As our Senior Enterprise Risk Specialist, you will be Archer's subject matter expert on enterprise-wide risk – designing, embedding, and continuously improving our ERM framework across a global GRC business. Reporting to the Director of Risk and Compliance, you will operate at the intersection of governance, commercial growth, sales enablement, and third-party risk, translating risk insight into strategic and commercial decisions.
This is a senior individual contributor role with significant cross-functional influence, suited to an experienced ERM practitioner who combines deep technical knowledge with commercial awareness — and who can move fluently between framework architecture, executive reporting, client-facing conversations, vendor assurance, and quantitative risk modelling.
What You’ll Do
Enterprise Risk Framework & Governance
Maintain and evolve the firm-wide Risk Management Framework (RMF), ensuring alignment with ISO 31000, COSO ERM, NIST RMF, and applicable global regulatory expectations (including DORA, EU AI Act, and CPS230).
Own the risk taxonomy, risk appetite framework, and tolerance thresholds; present annual refresh recommendations to the Risk Committee and coordinate quarterly risk reporting to the Risk Steering Committee.
Lead the annual RCSA programme and drive 3LoD integration across ERM, operational resilience, business continuity, internal audit, and compliance — eliminating duplication and strengthening assurance.
Build and run the Risk Academy: design and deliver risk training programmes that embed risk awareness across the business.
Governance & Policy
Support the Director of Risk and Compliance on risk governance structure, including committee architecture, escalation pathways, delegated authorities, and the Enterprise Policy Governance Framework.
Oversee the enterprise risk register and Key Risk Indicator (KRI) programme; partner with Information Security to surface risk themes from incident analysis and assess aggregate exposures across the enterprise risk register.
Sales Enablement & Commercial Partnering
Partner with Sales and Go-to-Market teams to embed risk-informed thinking into pursuit strategy, proposal responses, and client onboarding; act as risk SME on strategic deals.
Review RFP security and risk questionnaires and contractual risk clauses; advise on acceptable positions and escalation triggers; collaborate with Legal on agreement reviews.
Build a library of reusable risk content — playbooks, position papers, and control narratives — that accelerates deal velocity without diluting risk standards.
Third-Party Risk Management
Own the end-to-end third-party risk lifecycle: inherent risk tiering, due diligence, contractual safeguards, ongoing monitoring, and offboarding — coordinating across Procurement, Legal, InfoSec, and Privacy.
Maintain the concentration and Nth-party risk view; report systemic dependencies into the enterprise risk profile and drive remediation plans with vendor owners, escalating residual risk decisions in line with appetite.
What You Bring
Deep, hands-on experience in enterprise risk management, operational risk, or a closely related discipline, with a track record of operating at a senior level within global organisations.
Proven track record of implementing or evolving ERM frameworks, including risk appetite, governance structures, and risk registers.
Strong working knowledge of global regulatory frameworks relevant to a GRC software provider, including DORA, EU AI Act, GDPR, NIS2, ISO 31000, and COSO ERM.
Experience conducting third-party and vendor risk assessments and managing supplier risk programmes.
Demonstrated ability to produce executive-level risk reporting and present to senior governance committees.
Clear, confident communicator; able to translate complex risk concepts for non-specialist audiences and produce high-quality written outputs including board-level reporting.
Highly self-directed; comfortable delivering in a fast-paced environment with minimal oversight.
Even Better If You Have
Degree in a relevant discipline (e.g. Risk Management, Business, Law, Finance), IRM qualification (International Certificate or Diploma in ERM), or equivalent professional certification (e.g. CRISC).
Experience partnering with compliance functions to translate regulatory requirements into operational risk programmes.
Experience designing and delivering internal risk training or awareness programmes.
Familiarity with financial services regulatory frameworks such as Basel III/IV, Solvency II, or FCA/PRA requirements.
Experience in a GRC, SaaS, or technology-enabled services environment.
Exposure to quantitative risk modelling techniques.
All Job Ads are subject to GrabJobs’s Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by GrabJobs moderation team. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.
Be the first to receive the latest Others Full-Time Jobs in the UK.
Setup your job alert:
By activating job alerts, I agree to GrabJobs Terms & Privacy Policy. I can unsubscribe to job alerts anytime.
Skip
GrabJobs is the no1 job portal in the UK, connecting you to thousands of jobs fast!
Find the best jobs in the UK, apply in 1 click and get a job today!