Skip to main content

Our Team

GRC’s Management team has over 100+ years of experience assisting organisations internationally. All have deep SME risk area and industry knowledge, and extensive client / customer management experience. GRC can also call on a network of affiliated associates in a variety of locations around the world to help meet your project delivery requirements.

Connect Connect

Michael Porteous

Managing Director

Michael has 20 years’ experience managing a variety of risk types for a number of organisations internationally. He has an excellent and reliable understanding of the business, economic and cultural drivers for managing risk well (profitably and sustainably). He has the unique ability to be able to think strategically (horizontally) whilst ensuring that the detail at the lower levels (vertical) has been accurately considered and implemented. He believes that risk management needs to be simple, accurate and effective in order to be well understood, embraced and embedded into the fabric of an organisation.

Michael has developed and successfully implemented some of the first IT and Enterprise Risk Management Frameworks for large global corporates as early as 2004. His clients have included large global banks (retail and investment), insurance companies, professional service companies, IT service providers, shipping companies and manufacturing companies. He has held senior roles such as ‘Head of’, ‘Global Head of’, ‘Executive Director’ and ‘Practice Lead’ in the areas of Enterprise, Operational and IT Risk Management for some of the world’s largest and most prestigious firms.

Michael has been a pioneer in risk management for many years. Having developed and implemented one of the first internet based, real-time share-trading systems in 1997, and with an educational background in economics, business and risk, he began designing, developing and promoting the requirements for, and benefits of, effective risk management well before risk management became a key regulatory requirement. In essence, he understands that without risk, there cannot be business opportunity. And, without managing risk well, these opportunities cannot be exploited.

Dean Hill

Connect Connect

Dean Hill

Head of Operational Risk

Dean is a senior risk management professional with over 33 years’ experience of delivering quality risk solutions to large organisations. His main SME lies within the areas of, frameworks and control structures. He is expert in all aspects of operational risk management, risk mitigation, control implementation, risk policy development and assurance, oversight and internal audit. He is a proven senior manager, with the ability to deliver to demanding standards and deadlines.

At RBS, Dean produced a comprehensive Operational Risk policy framework as part of the “stand up for business” process, across whole Williams & Glyn ‘challenger’ bank. This included the delivery of a Risk & Control Self-Assessment portfolio ahead of target, to inform firm-wide Risk Profile. He also led and delivered a “Material Issues” project into Williams & Glyn, together with reporting and escalation mechanism, to enable accurate risk and issue management. As Head of Operational Risk Partnering Team, he built a permanent team and delivered a revised framework and methodology/system training across bank.

Dean has also held senior positions within Barclay’s Operational & Group Risk functions over 32 years.

 

Andrew Dow

Connect Connect

Andrew Dow

Head of Operational Resilience

Andrew is risk management professional with over 30 years’ experience gained from a number of sectors including; management consulting (Accenture), banking and finance (Barclays, BNP Parisbas), Insurance (Zurich Insurance) and industry (MarAthon Oil & Dixons).

He has had a well-balanced career which has allowed him to work in senior roles and to gain the depth and breadth of risk management experience required of GRC Associates. He has gained significant knowledge in the area of enterprise risk management, operational risk, IT risk, business interruption and resilience, regulation and compliance, programme and project management.

During his career Andrew has engaged closely with regulatory authorities in defining appropriate operational/enterprise risk oversight policies and frameworks together with shaping global resilience policies.

Andrew’s recent assignments with 2 large UK banking institutions, required him to provide much needed ‘hands on’ technology inputs and expertise during the operational risk and resilience projects he was responsible for leading.
Andrew is also an experienced & accredited trainer developing and delivering training courses in operational Risk and resilience to many clients globally.

Steve Miller

Connect Connect

Steve Miller

Head of Risk Management

Steve is a technically accomplished risk professional with wide experience of designing and implementing risk frameworks. This has been in a wide variety of business environments and geographies.

He is an energetic and motivating team leader with proven ability at influencing executive management and stakeholders. Leadership and technical ability has given Steve experience in delivering risk frameworks that focus on strategic objectives, including delivering transformation in businesses facing unique challenges.

Steve is an open and transparent communicator experienced at translating complex risk theory into useable and pragmatic business solutions. The majority of his career has been spent in financial services which has included investment banks, corporate banks, wealth and asset managers and more recently two government owned institutions.

Steve’s last two roles were as Head of Risk at The Bank of England and then Post Office Limited. These roles included assisting the institutions manage significant organisational change and strategic challenges. He restructured the approach to risk in these institutions through a combination of changing the skill sets of the teams of risk practitioners, and through redesigning and implementing new approaches to risk best suited to the unique operating challenges of the respective institutions.

Focussing on effective transformations in response to new regulation and developments in risk practice has been a continual theme. This has been achieved through creating and embedding the risk frameworks and also through building positive risk culture within each environment. Managing through mentoring and development has been a significant part of his career and Steve has left a legacy of high performance risk teams.

 

Rakesh Tripathi

Connect Connect

Rakesh Tripathi

Head of IT Security and Risk

Rakesh is a seasoned senior Cyber security and Risk consultant having accrued 14 years of experience within industry. He has significant and wide-ranging experience deploying enterprise / IT risk frameworks, security architectures and solutions for major banking and financial services organisations and has delivered risk assessments, project management, security audits and 3rd party assessments. His major hands-on technical experience includes a focus on DLP, SIEM, vulnerability management, IDS/IPS and eGRC technologies. He complements his strong technical skills with an excellent working knowledge with a variety of compliance regimes including ISO 27000 series, PCI-DSS, ISF, SOX, CoBIT, COSO and ITIL.

Rakesh is a passionate risk practitioner and a well-rounded professional who has worked with many complex global organisations / clientele across multiple industries (financial and non-financial). He possesses unique blend of technical as well as business skills to understand / define strategic objectives and to deliver tailored risk solutions/consultancies to promote right risk culture.

 

Dean Hill

Connect Connect

Ricardo del  Hoyo Salas

Head of Risk Modelling

To be added

Babu Chellapa

Connect Connect

Babu Chellapa

Head of Payments and Financial Crime Compliance

Babu heads up the Payments and Financial Crime Compliance portfolios, guiding and assisting the UK/EU firms on

  • FCA registrations and authorisations to become electronic money institutions, authorised payment institutions and registered account information services providers
  • Complying to PSD2 standards as per PSR and EBA regulatory guidelines
  • Complying to SWIFT CSP standards as per SWIFT CSP guidelines
  • Payments risk oversight and assurance initiatives in payments business operational risks
  • Business readiness of all the payment schemes operations both domestic and international
  • Open banking product propositions and business models
  • AML risk assessments and AML audits
  • Formulating frameworks for managing Financial crime risks, FCC audits, and KYC remediation
  • AML compliance maturity and developing a roadmap to improve and optimise
  • Building and reviewing Fraud risk policies and controls

Babu has extensive knowledge on wider regulatory landscape comprising of PSR and SEPA regulations, EBA guidelines, DPA and GDPR, FCA handbook, UK/EU MLD regulatory changes, FATF recommendations, and has an integrated approach to advice clients on translating the regulatory requirements and mitigating associated risks to become/stay compliant. He played senior roles in various regulatory compliance and Payments business strategy initiatives. He has 12 years of Payments platform experience and 8 years of Operational Risk management and Financial Crime Compliance with proven experience in managing exec senior business, functional, technical experts.

 

Connect Connect

Shaun Cooper

Head of Cyber Risk

Shaun is our Cyber Risk Expert. He has over seventeen years’ experience of working within the insurance industry and with a range of companies/industries, in underwriting, insurance placement, and risk advisory/consultancy roles.

Shaun’s depth and breadth of knowledge and experience enables him to efficiently help organisations determine their IT, Information and Cyber Security Risk profiles and can assist with the development of an appropriate risk management strategy that is sufficiently resilient to protect the organisation’s critical assets.

Shaun’s experience enables him to provide specialist technical training in cyber risk
management and risk transfer for advisors, insurers and businesses to any industry sector from professional services, retailers, hospitality and travel, logistic/supply chain, utilities and technology and media.

Shaun was Co-founder Director of the ISSA (UK) (Information Security System Association) and is a Member of the British Computer Society (MBCS) and holds professional qualification, System Security Certified Practitioner (SSCP).