Global Information Risk
Management Recruitment
Telephone: +44(0)20 7987 3838 Email:

What are governance and compliance jobs?

Filed under: Features — Stephanie on October 4, 2013

We live in an increasingly regulated and governance-focused business world, creating a culture of compliance to regulations that can have its upsides and downsides.

The upsides include the creation of an attractive, smooth-running workplace in which everyone knows where they stand, as well as a structured, well-documented approach to corporate governance, which has been signed off at the highest levels. A potential “downside” of compliance, as some executives might see it, is the hard slog and the sheer amount of paperwork involved in developing structured policies into which everyone can buy.

To this end, the boards of corporations tend to prefer dishing out this job to someone who can pull together all the paperwork and create a coherent, logical framework: one that embraces compliance and regulation as two sides of the same coin.

This is where governance and compliance experts come in. These are seasoned professionals and are steeped in various standards and regulations of which companies need to be aware, and to which they need to comply.

More often than not, their jobs are wrapped in a three-part package known as GRC, or Governance, Risk and Compliance.


In terms of governance, a GRC officer might well use the UK Corporate Governance Code as a starting point, which the Financial Reporting Council (FRC) says:

“…sets out standards of good practice in relation to board leadership and effectiveness, remuneration, accountability and relations with shareholders”.

The FRC, which oversees and regularly updates the Code, continues:

“Regulation should begin with strong corporate governance. It is the role of shareholders and boards to scrutinise and ensure that their companies are being led in the right direction over the long term”.

Apart from sound financial governance, which needs to be at the heart of every company worth its salt, it’s worth bearing in mind that governance should go beyond pure money management. It also needs to reference a company’s culture, as it impinges on both employees and those who have dealings with it. An effective GRC manager will be on top of “governance” in both the financial and broader constitutional sense.

Risk Management

When it comes to risk management, a GRC manager will be addressing a company or organisation’s exposure to risk in multiple (often related) areas: IT security, financial, legal, and health and safety. In a hospital, for instance, there are many areas of potential risk prompted by “what happens if?” type questions. If the hospital experiences a power-cut, then an appropriate generator facilitator needs to be available, as well as a plan for switching to it.


The compliance component of a GRC role oversees all areas of business compliance, especially financial and legal. Compliance to laws and regulations often needs to be on two levels, both national and international. In this context, the ISO (International Standards Organisation) produces an array of policies and guidelines to which companies around the world aspire to follow. ISO 27001, for example, covers the whole area of information security.

This is just one of many international standards that a GRC manager would be flagging up as requiring documented compliance.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment


Please register and browse our jobs so we can help you start a new career!




Acumin © 2006-12