Dubai - Group Chief Risk Compliance And Controls Officer GRCCO

JOB DESCRIPTION (JD) Of GRCCO

Position Title: Group Chief Risk, Compliance & Controls Officer (GRCCO)

Reporting To: Group CEO

Functional Oversight: Governing Council – Audit, Risk & Commercial Controls Committee (ARCC)

Location: Group HQ (with travel across SBUs & geographies)

Role Purpose

The Group Chief Risk, Compliance & Controls Officer (GRCCO) is responsible for protecting enterprise value by establishing and enforcing a robust, independent risk management, compliance, and commercial control framework across all Strategic Business Units (SBUs).

The role ensures that growth is profitable, compliant, auditable, and sustainable, while minimizing contractual, regulatory, financial, reputational, and operational risks—especially across POWER Transformers & Services, EPC projects, power assets, and healthcare operations in Africa.

Key Role Responsibilities

• Enterprise Risk Management (ERM)
• Design and implement a Group‑wide ERM framework covering all SBUs.
• Define, monitor, and report risk appetite and tolerance limits.
• Maintain enterprise risk registers with mitigation ownership and timelines.
• Provide early‑warning signals for emerging risks (commercial, regulatory, country, ESG).
• Contract Commercial Controls (Critical for EPC & Services)
• Establish mandatory commercial risk review gates for bids, tenders, and contracts.
• Review high‑risk EPC, BESS, transformer service, and healthcare vendor contracts.
• Enforce standardized contract templates, deviation approval, and authority matrices.
• Oversee claims, variations, LD exposure, and dispute escalation.
• Compliance & Regulatory Oversight
• Ensure compliance with:
• Energy & infrastructure regulations
• Healthcare regulatory frameworks (Nigeria & Ghana)
• Corporate law, anti‑bribery, and ethics standards
• Own whistleblower mechanism and ethical conduct enforcement.
• Coordinate with legal counsel on regulatory filings and investigations.
• Audit & Internal Controls
• Lead internal audit planning and execution across SBUs.
• Close audit observations within agreed timelines.
• Ensure adequacy of financial, operational, and IT controls.
• Oversee statutory and external audit coordination (with Group CFO).
• ESG, Ethics & Reputation Risk
• Embed ESG controls relevant to power, infrastructure, and healthcare.
• Monitor environmental, safety, and social compliance.
• Ensure zero tolerance for ethical breaches or reputational negligence.
• Support ESG reporting requirements for lenders and investors.
• Insurance & Risk Transfer
• Define insurance strategy covering projects, assets, liabilities, and healthcare risks.
• Oversee claims management with insurers and brokers.
• Optimize risk transfer vs retained risk decisions.
• Governing Council & Committee Interface
• Act as primary management interface to the Audit, Risk & Commercial Controls Committee.
• Present risk dashboards, audit findings, and mitigation status.
• Escalate red‑flag risks proactively to the Group CEO and Governing Council.
  
  

KEY RESULT AREAS (KRAs)

• Risk Governance & Control Effectiveness
• Enterprise risk framework implemented across 100% SBUs
• Zero unmanaged “high‑impact” risks
• Risk registers updated and reviewed quarterly
• No material surprises to Governing Council
• Contract & Commercial Risk Management
• 100% of high‑value / high‑risk contracts reviewed pre‑signing
• Reduction in margin leakage due to contractual exposure
• Claims success ratio improved year‑on‑year
• Zero unmanaged LD or warranty shocks
• Audit & Compliance Outcomes
• Timely closure of audit observations (target >95% within deadlines)
• No major regulatory penalties or compliance breaches
• Clean audit opinions across SBUs
• Healthcare regulatory compliance maintained without interruption
• ESG, Ethics & Reputation
• Zero tolerance ethical breach record
• Functional whistleblower mechanism with protected disclosures
• ESG readiness for institutional lenders / ESG‑linked financing
• Improved safety & environmental compliance indicators
• Insurance & Risk Mitigation
• Optimal insurance coverage in place for all SBUs
• Claims settled within defined cycle time
• Improved risk transfer efficiency (cost vs coverage)
• Board & Committee Confidence
• Clear, concise, decision‑oriented reporting to ARCC
• High Governing Council confidence in risk transparency
• No escalation failures
  
  

Success Profile (What “Good” Looks Like)

• Protects downside without slowing growth
• Commercially savvy, not just compliance‑oriented
• Can challenge SBU CEOs constructively
• Trusted advisor to Group CEO and Governing Council
• Calm, ethical, firm under pressure
  
  

ADDITIONAL IMPORTANT;

Qualifications – Grcco

Mandatory Education

• Bachelor’s degree in Engineering, Finance, Law, Accounting, or Business Administration
• Post‑graduate qualification (MBA, MS, LLM, or equivalent) from a reputed institution
  
  

Highly Preferred Professional Certifications (one Or More)

• FRM (Financial Risk Manager)
• CPA / CA / ACCA
• CISA / CIA
• PMP (especially for EPC oversight)
• Compliance / Ethics certification from a recognized international body
  
  

Experience Profile

Overall Experience

• 20+ years of progressive experience in:
• Enterprise risk management
• Contract & commercial governance
• Compliance, audit, and controls
• Minimum 7–10 years in a Group / Regional role covering multiple business lines and geographies
  
  

Sector Experience (Must‑Have Mix)

• Power & Energy (generation, transmission, EPC, services)
• Infrastructure projects (EPC, long‑term assets)
• Healthcare or regulated services (strong advantage due to eye‑hospital SBU)
  
  

Scale & Complexity

• Experience in organizations with:
• USD 300M+ revenues, or
• Multi‑SBU / conglomerate structures
• Proven exposure to rapid scale‑up or high‑growth environments
  
  

Governance Exposure

• Regular interaction with:
• Boards / Governing Councils
• Audit & Risk Committees
• External auditors, regulators, lenders, insurers
• Hands‑on involvement in:
• Pre‑contract risk reviews
• Claims, disputes, and arbitration support
• Regulatory inspections and remediation programs
  
  

GEOGRAPHIC & DOMAIN KNOWLEDGE (CRITICAL)

Middle East / Dubai (Base Location)

• Strong working knowledge of:
• UAE corporate governance norms
• Free zone vs mainland legal structures
• EPC contracting practices common in GCC
• Comfortable operating in multi‑national, multi‑culture environments
• Ability to interface with regional lenders, insurers, and advisors
  
  

Africa (Nigeria, Ghana – Mandatory Depth)

• Experience with:
• Regulatory systems in West Africa
• Healthcare compliance and licensing environments
• Country risk, FX controls, repatriation matters
• Proven ability to manage:
• Regulatory uncertainty
• Ethical and reputational risk
• Vendor and third‑party risk in emerging markets
  
  

✅ Direct prior exposure to Africa is strongly preferred, not theoretical knowledge.

India (Mandatory)

• Deep familiarity with:
• Indian corporate governance norms
• EPC contract structures
• Audit regimes and statutory controls
• Ability to translate India‑origin operational scale into global compliance frameworks

---