Head of Risk - Building Risk-Aware Cultures
Send a job offer directly to this candidate
I lead with precision and purpose across governance, risk, and compliance—grounded in globally recognised frameworks including ITIL, M_o_R, ISO 27005, and COBIT. My approach blends strategic oversight with hands-on delivery, ensuring risk management is not just compliant, but commercially aligned and culturally embedded.
With deep experience implementing COBIT controls, I’ve strengthened IT governance, enhanced audit and regulatory readiness, and aligned risk practices with enterprise objectives. I specialise in bridging the gap between policy and operations—building resilient, risk-aware cultures that thrive under pressure.
Known for calm, decisive leadership in crisis and incident response, I bring strong stakeholder engagement, sharp cyber and tech fluency, and a talent for translating complex risk into clear, actionable insight. My reporting drives executive clarity and cross-functional alignment.
Above all, I champion risk as a strategic enabler—turning uncertainty into opportunity and embedding resilience as a core business capability.
I’m a strategic GRC and resilience leader with deep experience across regulated sectors, most recently as Head of Risk at Post Office Ltd. I’ve led enterprise-wide transformation programmes, embedded operational resilience, and built governance maturity through frameworks like ISO 31000, COBIT, ITIL, M_o_R, ISO 27005—and the Orange Book of Risk, which I’ve used extensively to shape public sector risk narratives and assurance models.
I specialise in translating regulatory requirements into actionable policy, control objectives, and assurance routines. Whether integrating ServiceNow GRC or developing IT disaster recovery strategies, I focus on bridging the gap between policy and operations—embedding resilience and risk awareness into everyday decision-making.
I’m known for my calm, decisive leadership in crisis and incident response, strong stakeholder engagement, and ability to turn complex risk landscapes into clear, board-ready insight. For me, risk isn’t just a control function—it’s a strategic enabler. I take pride in helping organisations navigate uncertainty, build capability, and unlock long-term value.
I hold multiple ITIL certifications across Service Strategy, Design, and Continual Improvement, underpinned by a Foundation in IT Service Management. I’m also certified in ISO 27005 Information Risk Management and M_o_R (Management of Risk), equipping me to align technical controls with strategic risk frameworks and deliver resilient, well-governed services.
