INT2: Two - Skills/XP Flashcards
What skills can you bring to this role?
V2.0 - A ready to deploy regulatory strategist. Motivated to work in compliance as a trusted advisor to businesses, solving their complex challenges and promoting compliance with essential regulation. Driving culture change and improvements in business performance.
This can be simplified down, and made more technical/relevant in the right places. The best summarisation is:
* (i) regulatory expertise;
* (ii) communication - both technical and persuasive;
* (iii) risk management solutions aka structured problem solving
* (iv) project management - both technical and change implementation - and leadership
- Regulatory Expert
— OSA implementation - Technical Communicator
— Policy/Process drafting
— Legal, LE and Regulatory experience - Structured, Analytical Problem Solver
— Creating robust evidence-based risk control policies and processes - Persuader/Influencer
— Presentation and briefings
— Reports for senior mgmt. - Business Transformation PM
— Agile DM
— Tech Delivery
— PFQ - Team Leader
— Teams of BAs, Engineers
— Leading P&IT
Knowing the regs —> identifying solutions —> persuading the business —> implementing solutions
- Regulatory/Industry knowledge —> able to advise clients in this complex emerging area of regulation
— Deep knowledge of OS operations and strategy
— Insights from working at the heart of OS regime
— Understanding of policy and compliance requirements - Analytical approach to problem-solving —> important to create robust controls
— Structured, methodical approach to problems using frameworks
— Evidence-based decision making
— Creating effective policies and processes
— Developing risk controls and mitigations, making sure solutions are impactful: DSA risk reporting, OS operational risk evaluation, LECP service management, processes for managing sensitive and illegal information - Persuasive, technically accurate communication —> As an ERC team member, I’ll be required to write reports and persuade business change on the strength of recommendations
— Legal/Law Enforcement background, drafting technically accurate documentation for court proceedings
— Drafting policies and reports to affect change
— Briefing senior decision makers, presenting complex information and persuading/influencing outcomes - Business Transformation —> supporting the business with implementation of controls and change management
— Project Manager
— Delivery Manager
— Technical accreditations
— Experience in operating model transformations
Why do you want to work in compliance, as an auditor/technical specialist?
- The why (purpose) - culture change: Working in compliance as a trusted advisor to businesses, solving their complex challenges and promoting compliance with essential regulation. Driving culture change and improvements in business performance. Aligned with my career decisions to-date.
- The how - I’ve got great skills that will enable my success as a compliance professional.
• Legal Expertise
• Risk Management problem solving
• Operating model tx
• Communication - written/persuasive
• PM/team leader
- Client Advisory
— Able to advise clients on their business problems
— Ex-Consultant at Cap Invent
— Building trust and relationships with clients
— Adapting flexibly to new clients, embedding effectively and supporting their objectives - Legal and Regulatory Expertise
— Able to navigate complex legal frameworks confidently
— Able to communicate technical information accurately
— Law graduate, Paralegal and Law Enforcement professional - had to write to standard required for court proceedings
— Regulatory specialist - had to draft policies and processes suitable for implementation in this context - Creating policies and processes to manage risks
— Able to use structured analytical problem solving skills to devise robust controls
— DSA RAs, OS Operational RA, LECP service management, process controls for managing sensitive intelligence and illegal content - Persuading and influencing senior decision makers
— Able to communicate impactfully to achieve business change, which will be essential in driving a culture change amongst regulated services
— Briefing senior leaders at Ofcom, including P&IT new function and revised approach to incident management - Leading teams to deliver business change and transformation
— Can run transformation projects from design to implementation and change management; transformation is a protracted effort
— Delivery Manager, Strategy Manager
— Agile and PM accreditations
— Team leader
— Strategy and op-model tx
When have you led a team on a project and had to deal with someone underperforming?
LECP Management of Delivery Team - Delivering Operational Monitoring
- Underperforming team member — 4mer
— Relatively junior
— Under-confident
— Not contributing to sprint planning or stand ups, performing mostly menial tasks
— Engaged in 1:1 coaching - sought detail on career goals and aspirations
— Former Google intern
— Very ambitious but lacked belief in skills
— Continuously encouraged him to contribute and push himself out of his comfort zone - Getting a key ally onside
— Leader of the team, respected and experienced engineer
— Not the best team player, not very inclusive
— Discussed the challenge with him and invited him to create more opportunities for less experienced colleagues. He liked being the single point of failure, he liked being depended on; this wasn’t good for the team
— He began stepping back from the detail and giving more opportunities for 4merd33p and M4x to contribute
— Created a more inclusive, collaborative team culture - Hosted in-person Team Day to build team relationships further
— Icebreaker sessions
— Mandated attendance - got all colleagues in a room together for first time
— Broke down barriers to communication and built stronger relationships between team members
Result?
— Delivered some impressive outcomes (OpsMon, GitLab upgrades, CyberArk)
— Improved team culture and collaboration
— Supported development of junior colleagues and created a high performing team
— Junior colleagues began enjoying their roles more and maximised their opportunities; more enjoyment —> increased performance
How would you go about solving a problem for a client?
- Refer to precedents and understand if colleagues have done something similar elsewhere. Learn from best practice.
- Discovery/Fact-finding
— Gather documentation
— Network
— Build relationships with key stakeholders
— Build understanding of project context
— Use RACI and strategic stakeholder engagement approaches - Define Project Plan and OKRs
— SMART
— OKRs
— Project type matters: Novel, Execution or Change? Identify the right project type.
— Ratify objectives with the client
— Set methods of reporting and governance to ensure clear lines of communication with clear stakeholders - Implement using Agile methods
— Deliver value early
— User feedback
— Continuous improvement and iteration - Review/Evaluation
— Assess performance using metrics
— Takeaway lessons learned for future reference
— Did you deliver what you set out to achieve? - Share lessons learned with wider ERC team to improve performance of the business; publicise successes where possible
What projects have you done relevant to this role?
- DSA RAs
- OS Operational RA
- LECP Service Management
- P&IT Operating Model and Processes for management of sensitive information
- OS Governance
- OpsMon delivery
What do you anticipate being some of the biggest challenges in the role, and how would you prepare for them?
- Horizon Scanning - Detecting emerging compliance obligations in a fractured international regulatory landscape
- Persuading/influencing - Driving business and cultural change with impactful briefings and trusting relationships
- Planning compliance - project managing compliance timelines and having an eye on changing requirements
- Managing public scrutiny — being proactive about compliance, showing what good looks like (not just ‘good enough’!); see Meta example
_________
— Persuading/influencing senior client stakeholders to drive business change and compliance
— Getting the business to understand the importance of compliance is essential
— Producing impactful recommendations that persuade and influence senior decision-makers
— Identifying the key decision-makers that need to be engaged with strategically to achieve compliance objectives
— Building trust is another pillar: getting the basics right provides a foundation to support the business with more complex transformation propositions
— Relationship building
— Being present is impactful, F2F
— Integrating culturally with teams, depending on their unique dynamics
- Managing competing timelines for compliance obligations
— Completing various RAs in parallel
— Project planning effectively
— Monitoring the pipeline of emerging policy to avoid missing anything critical - Horizon Scanning to Understand Changing Regulatory Obligations
— Complex regulatory landscape, need to stay on top of changing requirements and obligations
— E.g., alongside OSA compliance there are upcoming Additional IH Measures consultations, and the SoS will be publishing categorisation thresholds for services subject to additional measures
When did a project not go so well, and what did you learn from it?
LECP Delivery Manager for Support Team: first weeks lacked structure, inundated with high-priority incidents, escalating support requests. The team lacked structure and our reputation was damaged as a result.
— Learned from these ‘hard knocks’, what NOT to do
— Learned the importance of clear structure and processes for teams
— Defined a new HPIM process for the team: set out SLAs, incident categorisation framework, cascade list, reporting protocols, out-of-hours rota, PIR and Debriefing call steps
— Enabled more structured approach to risk management
— Learned from repeat incidents about persistent architecture problems e.g., overloading Splunk HF
— Team was more responsive and understood their roles/responsibilities
— Responded faster and more effectively
— Built an evidence base of historic platform incidents
How would you describe your leadership style?
As a leader, I am Transformational, not Transactional. This is what a member of my team recently shared with me in their feedback, and I view it as accurate.
- Intrinsic Motivations
— As with the junior members of my team: I hold 1:1s with colleagues to understand what motivates them, what do they enjoy most. I use this information to create opportunities tailored to their individual goals. - Empowerment
— As with the graduate colleagues on my team: I give colleagues freedom to approach problems, and I coach them to reach better conclusions. I want them to work through the problem themselves and learn what works, what doesn’t, and why. - Collaborative and Inclusive
— As with the Regulatory Strategy workshop: I recognise that colleagues have a huge contribution to offer. I want people to participate, to own problems and come up with creative solutions. I model that I don’t always know the answer, and I’m comfortable with that. It creates openness and honesty amongst team members.
— Agile delivery management suits my collaborative and inclusive leadership style
Are you ready for a Manager role?
I am a leader of teams, a D&I leader, a career mentor and accredited project manager.
- Leadership
— Led 2 x teams of Data Engineers on LECP Project
— Led 3 x BAs on DSA RA project
— Currently lead Ofcom’s Partnerships & Intelligence Team, c. 10 colleagues grown from 2
— Chair of Ofcom’s Faith Network, c. 80 members - Career Mentor
— I have regular 1:1s with Team members to support their growth and development
— I help them with goal setting, determining what it is they want to achieve during their time with the team
— Foster open communication and growth ji
— Using coaching techniques, asking questions and inviting reflection - Manager
— Agile PM
— PFQ
— Steering Complex Projects
— Know how to lead projects to successful outcomes: have down this across governance, budget, partnerships/intel,
What would a strategic approach to addressing compliance concerns look like?
- Effective horizon scanning
— Govt/Public Affairs team are tracking emerging regulation effectively
— Identifying new compliance obligations
— Perhaps automating this using enhanced technology, where possible - Strong GRC functions established
— Clear lines of responsibility and accountability for risk areas
— Good ‘tone at the top’, board level representation and respect for the importance of compliance
— Able to set new policies in response to regulatory requirements
— Access to a library of controls that can be used to address risks - Effective operations for implementing controls
— Embedding controls in 1st line of defence (day to day operations)
— Deploying different sets of controls across markets depending on the regulatory requirements within these operating environments
— Digital tools for monitoring implementation of controls e.g., risk intelligence dashboards - Coordinated/aligned approaches to regulatory compliance across markets
— There are varying compliance requirements across states
— There are also common threads to regulatory requirements across frameworks; the business can focus on deploying these cross/cutting ‘no regret’ measures to enable strategic implementation of its controls
What are your biggest weaknesses/AFD?
- Balancing professionalism with authentic leadership (FCA relationship development)
— Feedback from Senior Manager
— Want to perform well, want to achieve great results; sometimes strays into formality
— Manager encouraged changing this behaviour, creating space for stakeholders to be themselves - connecting with personal authenticity
— I’ve been trialling this with FCA, it’s been really helpful; analogy of ‘accumulating credit’ - Balancing commitment/enthusiasm with space to reflect and evaluate work, not spreading too thin (portfolio refresh at start of this year; taking 1-2 hours every Friday)
— Ongoing learning journey since Consulting role; avoiding being spread too thin
— It’s necessary to have some slack in your workload to create space for deep reflection and learning. You miss opportunities if you’re delivering 24/7; carve out the time.
— Recently did a stocktake of work portfolio and handed over BAU aspects of work to a colleague who could derive more learning from them. This has given me more space to reflect on the transformational work that is adding value for me.
What would you do to build relationships on a client assignment?
- Build trust and rapport
— Being authentic and personable, balanced with right amount of professionalism
— Through delivery of outcomes, being reliable
— Requesting introductions
Integrating with the team’s culture - Using In-Person Team-Building Opportunities
— Break down barriers to communication
— Team building days
— In-person engagement
— Socials
— This was particularly successful in my last Delivery Management role on LECP - Add value outside of the assignment
— Pro-bono work at Capgemini invent; led project to baseline CO2 emissions from the client’s digital infrastructure assets, which was crucial for building the firm’s relationship
What’s your approach to learning and development?
- CPD Reflection
- Certifications/Courses (hard and soft skills)
- Monitoring news feeds (Podcasts, News, Newsletters)
- Creating learning opportunities for others
_____
- CPD Log
— Always keep track of my learning
— Reflect on what I’m doing well and what I could do better
— Gap analysis vs promotion opportunities - Mentorship
— Recently started a mentee relationship with a senior Director at CMA
— Learning from the experiences of others - Certifications to consolidate skills
— SCP
— PFQ - Training around soft skills
— How to Lead at Ofcom
— Writing for Impact - General Knowledge
— Keeping on track of trends with reading and podcasts - Supporting L&D for others
— L&D WST devising training pathways for Strategy colleagues
— Led Fantastic Frameworks Lunch & Learns
