Job Description
The Role
As our Senior Enterprise Risk Specialist, you will be Archer's subject matter expert on enterprise-wide risk – designing, embedding, and continuously improving our ERM framework across a global GRC business. Reporting to the Director of Risk and Compliance, you will operate at the intersection of governance, commercial growth, sales enablement, and third-party risk, translating risk insight into strategic and commercial decisions.
This is a senior individual contributor role with significant cross-functional influence, suited to an experienced ERM practitioner who combines deep technical knowledge with commercial awareness — and who can move fluently between framework architecture, executive reporting, client-facing conversations, vendor assurance, and quantitative risk modelling.
What You’ll Do
Enterprise Risk Framework & Governance
- Maintain and evolve the firm-wide Risk Management Framework (RMF), ensuring alignment with ISO 31000, COSO ERM, NIST RMF, and applicable global regulatory expectations (including DORA, EU AI Act, and CPS230).
- Own the risk taxonomy, risk appetite framework, and tolerance thresholds; present annual refresh recommendations to the Risk Committee and coordinate quarterly risk reporting to the Risk Steering Committee.
- Lead the annual RCSA programme and drive 3LoD integration across ERM, operational resilience, business continuity, internal audit, and compliance — eliminating duplication and strengthening assurance.
- Build and run the Risk Academy: design and deliver risk training programmes that embed risk awareness across the business.
Governance & Policy
- Support the Director of Risk and Compliance on risk governance structure, including committee architecture, escalation pathways, delegated authorities, and the Enterprise Policy Governance Framework.
- Oversee the enterprise risk register and Key Risk Indicator (KRI) programme; partner with Information Security to surface risk themes from incident analysis and assess aggregate exposures across the enterprise risk register.
Sales Enablement & Commercial Partnering
- Partner with Sales and Go-to-Market teams to embed risk-informed thinking into pursuit strategy, proposal responses, and client onboarding; act as risk SME on strategic deals.
- Review RFP security and risk questionnaires and contractual risk clauses; advise on acceptable positions and escalation triggers; collaborate with Legal on agreement reviews.
- Build a library of reusable risk content — playbooks, position papers, and control narratives — that accelerates deal velocity without diluting risk standards.
Third-Party Risk Management
- Own the end-to-end third-party risk lifecycle: inherent risk tiering, due diligence, contractual safeguards, ongoing monitoring, and offboarding — coordinating across Procurement, Legal, InfoSec, and Privacy.
- Maintain the concentration and Nth-party risk view; report systemic dependencies into the enterprise risk profile and drive remediation plans with vendor owners, escalating residual risk decisions in line with appetite.
What You Bring
- Deep, hands-on experience in enterprise risk management, operational risk, or a closely related discipline, with a track record of operating at a senior level within global organisations.
- Proven track record of implementing or evolving ERM frameworks, including risk appetite, governance structures, and risk registers.
- Strong working knowledge of global regulatory frameworks relevant to a GRC software provider, including DORA, EU AI Act, GDPR, NIS2, ISO 31000, and COSO ERM.
- Experience conducting third-party and vendor risk assessments and managing supplier risk programmes.
- Demonstrated ability to produce executive-level risk reporting and present to senior governance committees.
- Clear, confident communicator; able to translate complex risk concepts for non-specialist audiences and produce high-quality written outputs including board-level reporting.
- Highly self-directed; comfortable delivering in a fast-paced environment with minimal oversight.
Even Better If You Have
- Degree in a relevant discipline (e.g. Risk Management, Business, Law, Finance), IRM qualification (International Certificate or Diploma in ERM), or equivalent professional certification (e.g. CRISC).
- Experience partnering with compliance functions to translate regulatory requirements into operational risk programmes.
- Experience designing and delivering internal risk training or awareness programmes.
- Familiarity with financial services regulatory frameworks such as Basel III/IV, Solvency II, or FCA/PRA requirements.
- Experience in a GRC, SaaS, or technology-enabled services environment.
- Exposure to quantitative risk modelling techniques.