Business Management & Risk Specialist, Workflows

The Business Management & Risk Specialist will support the Workflows COO team with business management activities and risk and controls framework. This role involves data analysis, preparing governance materials, overseeing technology and cyber issues, and ensuring compliance with operational risk policies. The specialist will work closely with Business and Product Leads, Engineering, and Cybersecurity SMEs, gaining exposure to senior stakeholders and various solutions across Buy- and Sell-side portfolios. The position is pivotal in enhancing business management, operational resilience, and promoting a strong risk culture.

Must Have

• Support business management, reporting, and analysis.
• Track and report open issues and action items.
• Coordinate risk reporting and MI for governance.
• Point of contact for DORA BAU monitoring.
• Support incident reviews and risk assessments.
• Ensure adherence to Group Risk Policies and Standards.
• Identify and document business, technology, cyber issues.
• Support risk identification and assessment.
• Maintain records in GRC tools (MetricStream).
• Background in Financial Services.
• Experience in risk management frameworks.

Good to Have

• Experience with Asana.
• Experience with reporting, tracking, and project management systems.
• Experience in Technology/Cloud/Data Management or associated non-financial risk management.

Perks & Benefits

• Competitive Compensation and Benefits
• Annual Bonus Plan
• Healthcare
• Retirement planning
• Paid volunteering days
• Wellbeing initiatives

Overview:

The Business Management & Risk Specialist will be part of the wider Workflows COO team supporting them with business management activities and risk and controls framework in collaboration with the Business Controls Officer (BCO). This role will combine and offers an exciting opportunity to work across Business and Risk Management supporting functions and will involve conducting data analysis, preparing materials for governance forums, having oversight of technology & cyber-related issues, ensuring compliance with broader operational risk management policies, regulatory standards, and industry best practices. This role will grant the candidate an opportunity to work closely with Workflows Business and Product Leads, as well as Engineering and Cybersecurity SMEs, providing exposure to senior stakeholders and an opportunity to learn about our solutions across a wide Buy- and Sell-side portfolio.

Reporting into Workflows COO and working closely with the Business Control Officer (BCO), this position provides exposure to senior stakeholders across Workflows, Workspace, Data & Analytics ((D&A), Engineering, First Line of Defense (1LOD), and Second Line of Defense (2LOD) Risk teams. The role is pivotal in helping the business enhance its business management, operational resilience, manage, and remediate risks while promoting a strong risk culture.

Key Responsibilities

Business Management, Reporting & Governance

• Support Business Management team with ad hoc initiatives, reporting and analysis.
• Track and report open issues and action items, maintaining delivery confidence and escalating potential delays.
• Coordinate risk reporting and MI for Workflows SII Governance risk committees.
• Be the point of contact for DORA business as usual (BAU) monitoring. Be the point of reference for DORA related enquiries and BAU activities.
• Support incident reviews, documenting root causes and remediation plans; provide expert risk assessments for new strategies, products, and major projects.
• Partner with central 1LOD to review 2LOD requirements and influence framework design decisions.
• Ensure adherence to Group Risk Policies and Standards, including attestations, policy change oversight, and waiver management.

Issue Management & Governance

• Identify, capture, and document business, technology and cyber-related issues in MetricStream in line with Issue Management Standards.
• Have an understanding and awareness of DORA related issues and the actions to close out compliance, including relevant governance requirements and implementation on behalf of Workflows and Workspace.
• Assess issue impact and likelihood, ensuring accurate risk ratings based on the Risk Severity Matrix, challenge ratings where necessary.
• Advise stakeholders on new issues and related actions, coordinating updates and approvals with designated approvers.
• Drive issues to closure, validate completeness and approvals, and support governance forums to review progress and challenge delays.
• Represent the business in Engineering governance forums, raising delivery risks and ensuring accountability.

Risk Framework & Control Oversight

• Support the Workflows BCO in risk identification and assessment, including Risk and Control Assessments (RCA), New Product Approvals, Third Party Risk Management, and Financial Crime Compliance.
• Escalate and track remediation activities for risks especially those outside tolerance within governance forums.
• Support the BCO in updating Key Risk Indicators (KRIs) and limit frameworks are in place, aligned with Group Risk Appetite, and manage breach procedures.

GRC Tool Management (MetricStream)

• Maintain accurate and timely records of issues, actions, and risks in MetricStream.
• Ensure data integrity and communicate system updates to users and stakeholders.

Skills & Experience

• Background in Financial Services and experience in risk management, frameworks, or related areas within financial services.
• Strong proficiency in Microsoft Office is a requirement (Advanced Excel, PowerPoint and Word) and ideally Asana. Experience with reporting, tracking and project management systems would be welcomed.
• Good stakeholder management, people skills and the confidence to manage outcomes at all levels.
• Analytical mindset with attention to detail; self-starter comfortable working cross-functionally; ability to analyse data and present findings.
• Understanding of technology, cyber risk, and operational risk management in the context of business environment.
• Familiarity with risk and control frameworks (e.g., COSO, SOX, FCA/PRA expectations).
• Experience in issue and action governance within a regulated environment.
• Ideally, experience in Technology/Cloud/Data Management or associated non-financial risk management.

Career Stage:

Senior Associate