Governance, Risk & Compliance; GRC Specialist; Data and AI

About the Business About the Role

Level: 4

Department: COO - Business Risk

Location:

Southampton (flexible)

Contract type:
Permanent

The Governance, Risk & Compliance (GRC) Specialist is an integral role within the COO Business Risk and Governance team, which is part of the broader COO function.

You will be responsible for managing and maturing the governance, risk and compliance agenda within the function, coordinating the implementation and embedding of activity aligned with the Quilter enterprise and operational risk management frameworks, supporting leaders in making informed decisions that balance risk and reward while fostering a proactive risk management culture, aligned to the Group COO's SMCR responsibilities.

Key responsibilities will include providing specialist insights and challenge as needed across the function. You'll participate in risk-related projects, reviews, and discussions, ensuring a comprehensive understanding of risk management and control is evident throughout.

All roles will partner nominated stakeholders and span a number of core disciplines with key areas of delivery, including:

• As a subject matter expert, you'll be the go‑to person for GRC related activities and queries, supporting colleagues across the COO first line of defence, providing specialist advice, analysis and solutions to stakeholders across the function. You'll need to keep up to date with industry best practice, regulatory and Quilter risk methodology changes, ensuring these are communicated across the function.
• You will identify areas for risk mitigation and control enhancements. You'll continuously review and improve processes and methodologies to align with regulatory requirements and industry best practice.
• In addition, to delivery of activity within your specialism you will be required to support on the delivery and/or oversight of other framework activity (e.g. Supplier Due Diligence, Consumer Duty, Conflicts of Interest, Operational Resilience, Business Developed Applications, and SMCR).
• You'll monitor and co‑coordinate delivery of assigned regulatory requests (questionnaires, consultation papers, queries) in collaboration with SMEs and 2nd line teams.
• You'll develop your expertise through active monitoring and research of trends and innovations, with respect to both GRC and across the domains and specialisms assigned within the role i.e. AI, Third‑Party Management, Data;
  Cyber and Operations, contributing to the requirements, implementation and evolution of the 2
  
  LOD Risk Frameworks and Resolver system, supporting 2nd Line Risk and Internal Audit to evolve and improve GRC activity across the Quilter Group.
• Lastly, you will help produce reporting and insight from the team activities and support other ad hoc responsibilities that form part of the COO agenda, delivering briefings and presentations to support leaders to make informed decisions that align to strategy and balance the trade‑off between risk and reward, whilst embedding a proactive risk management culture.

The GRC Specialist will be responsible for a domain specialism in one or more of the following areas:

• Provide assurance over the deployment of the Enterprise and Operational Risk Management frameworks providing guidance to stakeholders to ensure effective implementation.
• Facilitate effective oversight and management of assigned risk areas, incorporating best practices from relevant Industry frameworks e.g. 'COBIT' to support efficient and comprehensive processes.
• Lead the risk identification, prioritisation and mitigation process, including appetite recommendations for Board approval. Support the articulation, documentation and escalation of key risks ensuring effective risk management/reduction plans are deployed, tracked and measured.
• Provide expertise to support the definition and capture of key mitigating controls within the central risk management tool. Provide assurance with respect to control effectiveness, working closely with stakeholders to implement effective solutions.
• Ensure risk events are reported, recorded, and escalated in line with Policy.
• Monitor risk management practices and adherence to established standards and…