Compliance and Risk Officer, Cape Town

Main purpose of the job

The Compliance and Risk Officer is responsible for supporting the Oneplan’s Governance, Risk, and Compliance (GRC) framework by ensuring adherence to applicable regulatory requirements within the South African financial services sector. This includes frameworks such as POPIA, FAIS General Code of Conduct, Policyholder Protection Rules (PPR), and emerging conduct standards under COFI (Conduct of Financial Institutions).

The role combines compliance oversight with risk management responsibilities, including the identification, assessment, monitoring, and mitigation of regulatory and operational risks. This role will also manage complaints and incidents, contribute to risk reporting, and support the development of a strong compliance and risk culture across the business.

Key Responsibilities

1. Regulatory Compliance Oversight

• Monitor and ensure compliance with applicable legislation and regulatory frameworks, including, FAIS Act and General Code of Conduct, Policyholder Protection Rules (PPR), POPIA (Protection of Personal Information Act), COFI principles and conduct requirements applicable to the Oneplan products within scope
• Interpret and implement regulatory changes, providing guidance to business units on compliance obligations.
• Support regulatory engagement and ensure readiness for audits, inspections, and regulatory reporting requirements.
• Maintain compliance registers and ensure timely tracking of regulatory deliverables applicable to the Oneplan products within scope

2. Risk Management & GRC Integration

• Identify, assess and monitor compliance and operational risk across the Oneplan products within scope
• Maintain and update risk registers, including risk assessments, controls and mitigation plans, working with operational stakeholders to obtain necessary insights
• Conduct risk assessments across various categories of risk, working together with operational management to ensure product specific risk areas are appropriately identified and managed
• Work and various departments to design and implement effective controls to mitigate identified risks.
• Track and report on key risk indicators (KRIs) and compliance metrics.
• Support the embedding of a risk-based approach aligned to GRC best practices.

3. Complaint Management & Conduct Risk

• Take responsibility for and manage formal complaints related to FAIS, PPR, POPIA, and data privacy breaches, as applicable to the Oneplan products within scope
• Ensure complaints are logged, tracked, and resolved within regulatory timelines and internal SLAs.
• Conduct details investigations and provide fair, transparent, and compliant resolutions.
• Analyze compliant data to identify risk trends and systemic issues.
• Ensure alignment with Treating Customers Fairly (TFC) outcome and conduct risk principles.

4. Incident & Data Breach Management

• Support the management of compliance-related incidents, including data breaches and regulatory breaches related to the Oneplan products in scope and ensure timeous escalation
• Collaborate with IT and security teams to investigate incidents and assess impact, as applicable to the Oneplan products in scope
• Ensure compliance with POPIA breach Notification requirements and regulatory expectations.
• Conduct root cause analysis and recommend corrective and preventative actions.
• Monitor incident trends and contribute to risk mitigation strategies.

5. Monitoring, Reporting & Assurance

• Assist in the regular preparation of Oneplan product-specific compliance and risk reports for committees and senior management
• Report on complaints and conduct risk trends, Compliance breaches and incidents, Risk exposure and mitigation progress and support internal audits and compliance monitoring activities.
• Maintain accurate and auditable records to support regulatory inspections

6. Stakeholder Engagement & Governance

• Collaborate with internal stakeholders to ensure integrated GRC practices.
• Engage with external stakeholders, where required
• Provide a support role in governance forums (ie: Committees)
• Escalate high-risk or complex issues appropriately within governance structures.

7. Policy Development & Continuous Improvement

• Assist in the development, review, and implementation of policies, procedures, processes and necessary frameworks aligned to regulatory requirements, as applicable to the Oneplan products in scope
• Drive improvements in compliance and risk processes based on trend analysis and regulatory developments.
• Contribute to the implementation of COFI-aligned conduct frameworks and customer-centric practices.

8. Training & Awareness

• Provide guidance and training to employees on compliance obligations, risk awareness, and regulatory requirements relevant to the Oneplan products in scope
• Promote a culture of compliance, ethical conduct, and proactive risk management.
• Support awareness initiatives related, but not limited to, POPIA, FAIS, TCF, and COFI.