CrawlJobs Logo
Affinity Trust Logo Affinity Trust · Consulting

Head of Governance and Risk

United Kingdom, Thame Employment contract 65000.00 GBP / Year · Job Posted June 09, 2026
Apply Position
Job Link Share

Job Description

Affinity Trust is a national charity dedicated to supporting people with learning disabilities to live fulfilling lives. We are looking for an exceptional governance professional to join our senior leadership team as our new Head of Governance and Risk. Reporting directly to the Chief Executive, this is a high-impact role at the heart of our organisation. You will lead governance and assurance, act as Company Secretary, oversee corporate risk and business continuity, and advise the Board and Executive Team. As a trusted strategic partner, you will help ensure we meet our statutory and regulatory obligations, strengthen decision-making, and uphold our values.

Job Responsibility

  • Leading governance, assurance and Board/Committee support
  • Acting as Company Secretary and ensuring statutory compliance
  • Managing risk, internal control and organisational resilience
  • Overseeing the performance of external legal advisors
  • Providing governance oversight of data protection and information compliance

Requirements

  • Strong technical expertise in charity governance, risk, and regulatory compliance
  • Confidence advising senior leaders and Trustees
  • Excellent communication, diplomacy, and influencing skills
  • A proactive, values-led approach with the ability to work autonomously
  • The ability to juggle strategic insight with hands-on delivery
Affinity Trust - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Head of Governance and Risk

8 matching positions

Head of Governance, Risk and Compliance - CISO function - BPL

The Head of GRC leads the pillar responsible for ensuring the organisation under...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISM, CRISC, or CISSP certification
  • Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation
  • ISO 27001 Lead Auditor or Lead Implementer certification
  • PCI QSA or Internal Security Assessor (ISA) qualification
  • Previous experience in FinTech, Digital Banking, Payment Acquiring organisation
  • Experience with Visa GACS and Mastercard SDP acquirer compliance programmes
  • Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment
  • Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments
  • Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR)
  • Understanding of cloud-native architectures and their implications for compliance and risk management
Job Responsibility
Job Responsibility
  • Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements
  • Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL)
  • Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters
  • Own the third-party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk-assessed with a tiered approach proportionate to data access and criticality
  • Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT
  • Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle
  • Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms
  • Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships
  • Own the risk assessment calendar, ensuring both cyclical and event-driven assessments are executed on schedule with appropriate rigour
  • Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time-bound, approved at the appropriate authority level, and reviewed before expiry
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Head of Governance, Risk & Compliance

Lead the design and execution of the organization’s GRC strategy, ensuring it al...
Location
Location
Egypt , New Cairo
Salary
Salary:
Not provided
ethicshr.com Logo
Ethics HR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Business Administration, Risk Management, Cybersecurity, Law, or a related field from a reputable university
  • Minimum of 10 years of experience in governance, risk management, compliance
  • Strong knowledge of GRC frameworks, industry standards, and regulatory requirements (e.g., ISO 27001, NIST, GDPR, SOX, HIPAA)
  • Relevant certifications such as CISM, CRISC, CISA, or similar GRC certifications are highly preferred
  • Proven track record of successful full leadership
  • Excellent command of English
Job Responsibility
Job Responsibility
  • Lead the design and execution of the organization’s GRC strategy, ensuring it aligns with corporate goals and objectives
  • Develop and implement governance frameworks, risk management processes, and compliance programs that adhere to regulatory requirements and industry standards
  • Oversee the risk management process, including risk identification, assessment, mitigation, and monitoring
  • Ensure compliance with relevant laws, regulations, and internal policies, including data protection, cybersecurity, financial, and operational regulations
  • Establish and maintain a strong risk management and compliance culture throughout the organization
  • Provide leadership and guidance to cross-functional teams to ensure effective implementation of GRC initiatives
  • Lead internal and external audits, managing the process and ensuring timely remediation of identified issues
  • Monitor and report on the organization’s risk posture and compliance status to executive leadership and the board
  • Develop, implement, and maintain policies and procedures to address risks and compliance obligations
  • Provide training and awareness programs to employees on GRC topics, fostering compliance and risk-conscious behavior
Read More
Arrow Right

Head of Risk and Regulatory Assurance

At Hyde, we’re committed to providing safe, high-quality homes across the social...
Location
Location
United Kingdom , London Bridge
Salary
Salary:
80000.00 - 95000.00 GBP / Year
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant experience leading risk, assurance or governance functions in a complex or regulated environment – housing is preferential
  • Strong knowledge of regulatory frameworks and compliance, ideally within housing, public sector or similar
  • Proven experience developing and embedding risk management frameworks and risk appetite
  • The ability to translate complex risk information into clear, meaningful insight for senior stakeholders
  • Experience of engaging, influencing and constructively challenging Executive and Board-level stakeholders
  • A track record of building strong risk and assurance cultures across organisations
  • Experience or exposure to information governance, data protection and internal controls
Job Responsibility
Job Responsibility
  • Lead and continuously improve Hyde’s Risk Management Framework, ensuring it is aligned to strategy and embedded across all directorates
  • Oversee strategic and operational risk registers, ensuring risks are clearly identified, managed and linked to decision making
  • Drive a strong risk-aware culture, providing challenge, insight and support to senior leaders
  • Lead regulatory compliance and assurance activity, including self-assessments and regulatory readiness
  • Deliver high-quality reporting to Executive, Board and Audit & Risk Committee, translating complex risk into clear insight
  • Oversee internal audit, ensuring plans are aligned to key organisational risks and actions are effectively delivered
  • Lead Hyde’s information governance framework, including data protection, data quality, and compliance with legislation such as the Data Protection Act
  • Act as a key point of escalation for governance and data-related issues, working closely with internal and external stakeholders
  • Ensure effective oversight of regulatory action plans and improvement activity
  • Build strong relationships with regulators, auditors and sector bodies, enhancing Hyde’s reputation for strong governance
What we offer
What we offer
  • Bonus
  • Car allowance
  • Private Medical Insurance
  • Hybrid working and a commitment to work-life balance
  • Ongoing development and support
  • Fulltime
Read More
Arrow Right

Global Head of Cyber Risk and Compliance

The Technology & Cyber Compliance and Operational Risk Office (TCCORO) at Citi i...
Location
Location
United States , Irving, Texas, United States, New York, New York, United States
Salary
Salary:
250000.00 - 500000.00 USD / Year
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 20+ years' experience in technology risk and/or cyber risk management in the banking/financial services industry, or related field, with at least 5+ years in 2nd or 3rd line senior leadership positions
  • Subject matter expert in technology risk and/or cyber risk management principles and practices across various information system architecture and engineering domains
  • Proven experience in managing complex risk portfolios and developing strategic risk management frameworks for large organizations
  • Robust understanding of operational risk management frameworks, industry standards, regulatory requirements, and risk mitigation practices
  • Experience managing and overseeing large remediation and transformation programs to achieve intended results
  • Extensive experience in effective written and verbal communication with executive audiences including Boards
  • Experienced risk challenger who balances risks vs. rewards aligned with corporate risk culture
  • Understanding of Citi products and services and downstream impacts of technology risk and/or cyber risk strategy
  • Professional certifications in either technology risk and/or cyber risk preferred, including: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), ERM, CET, ISO27001, COBIT, TOGAF, or CRI
  • In-depth, working knowledge of banking technologies, fraud, cybercrime detection and countermeasures, encryption, data retention, as well as information security support for segregation of duties, application development, network and systems operation, testing and vendor management
Job Responsibility
Job Responsibility
  • Oversight and challenge of the cybersecurity incident response programs
  • Oversight of the security operations center (SOC) and cybersecurity fusion center (CSFC)
  • Oversight of cybersecurity penetration testing and red-team operations
  • Oversight of the Chief Information Security Office (CISO), including the review of the effectiveness of the controls, standards and programs across the enterprise
  • Implementation of guidance for overseeing Emerging Technology and Operational Risks, in compliance with OCC Heightened Standards
  • Able to present and lead discussions with key Regulators, internal and external auditors, as well the Board of Directors and the Risk and Audit sub-committees
  • Governance and Oversight of security risks impacting the business and technology
  • Support in the development of Cyber Policy and Standards
  • Oversight of Key Operational Risks and related indicators and thresholds
  • Challenge of Cyber Risk Self Assessments
What we offer
What we offer
  • Discretionary and formulaic incentive and retention awards
  • medical, dental & vision coverage
  • 401(k)
  • life, accident, and disability insurance
  • wellness programs
  • paid time off packages, including planned time off (vacation), unplanned time off (sick leave), and paid holidays
  • Fulltime
Read More
Arrow Right

Security Strategy and Risk Management Head of Department

The Security Strategy and Risk Management Head of Department is a senior leaders...
Location
Location
United States , Irvine
Salary
Salary:
181240.00 - 259160.00 USD / Year
haeaus.com Logo
Hyundai AutoEver America
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 15–20 years of progressive experience across Information Security, GRC/Risk Management, customer/vendor security management and/or strategic operations
  • Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, Business Administration or a related discipline
  • Excellent stakeholder management, communication, and leadership skills
  • Demonstrated experience working across multi-disciplinary teams to achieve common objectives
  • Proficient in English for effective communication and coordination
Job Responsibility
Job Responsibility
  • Lead enterprise-wide risk assessment, risk issue management, and risk exception management
  • Maintain and enhance risk management frameworks aligned with industry best practices
  • Deliver insightful, data-driven risk reporting to senior leadership
  • Oversee the Information Security compliance and control assurance program
  • Lead coordination of internal and external audits, assessments, and certification processes
  • Lead the Third-Party Risk Management (TPRM) program
  • Oversee creation, governance, maintenance, and communication of Information Security policies, standards, and procedures
  • Direct the Information Security Training and Awareness program
  • Partner with the CISO to define and maintain the Information Security strategic roadmap
  • Lead budget planning, forecasting, tracking, and optimization for the full Information Security organization
  • Fulltime
Read More
Arrow Right

Head of Insurance and Risk

The Head of Insurance and Risk is responsible for developing and executing the e...
Location
Location
United States of America , Raleigh
Salary
Salary:
Not provided
https://www.circlek.com Logo
Circle K
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree required
  • advanced degree or professional designation (ARM, CPCU, CRM, JD) preferred
  • 12–15+ years of progressive experience in risk management, insurance, or claims leadership, ideally within retail, fuel distribution, logistics, or similarly complex operational environments
  • Deep expertise in casualty claims, including high‑volume retail claims and fleet‑related exposures
  • Strong negotiation skills and established relationships within the insurance and risk management community
  • Proven ability to lead global programs and influence senior stakeholders
  • Exceptional analytical, communication, and strategic‑thinking capabilities
Job Responsibility
Job Responsibility
  • Build and maintain a comprehensive global risk management framework aligned with operational, financial, environmental, and regulatory priorities
  • Identify and assess risks across retail operations, fuel distribution, transportation, environmental compliance, and supply chain
  • Lead enterprise risk committees, reporting processes, and executive‑level risk communication
  • Advise senior leadership on emerging risks, including environmental liability, cyber threats, regulatory shifts, and market volatility
  • Design and manage global insurance programs covering property, casualty, auto/fleet, workers’ compensation, environmental liability, cyber, and specialty risks
  • Lead annual renewals, market negotiations, and program structuring to optimize coverage, retentions, and total cost of risk
  • Maintain strong relationships with brokers, carriers, TPAs, and risk engineering partners
  • Ensure insurance programs support business expansion, acquisitions, new store formats, and evolving fuel technologies (EV charging, alternative fuels)
  • Oversee end‑to‑end management of casualty claims, including: General liability (slip‑and‑fall, premises liability), Auto liability (fleet accidents, fuel transport), Workers’ compensation (retail and logistics workforce), Product liability (fuel quality, foodservice)
  • Establish claims handling protocols, reserving standards, and litigation management strategies
What we offer
What we offer
  • Competitive Salary
  • Complete benefits packages (medical, dental, deferred compensation plan, employee stock plan, etc.)
  • People Perks which allows for great discounts on food and fuel
  • Vacation / PTO time
  • Work in a collaborative, dynamic and high performing team
  • Work for a leading, innovative, and growing company in convenience stores operations
  • Fortune 500 company and a 5-time Gallup Exceptional Workplace Award Winner
  • Tuition reimbursement of $5,000 per year
  • Learning opportunities to develop new skills and to evolve professionally in a fast-growing company
  • Fulltime
Read More
Arrow Right

Group Head of Data Governance and Trust

The Group Head of Data Governance and Trust is responsible for driving the Group...
Location
Location
United Kingdom
Salary
Salary:
Not provided
admiralgroup.co.uk Logo
Admiral Group Plc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant senior level experience in Data governance, Data management, risk, or related disciplines within complex or regulated organisations
  • Strong understanding of data governance frameworks, data ethics, privacy, and responsible AI
  • Experience designing and embedding enterprise wide governance models that are practical and value focused
  • Strong strategic thinking with the ability to operate at both executive and delivery levels
  • Excellent leadership, communication and collaboration skills
Job Responsibility
Job Responsibility
  • Defines frameworks and standards that will support local Data leaders to classify and rationalise their Data products
  • Lead the evolution of the Group Data Marketplace to provide a seamless discovery experience, ensuring that Data is easy to find, understand and consume
  • Define and implement lean, consistent Data standards across the Group to reduce fragmentation and lower the barriers to cross-entity Data sharing
  • Work with Risk, Legal, and Compliance teams / functions to translate regulatory requirements into clear, practical data controls
  • Work with relevant risk and ethics teams / functions to establish practical guardrails for ethical AI and Data usage, ensuring that trust and privacy are embedded into the product lifecycle without stifling innovation
  • Foster a culture of Data accountability within business units / entities
  • Provide assurance to senior leadership that data related risks are understood, managed, and monitored
What we offer
What we offer
  • 33 days holiday (including bank holidays) when they join us, increasing the longer you stay with us, up to a maximum of 38 days (including bank holidays)
  • Option to buy or sell up to an additional five days of annual leave
  • Eligible for up to £3,600 of free shares each year after one year of service
  • Financial & Mortgage Advice
  • 24-Hour Ecare
  • Cycle to Work Scheme
  • Flexible Working
  • Simply Health
  • Private Health Cover
  • Critical Illness Cover
  • Fulltime
Read More
Arrow Right

Head of Security Governance, Risk & Compliance

We’re looking for a dynamic, experienced Head of GRC to lead our global governan...
Location
Location
Luxembourg , Luxembourg
Salary
Salary:
Not provided
ppro.com Logo
PPRO GmbH
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A proven track record transforming traditional GRC frameworks (ISO27001, PCI DSS, SOC2) into modern, automated, developer-friendly control assurance programmes
  • Solid grounding in financial services regulation, payments, operational resilience, outsourcing/cloud guidelines etc.
  • Strong experience interacting with regulators and auditors (CSSF, FCA, etc.) and implementing regulatory requirements
  • Proven ability to run risk management processes, control frameworks and audit cycles
  • Experience evaluating technology, cyber and operational risks in a cloud-native environment
  • Engineering-first mindset, with an understanding of cloud-native architectures (AWS preferred) and how GRC requirements fit into engineering workflows
  • Experience with GRC tooling, workflow automation or process optimisation
  • Ability to translate regulatory requirements into practical, technical control expectations
  • Excellent communicator, capable of influencing executives, engineers, auditors and regulators
  • Pragmatic, commercially-minded, empathetic and customer-focused
Job Responsibility
Job Responsibility
  • Lead PPRO’s global Security GRC strategy and team, to support our international regulatory and compliance footprint
  • Oversee and enhance our ISO27001:2022 and PCI DSS v4.0 programmes, building a culture of continuous compliance through automation and control transformation
  • Partner with relevant functions to ensure ongoing DORA compliance, including security risk management, incident reporting, operational resilience testing and governance
  • Define and deliver a strategy for a pragmatic, high-value 2nd line automated control assurance programme, underpinned by relevant business metrics
  • Own and manage regulatory expectations on security topics by the CSSF in Luxembourg, FCA in the UK and other international bodies as relevant
  • Maintain and enhance PPRO’s security risk register, defining and delivering cross-organisation improvement and remediation roadmaps
  • Lead security control testing, issue management, KRI monitoring, SLA reporting and Board-level reporting
  • Act as Information Security Officer for PPRO’s local Luxembourg entity
  • Own third party security risk management and oversight for PPRO across the full procurement lifecycle
  • Partner closely with Engineering to build shared understanding and transform controls via thoughtful automation, streamlining evidence collection and control monitoring
What we offer
What we offer
  • Hybrid working with a 3 days / week on site expectation
  • Work from abroad policy, enabling employees to work remotely for up to another 30 days per year
  • €1,000 annual budget for professional growth
  • Leadership cafés, on-the-job training
  • Lunch Vouchers - 12,80euros x 18 / month
  • Enhanced family leave
  • Travel Insurance
  • Gym membership contribution
  • Mental Health Platform
  • Pet-friendly office
  • Fulltime
Read More
Arrow Right