Head of Enterprise Risk & Compliance

The Head of Enterprise, Risk and Compliance will be responsible for the proper functioning of the company’s risk and compliance organisational framework and ensuring that this is effective for identifying and mitigating risk, and ensuring legal compliance in a matrix organisation that trades in the UK and internationally.

You will be accountable for:

• Building an effective risk culture within the business through, amongst other things, the proper functioning of the company’s risk and compliance organisational framework and appropriate liaison and alignment with the Chief Information Security Officer regarding the company’s cyber risks (owned by the CISO);
• Establishing a suitable risk recording and reporting structure in a matrix organisation through working with the business transformation team and the development and training of a network of risk owners across the business;
• The central corporate risk register and all review, reporting and disclosure requirements connected to it including the company’s annual report and Task Force for Climate Related Financial Disclosure Reporting;
• Horizon scanning for the identification of new or emerging internal and external risks to the business;
• Owning and monitoring third party auditing of compliance with the company’s Code of Conduct across domestic and international supply chains;
• Independent verification and monitoring of decentralised audit teams;
• All legal/regulatory compliance training (distinct from operational Health & Safety training);
• Refinement / establishing and testing best in class business continuity and disaster recovery plans save for cyber business continuity where you will ensure that the wider business BC/DR plans are appropriately aligned to the cyber business continuity plans of the Chief Information Security Officer;
• Line management of the company’s Data Protection Officer and data protection team (DPO will retain a dotted line to Director of Legal & Company Secretary);
• Ensuring compliance with key compliance policies such as the Anti Bribery & Corruption Policy, Anti-Slavery and Human Trafficking Policy and Data Protection Policy;
• Ensuring that all company policies are appropriately maintained; and
• Support the corporate finance team as appropriate with maintaining and verifying their SOX-like financial internal controls.

To be successful in this role you will require the following…

Qualifications:

• Degree

Knowledge & Experience:

• 10 years’ experience in risk management and compliance at a senior level
• Experience of managing offshore auditing of international supply chains is preferable
• The ability to align risk management to business strategy
• The ability to discuss risk identification management to C-Suite executives in a clear non-technical manner
• Drafting risk reporting included in Annual reports in statutory accounts

Technical & People Skills:

• An understanding of SOX-like financial internal controls and reporting
• To be able to report risk transparently and effectively to external stakeholders
• A practical and pragmatic approach to problem solving
• The ability to line manage ambitious and effective teams

Impact & Influence:

• The ability to build and promote an effective risk culture within the business
• The ability to surface risks and the management of them effectively within a matrix organisational structure
• The ability to bring risk identification alive across the business and develop a culture of transparency