Senior ERM Specialist in Bristol

Senior ERM Specialist in Bristol

Bristol Full-Time No working from home possible
Archer

The Role

As our Senior Enterprise Risk Specialist, you will be Archer's subject matter expert on enterprise-wide risk – designing, embedding, and continuously improving our ERM framework across a global GRC business. Reporting to the Director of Risk and Compliance, you will operate at the intersection of governance, commercial growth, sales enablement, and third-party risk, translating risk insight into strategic and commercial decisions.

This is a senior individual contributor role with significant cross-functional influence, suited to an experienced ERM practitioner who combines deep technical knowledge with commercial awareness β€” and who can move fluently between framework architecture, executive reporting, client-facing conversations, vendor assurance, and quantitative risk modelling.

What You’ll Do

Enterprise Risk Framework & Governance

  • Maintain and evolve the firm-wide Risk Management Framework (RMF), ensuring alignment with ISO 31000, COSO ERM, NIST RMF, and applicable global regulatory expectations (including DORA, EU AI Act, and CPS230).
  • Own the risk taxonomy, risk appetite framework, and tolerance thresholds; present annual refresh recommendations to the Risk Committee and coordinate quarterly risk reporting to the Risk Steering Committee.
  • Lead the annual RCSA programme and drive 3LoD integration across ERM, operational resilience, business continuity, internal audit, and compliance β€” eliminating duplication and strengthening assurance.
  • Build and run the Risk Academy: design and deliver risk training programmes that embed risk awareness across the business.

Governance & Policy

  • Support the Director of Risk and Compliance on risk governance structure, including committee architecture, escalation pathways, delegated authorities, and the Enterprise Policy Governance Framework.
  • Oversee the enterprise risk register and Key Risk Indicator (KRI) programme; partner with Information Security to surface risk themes from incident analysis and assess aggregate exposures across the enterprise risk register.

Sales Enablement & Commercial Partnering

  • Partner with Sales and Go-to-Market teams to embed risk-informed thinking into pursuit strategy, proposal responses, and client onboarding; act as risk SME on strategic deals.
  • Review RFP security and risk questionnaires and contractual risk clauses; advise on acceptable positions and escalation triggers; collaborate with Legal on agreement reviews.
  • Build a library of reusable risk content β€” playbooks, position papers, and control narratives β€” that accelerates deal velocity without diluting risk standards.

Third-Party Risk Management

  • Own the end-to-end third-party risk lifecycle: inherent risk tiering, due diligence, contractual safeguards, ongoing monitoring, and offboarding β€” coordinating across Procurement, Legal, InfoSec, and Privacy.
  • Maintain the concentration and Nth-party risk view; report systemic dependencies into the enterprise risk profile and drive remediation plans with vendor owners, escalating residual risk decisions in line with appetite.

What You Bring

  • Deep, hands-on experience in enterprise risk management, operational risk, or a closely related discipline, with a track record of operating at a senior level within global organisations.
  • Proven track record of implementing or evolving ERM frameworks, including risk appetite, governance structures, and risk registers.
  • Strong working knowledge of global regulatory frameworks relevant to a GRC software provider, including DORA, EU AI Act, GDPR, NIS2, ISO 31000, and COSO ERM.
  • Experience conducting third-party and vendor risk assessments and managing supplier risk programmes.
  • Demonstrated ability to produce executive-level risk reporting and present to senior governance committees.
  • Clear, confident communicator; able to translate complex risk concepts for non-specialist audiences and produce high-quality written outputs including board-level reporting.
  • Highly self-directed; comfortable delivering in a fast-paced environment with minimal oversight.

Even Better If You Have

  • Degree in a relevant discipline (e.g. Risk Management, Business, Law, Finance), IRM qualification (International Certificate or Diploma in ERM), or equivalent professional certification (e.g. CRISC).
  • Experience partnering with compliance functions to translate regulatory requirements into operational risk programmes.
  • Experience designing and delivering internal risk training or awareness programmes.
  • Familiarity with financial services regulatory frameworks such as Basel III/IV, Solvency II, or FCA/PRA requirements.
  • Experience in a GRC, SaaS, or technology-enabled services environment.
  • Exposure to quantitative risk modelling techniques.

Senior ERM Specialist in Bristol employer: Archer

Archer is an exceptional employer, offering a dynamic work environment in the energy sector of the North Sea. With a strong focus on safety and compliance, employees benefit from a supportive culture that prioritises professional growth through ongoing training and development opportunities. The 3/3 rotation schedule allows for a balanced work-life experience, making it an ideal choice for those seeking meaningful and rewarding employment.

Archer

Contact Details:

Archer Recruitment Team