Governance, Risk & Compliance (GRC) Specialist (Data and AI) in Southampton

About the Business

About the Role

Level: 4

Department: COO – Business Risk

Location: Southampton (flexible)

Contract type: Permanent

The Governance, Risk & Compliance (GRC) Specialist is an integral role within the COO Business Risk and Governance team, which is part of the broader COO function. You will be responsible for managing and maturing the governance, risk and compliance agenda within the function, coordinating the implementation and embedding of activity aligned with the Quilter enterprise and operational risk management frameworks, supporting leaders in making informed decisions that balance risk and reward while fostering a proactive risk management culture, aligned to the Group COO’s SMCR responsibilities.

Key responsibilities will include providing specialist insights and challenge as needed across the function. You’ll participate in risk-related projects, reviews, and discussions, ensuring a comprehensive understanding of risk management and control is evident throughout. All roles will partner nominated stakeholders and span a number of core disciplines with key areas of delivery, including:

• As a subject matter expert, you’ll be the go-to person for GRC related activities and queries, supporting colleagues across the COO first line of defence, providing specialist advice, analysis and solutions to stakeholders across the function.
• You’ll need to keep up to date with industry best practice, regulatory and Quilter risk methodology changes, ensuring these are communicated across the function.
• You will identify areas for risk mitigation and control enhancements.
• You’ll continuously review and improve processes and methodologies to align with regulatory requirements and industry best practice.
• In addition, to delivery of activity within your specialism you will be required to support on the delivery and/or oversight of other framework activity (e.g. Supplier Due Diligence, Consumer Duty, Conflicts of Interest, Operational Resilience, Business Developed Applications, and SMCR).
• You’ll monitor and co-ordinate delivery of assigned regulatory requests (questionnaires, consultation papers, queries) in collaboration with SMEs and 2nd line teams.
• You’ll develop your expertise through active monitoring and research of trends and innovations, with respect to both GRC and across the domains and specialisms assigned within the role i.e. AI, Third-Party Management, Data; Cyber and Operations, contributing to the requirements, implementation and evolution of the 2LOD Risk Frameworks and Resolver system, supporting 2nd Line Risk and Internal Audit to evolve and improve GRC activity across the Quilter Group.
• Lastly, you will help produce reporting and insight from the team activities and support other ad hoc responsibilities that form part of the COO agenda, delivering briefings and presentations to support leaders to make informed decisions that align to strategy and balance the trade-off between risk and reward, whilst embedding a proactive risk management culture.

The GRC Specialist will be responsible for a domain specialism in one or more of the following areas:

• Provide assurance over the deployment of the Enterprise and Operational Risk Management frameworks providing guidance to stakeholders to ensure effective implementation.
• Facilitate effective oversight and management of assigned risk areas, incorporating best practices from relevant Industry frameworks e.g. ‘COBIT’ to support efficient and comprehensive processes.
• Lead the risk identification, prioritisation and mitigation process, including appetite recommendations for Board approval.
• Support the articulation, documentation and escalation of key risks ensuring effective risk management/reduction plans are deployed, tracked and measured.
• Provide expertise to support the definition and capture of key mitigating controls within the central risk management tool.
• Provide assurance with respect to control effectiveness, working closely with stakeholders to implement effective solutions.
• Ensure risk events are reported, recorded, and escalated in line with Policy.
• Monitor risk management practices and adherence to established standards and policies, ensuring data quality requirements are met, providing input for regular risk reporting, highlighting key risk trends for stakeholders.
• Perform risk assessments and reviews, in collaboration with subject matter experts (SME’s) and co-ordinate activity to accept, track and report risks deemed to be outside of appetite.
• Track and monitor risk exceptions to ensure control deviations and mitigating actions are identified and delivered, including development and maintenance of risk registers.
• Lead and support the RCSA (Risk & Control Self-Assessment) process, challenging risk and control reviews, recommending appropriate remedial action for identified gaps and producing reports.
• Partner with both internal and external auditors and the function SMEs to facilitate audit planning, review, escalation and remediation for the Group COO.
• Where required, you will support good governance through agenda setting, maintaining the corporate calendar, preparation of papers, co-ordination of meetings, capturing management actions and decisions, drafting chair reports, and additional secretariat tasks for your assigned areas, in line with the COO Governance Framework.
• Manage the annual refresh of artefacts, ensuring changes are formally captured, governed and communicated to stakeholders in line with the Group Policy Governance Framework.
• Support completion of and ensure compliance with the Group defined Policy Attestation process, including oversight and governance of compliance action plans.

• Support the development, implementation and maintenance of the COO governance framework.
• Work to ensure all COO committees and forums align with each other and corporate governance requirements and that COO governance activity supports SMCR Reasonable steps, and the right conversations are happening in the right places between the right people.
• Co-ordinate governance processes related to the function, provide administrative support to various committees and forums, including scheduling meetings, preparing agendas, maintaining forward agendas, consolidating and distributing meeting materials, alongside any other agreed secretariat activities.
• Accurately record minutes of meetings and ensure that all decisions and actions are documented and followed up on.
• Ensure COO-level decisions are effectively implemented across underlying forums.
• Prepare Chair reports for the meetings for which you are the assigned secretary and review sub-fora chair reports for completeness and accuracy.
• Maintain accurate and up-to-date records of all governance-related documents including tracking of all papers due for submission to ExCo and Board level fora.
• Provide governance advisory services, supporting the effective implementation of Quilter Corporate Governance requirements, in line with the Group Governance Manual.
• Supporting delivery of Board, Committee, and ad-hoc deep dive papers across the function, including the drafting of papers or alternatively the provision of support, advice and review to SMEs to support the drafting of papers.

• Establish, agree and deliver the COO first line assurance plan.
• Lead and develop a team of risk and control analysts to deliver the approved plan covering both routine and risk-based assurance.
• Engage the business to review and test processes and controls, to provide independent assurance over the effectiveness of the control environment.
• Actively support the identification of solutions and remediation activities, collaborating with SMEs to support continuous improvement and enhancement of the COO control environment.
• Maintain thorough documentation of all findings, methodologies, and recommendations for future reference and assurance activity.
• Compile comprehensive reports that detail the findings from assurance activities, ensuring clarity and accuracy, interpret results to provide meaningful insights and recommendation.
• Communicate findings effectively to stakeholders, including senior leaders.
• Track and report on the implementation of recommended actions and improvements to drive robust and timely closure.
• Continuously review and improve processes and methodologies to align with regulatory requirements and industry best practice.
• Maintain relationships with other assurance functions (Compliance Monitoring, and Internal Audit).
• Co-ordinate the tracking and reporting of all management assurance actions (GIA, Compliance, other assurance etc) to drive robust and timely closure.
• Provide assurance methodology and framework advisory services, keeping up to date with changes and ensuring these are appropriately communicated across the function.

• Work closely with the function leadership team to produce appropriate, effective and insightful management information (MI) for Board, Executive, Management and Operational forums.
• Ensure reporting observes relevant company and regulatory requirements e.g. DORA, SMCR etc.
• Build and deliver a pragmatic, sustainable approach to the delivery of management information including the governance of changes.
• Own and develop the function’s GRC metrics, data and reports, driving improved coverage and reporting automation where possible.
• Identify new strategic sources / solutions to MI extraction and consolidation for Governance reporting; develop and implement solutions.
• Collect, collate, analyse, interpret and report on information to enable senior leaders to make informed decisions, based upon accurate, insightful and meaningful data, which aligns to strategy and facilitates effective oversight and management of risks.
• Use data from a wide range of sources to analyse key risk exposure areas and identify and articulate potential impacts on the business.
• Validate controls/ assurance processes to ensure data consumed within reporting is accurate, reliable, robust and timely.
• Provide leadership and expertise to successfully embed reporting best practice across a suite of reports.

• Support the embedding of the Operational Resilience Framework. Activities will include:
• Identify, assess, and manage risks that could impact our operational resilience. This includes evaluating potential threats and vulnerabilities.
• Develop, implement and maintain Business Impact Assessments, and mapping of dependencies to business processes.
• Develop, implement and maintain business continuity plans to ensure the organization can continue to operate during and after a disruption.
• Develop, implement and maintain incident management and response plans.
• Develop and maintain ‘playbooks’ for severe but plausible scenarios.
• Support the resolution of any identified vulnerabilities.
• Support the Operational Resilience team with planning and delivery of scenario testing as required.
• Develop and execute a plan to test local incident response plans and playbooks, ensuring awareness of individuals to drive a coordinated response in the event of disruption.
• Support the response and recording of incidents as required, ensuring a clear record is maintained of impacts, decisions and actions taken.
• Where local incident structures are invoked, collate and document lessons learned.
• Challenge SMEs in order to obtain and develop the information required to support activities.
• Conduct training sessions and awareness programs to educate colleagues about operational resilience and their role in maintaining it.

About You

Our ideal candidate will have experience of working in one or more of the COO functional domains including Operations, Assurance & Oversight, CASS, Technology, Information Security, Change Delivery, Procurement & Supplier Management and Operational Resilience, preferably within Financial Services. With demonstrable experience, expertise and proficiency in risk assessment and management, and the relevant methodologies, tools, and systems along with previous experience and/or material exposure to assurance, audit, or compliance monitoring based activities.

Ideally, you’ll have a strong understanding of regulatory requirements and industry best practices relating to one or more of the COO functional domains in addition to risk management. You will have excellent written and verbal communication skills with the ability to convey complex information confidently and effectively to diverse stakeholders, whilst demonstrating a high level of accuracy and attention to detail. You will have an analytical approach and be able to use data and metrics insightfully to drive actions and develop solutions for your stakeholders. You will demonstrate credibility, professionalism and strong personal integrity and act as a role model for the Quilter values. As well as having the ability to build and maintain positive working relationships, communicating and collaborating effectively with cross-functional teams to positively influence and persuade others. You will have strong organisation and planning skills to manage a wide variety of tasks, processes and responsibilities and are self‑motivated with a strong results focus, taking initiative and making decisions within your remit to execute in fast, simple and focused way. You will drive disciplined delivery, embracing change and initiating new and better ways of working to deliver positive outcomes. You will develop your own capability, supported by Quilter, and will also look outside of the organisation to keep up to date with industry advances, utilising your knowledge to support the delivery of new and innovative solutions.

Professional Qualifications (preferred, but not essential): Holder of or working towards an appropriate professional certification or relevant professional risk qualification. We will provide training on the required aspects of the role to help ensure that you are able to succeed.

Inclusion & Diversity

We value diversity and strive to promote inclusivity in all aspects of our culture. We believe in equal opportunities for all, ensuring that no applicant encounters less favourable treatment based on anything but their skills, qualifications, experience, and potential. We celebrate the unique contributions of a diverse workforce and create a respectful, nurturing environment where every colleague can thrive.

Values

• Do the right thing: We act with integrity and are proudly committed to going above and beyond in service of our clients and the support we provide our communities.
• Always curious: We continuously seek new ideas and knowledge so we’re one step ahead of our clients’ needs. We look for inspiration everywhere and encourage experimentation, recognising that this is how we create brilliant solutions for brighter futures.
• Embrace challenge: We aim high to transform our potential into meaningful outcomes. With ambition as our driving force and a steadfast commitment to growth, we succeed for the good of every generation.
• Stronger together: Combining our diverse talents, we accomplish more collectively than we ever could do alone. We speak openly, actively listen, and support each other, and constructively challenge and embrace new ideas. We seek empowerment and demonstrate ownership and trust, with the confidence to make impactful decisions.

Core Benefits

• Holiday: 182 hours (26 days)
• Quilter Incentive Scheme: All employees are eligible to participate in incentive scheme, to incentivise business performance and their contribution.
• Pension Scheme: A non‑contributory company pension scheme that can be boosted through personal contributions.
• Private Medical Insurance: Single cover as standard with options to increase cover to include your partner or children.
• Life Assurance: 4x your salary.
• Income Protection: 75% of salary, less state benefits, payable after 26 weeks of absence.
• Healthcare Cash Plan: Jersey employees only.

In addition to our core benefits, we offer a range of flexible benefits to UK employees that you can choose from and pay for conveniently via a salary deduction.