conduct training aligned with Risk, Compliance & Regulatory Affairs (RCRA) requirements.

• Deliver BCMS, emergency response, and information security training across the organisation.

• Assist in communicating policy updates, awareness campaigns, and readiness activities.

• Assist in facilitating workshops with process owners to improve recovery strategies, risk controls, and security posture.

• Carries out tasks as delegated by the immediate head/SLT

Requirements

• Minimum of 2–4 years of experience in risk management, compliance, IT audit, or information security.
• Bachelor’s degree in Industrial Engineering, Information Security, IT, or related field.
• Experience in risk management, information security, compliance, or internal audit.
• Understanding of ISO 27001 and audit methodologies.
• Practical understanding of risk frameworks (ISO 31000, NIST) and strategies
• Experience in coordinating incident response and internal audit activities.
• Familiarity with disaster recovery, business continuity, infrastructure dependencies, and operational risks.
• Experience in documentation for management systems (policies, SOPs, process diagrams, IR guides, audit evidence, etc.)
• Good analytical skills with the ability to interpret risks, evaluate controls, and drive improvements.
• Ability to work independently and collaboratively with cross-functional teams.
• Strong communication, presentation, stakeholder engagement, and organisational skills.
• Ability to remain calm and effective under pressure.
• High attention to detail, strong ethics, and professional integrity.
• Results-driven mindset with strong business acumen.

Benefits

• 500K per incident HMO coverage + Dental & Optical benefits ​
• 2-week paid Christmas vacation​
• Electricity & Data subsidies​
• 25K Educational Assistance ​
• Training and equipment will be provided​
• Fixed Schedule of Mon-Fri from 7 AM to 4 PM​