Risk & Privacy Associate

Risk & Privacy Associate

Our client a well-established group is seeking a motivated, analytical, and hands-on Risk & Privacy Associate to join its Enterprise Risk Management function.

In this key Group role, you will support subsidiaries in confidently managing their risks, deliver the privacy programme end-to-end, and test and evidence controls to ensure audit and regulatory readiness across all entities.

Key Responsibilities:

• Support the implementation, rollout, and continuous improvement of the Group’s Enterprise Risk Management (ERM) framework across all subsidiaries.
• Assist subsidiaries in identifying, assessing, mitigating, and reporting key risks in line with Group standards.
• Build the capacity of Risk Champions through guidance, coaching, and awareness on risk identification, assessment, mitigation, and reporting.
• Participate in the elaboration, implementation, monitoring, and continuous improvement of the Group’s privacy programme.
• Translate regulatory and data protection updates into practical, actionable recommendations for the business.
• Support and deliver privacy awareness initiatives across the Group.
• Analyse internal audit findings, link issues to risks and controls, and verify the effectiveness of remediation actions through to closure.
• Plan, test, evidence, and track the effectiveness of internal controls to ensure audit and regulatory readiness.
• Support cyber hygiene awareness, incident readiness, and personal data breach prevention initiatives, in collaboration with IT and other stakeholders.
• Contribute to clear, concise, and decision-ready reports for Management and the Audit & Risk Committee.
• Liaise closely with cross-functional teams to ensure effective, practical, and collaborative risk and privacy management.

Candidate Profile:

• At least 2 years’ relevant experience in one or more of the following areas: audit, risk management, compliance, data protection, or internal controls.

• Bachelor’s degree in management, IT, Law, Finance, or a related field.

• Sound understanding of ERM principles and working knowledge of the Mauritius Data Protection Act 2017.

• Strong analytical skills with the ability to translate governance and regulatory requirements into practical business actions.

• Good communication skills, with the ability to present complex topics clearly to non-technical stakeholders.

• Proficient in MS Office applications.

• Professional certifications such as CISA, CISM, CRISC, ISO 27001, or IAPP will be an advantage.