RISK, COMPLIANCE, DATA PROTECTION & INTERNAL CONTROLS OFFICER x 1
eShandi is one of Africa's fastest-growing fintech companies, leveraging technology to expand financial inclusion through digital lending, embedded finance, digital payments, agency banking and innovative financial services. Our mission is to provide accessible, affordable and intelligent financial solutions that empower individuals and businesses across Africa.
As a regulated financial services provider, we are committed to the highest standards of governance, integrity, risk management, regulatory compliance and data protection. We are seeking an exceptional Risk, Compliance, Data Protection & Internal Controls Officer to help strengthen our governance framework and support the sustainable growth of our business.
Position Summary:
The Risk, Compliance, Data Protection & Internal Controls Officer will be responsible for supporting the implementation and continuous improvement of eShandi's Governance, Risk and Compliance (GRC) framework. The role will assist in identifying, assessing, monitoring and mitigating enterprise risks while ensuring compliance with applicable laws, regulations, internal policies and industry best practices.
The successful candidate will also play a key role in strengthening internal controls, promoting a culture of compliance and ethical conduct, supporting data privacy initiatives, coordinating regulatory reporting, and working closely with all departments to ensure that risk management and compliance are embedded in everyday business operations.
This position offers an excellent opportunity for an ambitious professional seeking to build a career in governance, risk management, compliance and fintech regulation.
Key Responsibilities:
Enterprise Risk Management
Support the implementation and continuous improvement of the Enterprise Risk Management (ERM) Framework.
Identify, assess, monitor, and report strategic, operational, financial, regulatory, technology, cybersecurity and reputational risks.
Maintain and update the corporate Risk Register.
Monitor the implementation of risk mitigation plans across departments.
Develop and monitor Key Risk Indicators (KRIs).
Prepare periodic risk reports for management.
Promote risk awareness and a strong risk culture throughout the organisation.
Regulatory Compliance
Monitor compliance with all applicable laws, regulations, and regulatory requirements.
Support compliance with requirements issued by the Bank of Zambia, Securities and Exchange Commission, Financial Intelligence Centre, Zambia Revenue Authority and other applicable regulators.
Monitor regulatory developments and assess their impact on the business.
Coordinate regulatory reporting and submissions.
Assist during regulatory inspections and examinations.
Maintain compliance registers and reporting calendars.
Ensure business units operate in accordance with approved policies and regulatory requirements.
Internal Controls
Evaluate the effectiveness of financial and operational internal controls.
Conduct internal control reviews across all departments.
Identify control weaknesses and recommend corrective actions.
Monitor implementation of agreed corrective actions.
Review approval workflows, segregation of duties, and delegated authorities.
Support the continuous improvement of internal control processes.
Data Protection & Privacy
Support compliance with the Zambia Data Protection Act, 2021, and other applicable data privacy laws in jurisdictions where eShandi operates.
Assist in developing, implementing, and monitoring the company's Data Protection and Privacy Framework.
Ensure personal and sensitive customer information is processed, stored, and shared securely and lawfully.
Maintain records of processing activities and other privacy documentation.
Conduct Data Protection Impact Assessments (DPIAs) and Privacy Impact Assessments (PIAs) where required.
Monitor compliance with data retention, classification, and secure disposal requirements.
Investigate and document data protection incidents and breaches, ensuring timely escalation and reporting.
Work closely with Technology and Product teams to ensure privacy-by-design principles are incorporated into systems and products.
Support employee awareness programmes on data protection, confidentiality, and responsible handling of customer information.
Anti-Money Laundering (AML/CFT) & Financial Crime
Support implementation of the company's AML, Counter Financing of Terrorism (CFT), Know Your Customer (KYC), and Customer Due Diligence (CDD) programmes.
Monitor compliance with AML/CFT policies and procedures.
Assist with transaction monitoring and sanctions screening processes.
Support investigations into suspicious transactions.
Prepare documentation required for reporting suspicious transactions where applicable.
Promote awareness of financial crime prevention across the organisation.
Governance & Policy Management
Assist in developing, reviewing, and updating company policies and procedures.
Ensure policies remain aligned with regulatory requirements and industry best practices.
Support implementation of governance frameworks.
Maintain policy registers and governance documentation.
Promote ethical business conduct and good corporate governance.
Audit Coordination
Coordinate management responses to internal and external audit findings.
Track implementation of audit recommendations.
Prepare audit schedules and supporting documentation.
Liaise with auditors during audit engagements.
Monitor closure of audit action plans.
Operational Risk & Business Continuity
Monitor operational incidents and recommend corrective actions.
Support implementation of Business Continuity and Disaster Recovery plans.
Participate in operational resilience initiatives.
Analyse operational losses and identify root causes.
Recommend improvements to strengthen operational resilience.
Training & Compliance Awareness
Conduct compliance, ethics, and risk awareness training for employees.
Develop awareness materials and compliance communications.
Promote a culture of accountability, integrity, and responsible risk management throughout the organisation.
Cross-Functional Collaboration
Work closely with Finance, Operations, Technology, Product, Customer Experience, Legal, Human Resources, and Executive Management to embed governance and compliance into business processes.
Provide advice on governance and compliance considerations for new products, partnerships, and strategic initiatives.
Qualifications & Experience
Bachelor's degree in Risk Management, Finance, Accounting, Law, Banking, Information Systems, or a related discipline.
Minimum of 2 years' relevant experience in risk management, compliance, internal controls, audit, governance, banking, fintech, or financial services.
Experience within a regulated financial institution or fintech environment will be an added advantage.
Professional Qualifications (Advantageous)
Candidates holding any of the following will have an added advantage:
ZICA
ACCA
CIMA
CPA
Certified Anti-Money Laundering Specialist (CAMS)
Certified Internal Auditor (CIA)
Certification in Risk Management Assurance (CRMA)
Certified Information Systems Auditor (CISA)
Data Protection or Privacy certifications
Technical Competencies
The successful candidate should demonstrate knowledge or experience in:
Enterprise Risk Management
Internal Controls
Corporate Governance
Regulatory Compliance
AML/CFT & KYC requirements
Data Protection and Privacy
Financial Services Regulations
Risk Assessments and Control Testing
Policy Development
Audit Coordination
Operational Risk Management
Business Continuity Planning
Microsoft Excel and Microsoft Office Suite
Risk, Compliance, or Governance Management Systems (advantage)
Information Security principles (advantage)
Behavioural Competencies
We are looking for an individual who demonstrates:
High integrity and ethical standards.
Excellent analytical and critical thinking skills.
Strong attention to detail.
Sound judgement and decision-making ability.
Excellent written and verbal communication skills.
Strong report-writing and presentation skills.
Ability to maintain confidentiality and handle sensitive information.
Strong planning and organisational skills.
Ability to work independently and collaboratively.
Proactive problem-solving ability.
Commitment to continuous learning and professional development.
Why Join eShandi?
At eShandi, you will become part of a purpose-driven organisation that is redefining financial inclusion through technology. You will work alongside a passionate team dedicated to building innovative financial solutions while upholding the highest standards of governance, compliance, and customer trust.
We offer a dynamic, collaborative, and innovative work environment where your ideas matter and your professional growth is supported.
How to Apply
Interested candidates should submit a single PDF document containing their cover letter, curriculum vitae (CV), and academic and professional qualifications. Applications should be emailed to careers@eshandi.com with the subject line:
Application – Risk, Compliance, Data Protection & Internal Controls Officer
Applications close on 20th July, 2026.
Only shortlisted candidates will be contacted.
eShandi is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive workplace where integrity, innovation, and excellence thrive.