Senior Director

The Role

The Global Head of Governance, Risk, Controls & Compliance (GRC) will help shape the future of how we govern technology risk, embed effective governance, and support the delivery of our global technology strategy. The role is control-oriented and grounded in a risk-based approach focusing on consistency, improving maturity, and strengthening the control environment across the global technology landscape.

The role offers a unique opportunity to drive sustainable change, modernize governance practices, and contribute to the ongoing transformation of globally distributed technology estates in over 140 countries.

The Global Head of Governance, Risk, Controls & Compliance will report to the Head of Global Technology Shared Services and is responsible for leading the transformation and maturity of governance, risk reduction, and control practices across global technology while embedding consistent, effective governance processes aligned with regulatory requirements. This role will be required to establish a pragmatic and risk-based approach in assessing controls and risks across Global Technology with a strong understanding of business priorities and objectives. This role requires comprehensive and demonstrated knowledge of technology governance, risk management and compliance practices, as well as experience and understanding of business operations. 

This is a senior leadership role with global influence across all areas of technology. The successful candidate will play a pivotal role in enhancing control maturity, improving process consistency, influencing a culture of accountability, while demonstrating strong influencing skills. This role will lead a global team of high-performing subject matter experts that have deep understanding of governance, risk management and compliance related topics that are specific and nuanced by region, regulatory body and business.

The remit includes supporting the Global Technology (GT) strategy by ensuring risk management and control frameworks are robust, aligned to regulatory and audit expectations, and able to scale with the business. 

Key objectives include enhancing process effectiveness, identification and implementation of appropriate Key Risk Indicators (KRI’s), improving efficiency, accuracy, and standardisation. The position requires close collaboration with senior stakeholders across Legal, Finance, Risk, Internal Audit, Compliance, and Global Technology functions.

The Responsibilities

Governance

• Development of a robust, enterprise-grade, risk-based GRC GT strategy, operating model (framework) and roadmap that is aligned with the company’s global business objectives, regulatory obligations, and client expectations. 
• Lead a high-performing global team of risk and governance professionals with deep subject matter expertise in local/regional regulatory, technology and business requirements.
• Implementation of an effective governance structure framework that defines how decisions are made, who is accountable, and how compliance and performance are monitored within GT. 
• Oversight the provision of regular reporting on all GRC activities to management through the monitoring of KPIs/KRIs.
• Ensuring governance frameworks support WTW’s regulatory, audit, and compliance obligations, with the flexibility to adapt to changing requirements, while aligning to the Enterprise Risk Management framework and governance structure/standards.
• Continuously evaluate and improve governance processes, to enhance governance and control activities.

Risk Management 

• In collaboration with Technology Leadership, encourage a culture of proactive risk ownership and accountability across all GT teams. Resolve conflicts between commercial objectives and risk mitigation by applying a risk-based approach that is agreed with global leaders.
• Embed a risk-based, control-focused approach across Technology change and operational activities. 
• Oversee and drive remediation of risks and control gaps. 
• Monitor, remediate and report on all non-Cyber-related Governance, Risk and Compliance requirements within GT.
• Collaborate with the Technology & Cyber Risk, Controls and Regulatory Engagements team to align risk identification, ownership, and reporting. 

Compliance

• Oversee compliance with technology and cyber-related global regulatory requirements, industry standards and frameworks such as NIST, ISO 27001. This includes leading all regulatory-oriented governance, reporting and compliance requirements associated with Global Technology (e.g., DORA).

Senior Stakeholder Engagement & Representation 

• Engage with senior leadership, Board-level forums, and internal regulatory stakeholders. 
• Represent governance and control topics in senior forums and with key functional partners including Legal, Finance, Internal Audit, Compliance, and Risk

• 15+ Years of Experience in technology governance, risk, or control roles within large, complex, and regulated organizations.
• Bachelor's degree in Technology, Business Administration, Finance, or a related field. A Master’s Degree is preferred.
• Preference provided to candidates with any of the following: Financial Risk Manager (FRM), Professional Risk Manager (PRM), Certified in Risk and Information Systems Control (CRISC), Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA).
• Demonstrated understanding of technology and business priorities and required outcomes.
• Demonstrated organizational change management/leadership in a large, complex organization.
• Extensive experience leading a high-performing global team of risk and governance professionals.
• Experience in developing and executing a robust enterprise-grade risk-based strategy.  
• Demonstrable track record of improving control environments, remediating risks, and collaborating with senior stakeholders across multiple functions.
• Sound knowledge of technology risk and control frameworks (e.g. NIST, ISO 27001) and practical application in global environments.
• Experience engaging across multiple disciplines, including legal, finance, audit, and technology delivery functions.
• Ability to influence organizational behaviour and embed a culture of accountability in risk and control practices.
• Strong interpersonal and communication skills, with the ability to operate effectively at senior levels across global teams and communicate complex technical information to non-technical stakeholders.
• Strong collaboration skills to understand wider business requirements to ensure technology governance strategies support business priorities

Note: Employment-based non-immigrant visa sponsorship and/or assistance is not offered for this specific job opportunity.

This position will remain posted for a minimum of three business days from the date posted or until a sufficient/appropriate candidate slate has been identified.

Compensation and Benefits

Base salary range and benefits information for this position are being included in accordance with requirements of various state/local pay transparency legislation. Please note that salaries may vary for different individuals in the same role based on several factors, including but not limited to location of the role, individual competencies, education/professional certifications, qualifications/experience, performance in the role and potential for revenue generation (Producer roles only).

Compensation

The base salary compensation range being offered for this role is $185,000– $275,000 USD per year (US locations). This role is also eligible for an annual short-term incentive bonus.