As Group Head of Risk and Assurance you will be responsible for enhancing and embedding the current Risk and Assurance Function. This will involve taking stock of the function’s current position within the organisation and putting structures and processes in place that enable it to support business decisions and identify and manage risks before issues occur.
The role will have a global remit, with responsibility for risk management within not just our London head office, but also our large offices in Cebu and Denver, our Technology and processing hub in Krakow and smaller offices spread around the world.
You will be an all-rounder who is knowledgeable/experienced and resilient but also a great leader and willing to work hard to get the risk management framework and engagement right.
What will you be doing in this role
- Develop and mature the Group Risk Management, Governance and Assurance framework including liaising with Board, Audit and Risk Committees.
- Oversee the assessment, mitigation and monitoring of risks across the group.
- Drive the assurance agenda by implementing an effective and right-sized third line of defence (with co-source partner).
- Develop a risk management culture throughout the organisation.
- Support the business to formalise its risk appetite and develop key risk metrics.
- Manage the risk reporting, governance, business partnering and assurance activities for the ERM teams – with a view to continually improve on the current state of operating.
- Support key change/transformational programmes/projects by providing relevant requirements and assisting with the identification and quantification of the key project and business risks, ensuring any residual business risk are accepted, owned and managed.
- Drive and enhance the ownership and understanding of risk across all levels of the business – executive team down to the front line.
- Develop and enhance the governance and assurance frameworks and activities across the organisation.
- Work closely to build strong relationships with all areas of the business, in particular the Compliance, Legal, Finance, Technology and Product business units.
- Keep the business informed of emerging industry risks and manage these in a pragmatic way.
- Design and deliver risk training across the organisation (board, executive, senior management and operational staff)
Key skills and experience requirements
- Strong understanding of enterprise risk management theory and proven experience applying it in organisations.
- Ability to build a risk awareness culture and embedding it within an organisation.
- Knowledge of information security and cyber risks, with experience managing related risks as part of the broader enterprise risk management framework.
- Holds a working knowledge of all key risk types, including conduct risk.
- Analytical mindset to quantify risks where possible.
- Experience in a similar industry or organisation.
- Practical experience implementing COSO/ISO frameworks.
- Experience delivering security/ audit/assurance assessments.
- Experience using data to provide risk insight.
- Resilience to deal with setbacks and changes to business priorities.
- Gravitas to effectively influence and challenge senior stakeholders.
- Experience working with and implementing GRC systems.
- Commercial acumen, being able to balance risks with a business perspective.