Risk and Compliance Lead

Working within a broad ranging security, HSE and resilience function, for a market leading multinational, this role will assist in a cross-functional role between Business Continuity, Information Security, Security and Risk Management to ensure compliance with relevant ISO accreditations and the internal Integrated Management Systems.

This role is focussed on compliance, auditing, risk management and ISO management systems (including ISO 22301, 27001 etc) and the post holder will be primarily responsible for the operation, control and improvement of four key areas:

• Assisting in the Risk Management function by supporting the collection of information and submission of Insurance Renewal and Enterprise Risk Management documentation.
• Performing internal and external audits (including supplier management) as required against standards, policies and contracts applicable to the Group.
• Administering and improving systems to ensure document control, auditing and corrective action processes are maintained through their lifecycle.
• Managing a list of training modules that need to be delivered either in-person or via e-learning platform.

The individual will work closely with internal stakeholders, suppliers, and other external partners to support the risk and compliance activity covering all operations and risks.

Specific responsibilities:

• Assisting the Director of Security with regular ELT and Board level Enterprise Risk activities as well as leading the collection of risk information from the divisions.
• Assisting the Group Insurance Manager with the distribution of Requests for Information, collection of responses as well as updating and submitting of renewal data to insurance brokers.
• To ensure that risk assessments are in date, updated as new threats and risks are identified and communicated to stakeholders.
• To perform routine internal audits as will be directed by the audit programme. Audits may be both internal and external and may cover areas within the scope of risk; e.g. information security, physical security, etc.
• To ensure that the supplier management system is operational as per set governance. Supplier management involves the following scope: security, information security, business continuity, environment, social and labour aspects.
• Arranging and distributing supplier questionnaires and recording the responses for further analysis and auditing as required.
• As necessary conducting remote or on-site audits of external stakeholders within the supply chain to ensure compliance against supplier standards and contractual requirements.
• Administering the audit software (QPulse) ensuring that the lifecycle of document control is correct; from creating a QPulse record for a document, follow the document through the approval process and eventually releasing and distributing the documents for stakeholders to access. To pro-actively ensure that documents do not become overdue.
• To create both internal and external audit programmes on the QPulse calendar, reaching out to both auditors and auditees and including the audit scope.
• To monitor punctual completion of corrective actions and verify that completion is to an appropriate level of quality. This will require regular live reviews with action owners to facilitate progress.
• Updating and maintaining of documentation for Business Continuity, Information Security, Insurance, Risk and Travel management systems as well as wider Group Security, HSE and Risk functions as required.
• Leading on analysis, trending and reporting activities are required to influence decision taking as part of strategy setting. This may require setting up automated dashboards to be filled in by stakeholders for quick, relevant and accurate reporting.
• To manage a list of training modules with list of roles that the training is applicable to. To ensure that the training is delivered in-person and/or via the company e-learning platform.
• Ensuring training is to be provided in a timely manner, the training material is updated as required and training records are accurate and easily accessible. Ensuring that the training remains above the required Key Performance Indicators (KPIs).

Candidate profile

Essential

• Self-driven, results-orientated individual that has a clear focus on targets and deadlines and can work independently whilst contributing across functions.
• Excellent written communication skills to provide concise, diligent, and accurate compliance and auditing reports.
• Ability to achieve thoroughness and accuracy when tackling tasks ensuring all documents are always audit ready.
• Ability to deliver in person compelling presentations and training to internal stakeholders.
• Excellent verbal communication skills to influence and engage stakeholders to ensure that the necessary information for compliance, risk and insurance purposes is sought.
• Attention to detail and the ability to focus on small details during auditing and document reviews.
• Experience in auditing against necessary legal, industrial regulations or ISO standards.
• Excellent decision-making and problem-solving ability to enable auditees and trainees to understand complex topics and provide clear and concise corrective actions to close audit findings.
• Ability to exhibit the highest standards of integrity and maintain confidentiality.

Desirable

• Working knowledge of QPulse.
• Working knowledge of the fundamental requirements of ISO 22301 and 27001 standards.
• Experience in compliance and/or implementing or supporting certified ISO management systems.