Head of Governance, Risk, Controls & Compliance

Key Responsibilities

Governance

• Development of a robust, enterprise-grade, risk-based GRC GT strategy, operating model (framework) and roadmap that is aligned with the company’s global business objectives, regulatory obligations, and client expectations.
• Lead a high-performing global team of risk and governance professionals with deep subject matter expertise in local/regional regulatory, technology and business requirements.
• Implementation of an effective governance structure framework that defines how decisions are made, who is accountable, and how compliance and performance are monitored within GT.
• Oversight the provision of regular reporting on all GRC activities to management through the monitoring of KPIs/KRIs.
• Ensuring governance frameworks support WTW’s regulatory, audit, and compliance obligations, with the flexibility to adapt to changing requirements, while aligning to the Enterprise Risk Management framework and governance structure/standards.
• Continuously evaluate and improve governance processes, to enhance governance and control activities.

Risk Management

• In collaboration with Technology Leadership, encourage a culture of proactive risk ownership and accountability across all GT teams. Resolve conflicts between commercial objectives and risk mitigation by applying a risk-based approach that is agreed with global leaders.
• Embed a risk-based, control-focused approach across Technology change and operational activities.
• Oversee and drive remediation of risks and control gaps.
• Monitor, remediate and report on all non-Cyber-related Governance, Risk and Compliance requirements within GT.
• Collaborate with the Technology & Cyber Risk, Controls and Regulatory Engagements team to align risk identification, ownership, and reporting.

Compliance

• Oversee compliance with technology and cyber-related global regulatory requirements, industry standards and frameworks such as NIST, ISO 27001. This includes leading all regulatory-oriented governance, reporting and compliance requirements associated with Global Technology (e.g., DORA).

Senior Stakeholder Engagement & Representation

• Engage with senior leadership, Board-level forums, and internal regulatory stakeholders.
• Represent governance and control topics in senior forums and with key functional partners including Legal, Finance, Internal Audit, Compliance, and Risk

Qualification & Requirements

• Bachelor’s degree in Technology, Business Administration, Finance, or a related field. A Master’s Degree is preferred.
• Preference provided to candidates with any of the following: Financial Risk Manager (FRM), Professional Risk Manager (PRM), Certified in Risk and Information Systems Control (CRISC), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA).
• Demonstrated understanding of technology and business priorities and required outcomes.
• Demonstrated organizational change management/leadership in a large, complex organization.
• Progressive experience leading a high-performing global team of risk and governance professionally.
• Experience in developing and executing a robust enterprise-grade risk-based strategy.
• Significant experience in technology governance, risk, or control roles within large, complex, and regulated organisations.
• Demonstrable track record of improving control environments, remediating risks, and collaborating with senior stakeholders across multiple functions.
• Sound knowledge of technology risk and control frameworks (e.g. NIST, ISO 27001) and practical application in global environments.
• Experience engaging across multiple disciplines, including legal, finance, audit, and technology delivery functions.
• Ability to influence organisational behaviour and embed a culture of accountability in risk and control practices.
• Strong interpersonal and communication skills, with the ability to operate effectively at senior levels across global teams and communicate complex technical information to non-technical stakeholders.
• Strong collaboration skills to understand wider business requirements to ensure technology governance strategies support business priorities

Benefits

WTW provides a competitive benefit package which includes the following (eligibility requirements apply):

• Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Group Accident, Group Critical Illness, Life Insurance, AD&D, Group Legal, Identify Theft Protection, Wellbeing Program and Work/Life Resources (including Employee Assistance Program)
• Leave Benefits: Paid Holidays, Annual Paid Time Off (includes paid state/local paid leave where required), Short-Term Disability, Long-Term Disability, Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave), Paid Time Off (Washington State only)
• Retirement Benefits: Contributory Pension Plan and Savings Plan (401k).