Our Team

GRC’s Management team has over 100+ years of experience assisting organisations internationally. All have deep SME risk area and industry knowledge, and extensive client / customer management experience. GRC can also call on a network of affiliated associates in a variety of locations around the world to help meet your project delivery requirements.

Michael Porteous

Managing Director

Michael has 20 years’ experience managing a variety of risk types for a number of organisations internationally. He has an excellent and reliable understanding of the business, economic and cultural drivers for managing risk well (profitably and sustainably). He has the unique ability to be able to think strategically (horizontally) whilst ensuring that the detail at the lower levels (vertical) has been accurately considered and implemented. He believes that risk management needs to be simple, accurate and effective in order to be well understood, embraced and embedded into the fabric of an organisation.

Michael has developed and successfully implemented some of the first IT and Enterprise Risk Management Frameworks for large global corporates as early as 2004. His clients have included large global banks (retail and investment), insurance companies, professional service companies, IT service providers, shipping companies and manufacturing companies. He has held senior roles such as ‘Head of’, ‘Global Head of’, ‘Executive Director’ and ‘Practice Lead’ in the areas of Enterprise, Operational and IT Risk Management for some of the world’s largest and most prestigious firms. Michael has been a pioneer in risk management for many years. Having developed and implemented one of the first internet based, real-time share-trading systems in 1997, and with an educational background in economics, business and risk, he began designing, developing and promoting the requirements for, and benefits of, effective risk management well before risk management became a key regulatory requirement. In essence, he understands that without risk, there cannot be business opportunity. And, without managing risk well, these opportunities cannot be exploited.

Sally Fereday

Head of Health Care Risk and Quality Management
Sally is a dynamic senior leader and clinical professional with over twenty years’ experience in public and private sector risk management, governance, safety, and quality assurance transformation. A consultant of national standing and a Member of the Writers’ Guild of Great Britain, Sally has authored public sector risk management, governance, safety and quality standards, strategies, policies, templates, guidance, and training programmes, for the Department of Health and Social Care, National Health Service (NHS) Litigation Authority, NHS Supply Chain, and Healthcare Quality Improvement Partnership (HQIP). Sally also spent several years as Risk Manager for the NHS Litigation Authority £22 billion mutual risk insurance pool, mitigating risk via mandatory standards developed through analysis of clinical negligence claims data.

As an international Consultant at Det Norske Veritas Germanischer Lloyd (DNVGL), Sally developed and implemented a range of transformational national and international standards of best practice, directly supporting Boards and senior teams within over 150 organisations, to enhance quality and risk management through intelligent monitoring systems for continuous improvement and increased productivity, including training delivery, within private and public sectors worldwide.

Sally spent four years as an NHS Litigation Authority national Governance and Risk Management Standards Assessor and a Macmillan Quality Environment Mark Assessor, and is an experienced ISO 9001 Quality Management Systems Auditor, ISO 22301 Business Continuity Management Auditor, and ISO 27001 Information Security Auditor.

Adept at devising risk evaluation frameworks and performance management systems to ensure safe, streamlined, high quality service delivery, added value, and efficient use of resources, Sally inspires people to consistently deliver excellent results through strong cultural engagement and motivational leadership. Supported by a Master of Science degree in Risk Management, as a Certified Fellow of the Institute of Risk Management with extensive PRINCE2 project and programme management experience, Sally ensures delivery of initiatives on time, to agreed quality standards. She also adheres to the strict experience and skillset criteria to be qualified as a GRC Verified® consultant.

Dean Hill

Head of Operational Risk
Dean is a senior risk management professional with over 33 years’ experience of delivering quality risk solutions to large organisations. His main SME lies within the areas of, frameworks and control structures. He is expert in all aspects of operational risk management, risk mitigation, control implementation, risk policy development and assurance, oversight and internal audit. He is a proven senior manager, with the ability to deliver to demanding standards and deadlines. At RBS, Dean produced a comprehensive Operational Risk policy framework as part of the “stand up for business” process, across whole Williams & Glyn ‘challenger’ bank. This included the delivery of a Risk & Control Self-Assessment portfolio ahead of target, to inform firm-wide Risk Profile. He also led and delivered a “Material Issues” project into Williams & Glyn, together with reporting and escalation mechanism, to enable accurate risk and issue management. As Head of Operational Risk Partnering Team, he built a permanent team and delivered a revised framework and methodology/system training across bank. Dean has also held senior positions within Barclay’s Operational & Group Risk functions over 32 years.

Rakesh Tripathi

Head of IT Security and Technology Risk
Rakesh is a seasoned senior Cyber security and Risk consultant having accrued 14 years of experience within industry. He has significant and wide-ranging experience deploying enterprise / IT risk frameworks, security architectures and solutions for major banking and financial services organisations and has delivered risk assessments, project management, security audits and 3rd party assessments. His major hands-on technical experience includes a focus on DLP, SIEM, vulnerability management, IDS/IPS and eGRC technologies. He complements his strong technical skills with an excellent working knowledge with a variety of compliance regimes including ISO 27000 series, PCI-DSS, ISF, SOX, CoBIT, COSO and ITIL

Rakesh is a passionate risk practitioner and a well-rounded professional who has worked with many complex global organisations / clientele across multiple industries (financial and non-financial). He possesses unique blend of technical as well as business skills to understand / define strategic objectives and to deliver tailored risk solutions/consultancies to promote right risk culture.

Babu Chellapa

Head of Payments and Financial Crime Compliance
Babu heads up the Payments and Financial Crime Compliance portfolios, guiding and assisting the UK/EU firms on

FCA registrations and authorisations to become electronic money institutions, authorised payment institutions and registered account information services providers

- Complying to PSD2 standards as per PSR and EBA regulatory guidelines

- Complying to SWIFT CSP standards as per SWIFT CSP guidelines

- Payments risk oversight and assurance initiatives in payments business operational risks

- Business readiness of all the payment schemes operations both domestic and international

- Open banking product propositions and business models

- AML risk assessments and AML audits

- Formulating frameworks for managing Financial crime risks, FCC audits, and KYC remediation

- AML compliance maturity and developing a roadmap to improve and optimise

- Building and reviewing Fraud risk policies and controls

Babu has extensive knowledge on wider regulatory landscape comprising of PSR and SEPA regulations, EBA guidelines, DPA and GDPR, FCA handbook, UK/EU MLD regulatory changes, FATF recommendations, and has an integrated approach to advice clients on translating the regulatory requirements and mitigating associated risks to become/stay compliant. He played senior roles in various regulatory compliance and Payments business strategy initiatives. He has 12 years of Payments platform experience and 8 years of Operational Risk management and Financial Crime Compliance with proven experience in managing exec senior business, functional, technical experts.

Andrew Dow

Head of Operational Resilience
Andrew is risk management professional with over 30 years’ experience gained from a number of sectors including; management consulting (Accenture), banking and finance (Barclays, BNP Parisbas), Insurance (Zurich Insurance) and industry (MarAthon Oil & Dixons).

He has had a well-balanced career which has allowed him to work in senior roles and to gain the depth and breadth of risk management experience required of GRC Associates. He has gained significant knowledge in the area of enterprise risk management, operational risk, IT risk, business interruption and resilience, regulation and compliance, programme and project management.

During his career Andrew has engaged closely with regulatory authorities in defining appropriate operational/enterprise risk oversight policies and frameworks together with shaping global resilience policies.

Andrew’s recent assignments with 2 large UK banking institutions, required him to provide much needed ‘hands on’ technology inputs and expertise during the operational risk and resilience projects he was responsible for leading. Andrew is also an experienced & accredited trainer developing and delivering training courses in operational Risk and resilience to many clients globally.