• Lead the design and deployment of a firm-wide TPRM framework (including outsourcing governance framework). • Manage the ongoing TPRM program which includes an integrated approach for assessing and mitigating the risk of new and existing third-party suppliers. • Ensure that risks associated with Third Party relationships, before and after entering into contracts, are sufficiently identified, assessed, monitored and controlled. • Manage and enhance the governance model to provide ongoing monitoring and oversight of the risks posed by third parties. • Monitor and update third-party risk assessment framework to respond and adhere to new and existing regulatory guidelines and initiatives. • Lead third-party risk segmentation, deploy and maintain up-to-date annual attestations by contract owners. • Develop reports for use by business areas and senior management regarding third-party risks. • Identify and escalate key items of concern regarding new and existing current third parties, including the potential of concentration risk and fourth-party risk exposures. • Partner with sourcing partners, Operational Risk Team, Information Security and Technology Risk Team, Compliance, Legal, business areas and other assurance functions in the second and third line of defense to identify third-party risks and escalate those risks appropriately. • Support Head of TPRM in addressing the Central Bank, Internal Audit, and Compliance observations. • Monitor the first line Business Units’ status of the RCSA, ORE, KRI, Issues & Actions and NPPA programs; • Perform detailed analysis on the outputs of the Group operational risk management programs; • Maintain ongoing monitoring of the Bank’s Operational Risk profile at a Business Unit level; • Maintain compliance to regulatory requirements and create environment for continuous improvements. • Provide user support and ensure ongoing management of the Group operational risk program design on prism, the Bank’s Operational Risk Management Information System.

• Drive globally the standardization, accessibility, and continuous improvement of the organization’s Knowledge Management and Service Management frameworks. • Support the development, continuous enhancement, and implementation of the Knowledge Management framework aligned with business objectives. • Define governance structures, including documentation standards, templates, taxonomy, metadata, ownership principles, and approval workflows. • Promote a knowledge-sharing culture and best practices across the organization. • Coordinate the creation, consistency, and quality assurance of operational documentation (Policies, SOPs, Work Instructions, Guidelines). • Ensure documentation alignment with process hierarchy and service catalogues. • Identify and eliminate redundant, obsolete, or duplicate documentation. • Administer knowledge repositories and document management systems (e.g., SharePoint) while optimizing search mechanisms. • Implement workflow automation and digital solutions to streamline the documentation lifecycle. • Collaborate with IT and business stakeholders to enhance user experience and accessibility. • Monitor Knowledge Management KPIs and report on documentation quality, coverage, and compliance metrics. • Identify knowledge gaps and drive continuous improvement initiatives to increase efficiency and adoption. • Support the development and maintenance of the Service Catalogue, ensuring accurate definitions and descriptions. • Maintain service cards, dependencies, ownership data, and related service portfolio information. • Collaborate with Global Process Owners (GPOs), SMEs, and GBS Operations Teams to capture and maintain critical knowledge. • Facilitate workshops and training sessions while providing guidance to document owners and contributors. • Support onboarding and organizational learning initiatives through effective knowledge enablement.

• The IT Systems Risk Analyst is responsible for the identification, evaluation, and assessment of cybersecurity risks affecting United Fidelity Bank systems. • Works closely with the IT GRC Manager, IT department stakeholders, and leadership for all duties. • Produces articles, case studies, blogs, white papers and presentations on the latest technology and cybersecurity incidents. • Leverages Threat & Vulnerability Intelligence Sources to identify and evaluate potential Cybersecurity Risks to the Bank. • Conducts formal Risk Assessments using CIA / IL and other risk frameworks. • Develops Cybersecurity Risk Controls and Mitigation Plans for IT Risks and evaluates their implementation and mapping objectives. • Conducts comprehensive risk assessments for the Bank’s technology assets. • Reviews CIS Level I Configuration reports and analyses to assess risks and gaps. • Assists in reviewing, editing, and maintaining existing IT Risk documentation, controls, and mitigations.

• Oversee ERM across multiple operating companies, ensuring consistency and alignment across the organization • Partner with senior leadership to embed risk considerations into strategic planning and business decision-making • Lead the design, implementation, and evolution of the ERM framework • Own and advance the organization’s risk appetite and tolerance framework, aligning it to strategy • Drive enterprise-wide risk identification, assessment, and mitigation • Deliver risk reporting and forward-looking insights to senior leadership, the SMT, and the Board • Lead GRC strategy, including selection and implementation of tools • Act as a central ERM leader, coordinating with specialized risk functions (e.g., Compliance, Audit, IT Risk) to ensure a cohesive enterprise view of risk • Lead and develop a growing ERM team, fostering a strong risk-aware culture