Archer Integrated Risk Management

Senior ERM Specialist

Archer Integrated Risk Management  •  Bristol, GB (Onsite)  •  3 hours ago
Apply
AI can make mistakes so check important info. Chat history is never stored.

Job Description

The Role

As our Senior Enterprise Risk Specialist, you will be Archer's subject matter expert on enterprise-wide risk – designing, embedding, and continuously improving our ERM framework across a global GRC business. Reporting to the Director of Risk and Compliance, you will operate at the intersection of governance, commercial growth, sales enablement, and third-party risk, translating risk insight into strategic and commercial decisions.

This is a senior individual contributor role with significant cross-functional influence, suited to an experienced ERM practitioner who combines deep technical knowledge with commercial awareness — and who can move fluently between framework architecture, executive reporting, client-facing conversations, vendor assurance, and quantitative risk modelling.

What You’ll Do

Enterprise Risk Framework & Governance

  • Maintain and evolve the firm-wide Risk Management Framework (RMF), ensuring alignment with ISO 31000, COSO ERM, NIST RMF, and applicable global regulatory expectations (including DORA, EU AI Act, and CPS230).
  • Own the risk taxonomy, risk appetite framework, and tolerance thresholds; present annual refresh recommendations to the Risk Committee and coordinate quarterly risk reporting to the Risk Steering Committee.
  • Lead the annual RCSA programme and drive 3LoD integration across ERM, operational resilience, business continuity, internal audit, and compliance — eliminating duplication and strengthening assurance.
  • Build and run the Risk Academy: design and deliver risk training programmes that embed risk awareness across the business.

Governance & Policy

  • Support the Director of Risk and Compliance on risk governance structure, including committee architecture, escalation pathways, delegated authorities, and the Enterprise Policy Governance Framework.
  • Oversee the enterprise risk register and Key Risk Indicator (KRI) programme; partner with Information Security to surface risk themes from incident analysis and assess aggregate exposures across the enterprise risk register.

Sales Enablement & Commercial Partnering

  • Partner with Sales and Go-to-Market teams to embed risk-informed thinking into pursuit strategy, proposal responses, and client onboarding; act as risk SME on strategic deals.
  • Review RFP security and risk questionnaires and contractual risk clauses; advise on acceptable positions and escalation triggers; collaborate with Legal on agreement reviews.
  • Build a library of reusable risk content — playbooks, position papers, and control narratives — that accelerates deal velocity without diluting risk standards.

Third-Party Risk Management

  • Own the end-to-end third-party risk lifecycle: inherent risk tiering, due diligence, contractual safeguards, ongoing monitoring, and offboarding — coordinating across Procurement, Legal, InfoSec, and Privacy.
  • Maintain the concentration and Nth-party risk view; report systemic dependencies into the enterprise risk profile and drive remediation plans with vendor owners, escalating residual risk decisions in line with appetite.

What You Bring

  • Deep, hands-on experience in enterprise risk management, operational risk, or a closely related discipline, with a track record of operating at a senior level within global organisations.
  • Proven track record of implementing or evolving ERM frameworks, including risk appetite, governance structures, and risk registers.
  • Strong working knowledge of global regulatory frameworks relevant to a GRC software provider, including DORA, EU AI Act, GDPR, NIS2, ISO 31000, and COSO ERM.
  • Experience conducting third-party and vendor risk assessments and managing supplier risk programmes.
  • Demonstrated ability to produce executive-level risk reporting and present to senior governance committees.
  • Clear, confident communicator; able to translate complex risk concepts for non-specialist audiences and produce high-quality written outputs including board-level reporting.
  • Highly self-directed; comfortable delivering in a fast-paced environment with minimal oversight.

Even Better If You Have

  • Degree in a relevant discipline (e.g. Risk Management, Business, Law, Finance), IRM qualification (International Certificate or Diploma in ERM), or equivalent professional certification (e.g. CRISC).
  • Experience partnering with compliance functions to translate regulatory requirements into operational risk programmes.
  • Experience designing and delivering internal risk training or awareness programmes.
  • Familiarity with financial services regulatory frameworks such as Basel III/IV, Solvency II, or FCA/PRA requirements.
  • Experience in a GRC, SaaS, or technology-enabled services environment.
  • Exposure to quantitative risk modelling techniques.
Archer Integrated Risk Management

About Archer Integrated Risk Management

For more than 20 years, Archer has pioneered holistic integrated risk management solutions that empower enterprise organizations to more effectively manage risk, ensure compliance, and address emerging challenges. Leveraging advanced technology like artificial intelligence (AI) and risk quantification, Archer’s broad range of solutions and services provide our clients with a clear understanding of risk that drives strategic decision-making and operational resilience. Visit www.ArcherIRM.com.

Industry
IT & Software
Company Size
501-1,000 employees
Headquarters
Overland Park, Kansas
Year Founded
Unknown
Social Media