Application · Enterprise Account Executive, UK

Safety is not a constraint on your UK enterprise sales. It is the strategy.

In Britain's banks, insurers, utilities and law firms, AI deals are won with CIOs, COOs and business leaders, and they are lost with the people paid to say no: the CRO, the CISO, the general counsel, the second line of defence. I have spent seven years closing deals that had to survive exactly those people, selling risk, compliance and security software into regulated enterprise. This page is my application, my territory thesis, and a working demonstration of your product, in that order.

Evidence

Claims are cheap. Here is the record: seven years of full-cycle enterprise SaaS, three challenger vendors, one repeated pattern of creating trust where there was scepticism.

0years, enterprise B2B SaaS
#0international rep worldwide, KnowBe4
0%best quarterly attainment
top performance awards, LogicGate
Closed won · Retail

National food retailer and mutual

Six-figure ARR platform deal, won in competitive evaluation against established US vendors on depth of discovery and a configuration-led proof of value. The buying committee included risk, audit and IT security.

Closed won · CNI

Big Six energy utility

Six-figure ARR plus a larger services engagement into critical national infrastructure: CNI security review, cyber assessment framework alignment and utility procurement, navigated end to end.

Pattern

Three vendors, one motion

KnowBe4, LogicGate, Corporater: each a challenger brand sold to sceptical regulated buyers. Consistent top performer at all three, including 122% full-year attainment. Currently running UK and Ireland as sole go-to-market lead.

Market creation

Demand built from nothing

Executive events hosted at the Houses of Parliament, practitioner communities run by hand, relationships with the GRC analyst community, full enterprise bids built from first principles. No inbound tailwind, no brand gravity, no excuses.

The territory thesis

How I would sell Claude into UK regulated enterprise. The common thread: sell to the business and technology leaders who own the problem, bring the people who can veto them into the room early, and let Anthropic's governance posture do work no competitor's can. Pick a sector.

The buyer's real position

Personal accountability under SMCR. Operational resilience obligations under DORA and FCA outsourcing rules. A model risk team that will ask how an output was produced and expects a documented answer. An innovation team pushing from one side, a second line holding the other.

Where I would start

With the buyers who own the problem: the COO with a complaints backlog, the CIO with a board mandate, operations leaders measured on cycle time. Open with high-volume, human-reviewed document work such as complaints handling and KYC file review, where value lands in weeks. My edge: bring operational risk and compliance into the room early, on their own terms, so the function that vetoes most AI deals helps design this one.

The objection I expect, and the answer

"We cannot put regulated processes on a model we do not control." Right instinct, wrong conclusion. The institution does not need to control the model, it needs to control the process around it: bounded use cases, human review points, logged decisions. That is governance design. I would bring their risk function into that design from the first workshop, because a second line that co-authored the controls will defend the deployment at committee.

The buyer's real position

NIS regulations and the Cyber Assessment Framework. A hard wall between OT and IT, with justified caution about anything approaching operational systems. Decades of engineering knowledge retiring out of the workforce with no succession plan.

Where I would start

With the CIO and engineering directors, firmly on the IT side of the wall: knowledge management, regulatory submission drafting, asset documentation. Enormous document estates, chronic analyst shortage, zero OT exposure. I have sold through this sector's procurement frameworks and security reviews before; the route is slow, the moat once inside is deep.

The objection I expect, and the answer

"Our security team will never approve a cloud AI service." They approved cloud platforms holding their entire risk register, because a vendor did the assurance work properly. I have taken CNI security teams through that exact journey. It is paperwork, patience, and respect for their process. Most vendors fail on the third one.

Days 1 to 30

Product and compliance depth first: security collateral, enterprise controls, deployment patterns, building on the Claude Foundations certification I am already studying for. Map the territory by second line, not just by logo. Activate an existing network of UK risk practitioners and GRC analysts built over seven years.

Days 31 to 60

First workshops run with the risk function in the room from the start. Three lighthouse pursuit plans built, sequenced by regulatory driver rather than by hype. Feedback loop opened to product and marketing on regulated-buyer objections.

Days 61 to 90

Qualified pipeline coverage established, one flagship evaluation underway with a named executive sponsor and second-line co-design. A repeatable regulated-industry playbook documented for the wider team, because playbooks should outlive their author.

Why Anthropic, specifically

Every regulated UK institution is caught in the same squeeze: board pressure to deploy AI, and regulatory pressure not to get it wrong. Under SMCR, accountability is personal. Under DORA and the FCA's operational resilience rules, an ungoverned dependency is a reportable one. The AI vendor that wins these accounts will not be the one with the loudest demo. It will be the one whose safety story survives scrutiny by a second line of defence, in writing.

That is why I am applying here and not elsewhere. Anthropic's governance posture is not marketing copy, and this year it was stress-tested in public: asked to remove its safeguards against fully autonomous weapons and mass domestic surveillance as the price of keeping its US government business, Anthropic refused, and absorbed the cost. My buyers write risk appetite statements every year. Very few organisations honour one when it becomes expensive. To a regulated buyer that episode is not politics, it is diligence evidence: proof that this vendor's red lines hold under pressure, which is precisely the question every second line of defence asks about an AI supplier.

The rest of the posture reads the same way to a practitioner. A Responsible Scaling Policy is a risk appetite statement. Interpretability research is auditability. Not training on enterprise data by default is a data governance control. I have sat in the rooms where documents like these get read, and I know what it means for a salesperson to arrive holding them: it means the function that vetoes most AI deployments can be turned into an advocate for yours.

Most vendors treat the second line of defence as an obstacle on the way to the deal. I have built a career on making them the sponsor of it.

My own reasons predate the boom. In 2021, before ChatGPT existed, I heard Mo Gawdat's warnings about where AI was heading, and it reframed this technology for me from an interesting industry into the most consequential governance problem of my working life. I am not applying because AI is having a moment. I am applying because if I am going to spend the next decade selling something, I want it to be the version of this technology built by the people who took the risk seriously before it was commercially convenient to.

The moment this became inevitable

This is not a stunt built for an application. It is a conclusion I reached the hard way.

I tried to disrupt my own industry, and it worked

Using Claude, I built a working prototype of the kind of risk-analysis software I have spent seven years selling. I cannot write code. It worked anyway, and practitioners I respect told me it addressed problems their current tools do not. Somewhere in the middle of building it, the conclusion became unavoidable: if a salesperson can produce working software in the category he sells, every enterprise software category is about to be remade, and the company making that possible while trying to make it safe is the most consequential vendor in the market.

That left me a choice. Spend the next five years building one risk product on top of Claude, or spend them helping Britain's largest institutions do what I did to my own category, safely, across every workflow they have. This application is the second choice.

Claude is already load-bearing in how I sell: enterprise RFP responses, interactive bid microsites, commercial models, board-level Q&A packs built overnight between a presentation and its follow-up. This site is the proof in miniature, from concept to production URL in a working day with no hand-written code. That is the story your enterprise buyers need to hear, and I can tell it in the first person.

Reasons not to hire me

Every application generates objections, and most candidates hope you will not raise them. Here are mine, raised first, with honest odds that each is already on your mind. Click one for the answer.

#The objectionOdds you think itStatus

The answer: True. What I have sold for seven years is trust in an intangible product, to buyers whose careers depend on not making a mistake: security awareness when phishing was a novel board topic, then governance and risk platforms into second lines of defence. Selling Claude to a UK bank is not a technology sale. It is a trust and defensibility sale, and that is the only kind I have ever done.

The answer: Seven years of top-tier attainment, a country run as sole go-to-market lead, and domain depth that risk practitioners and industry analysts treat as peer-level. I learned DORA, NIS2, SMCR and operational resilience the way I will learn frontier AI: because understanding the buyer's world better than any other vendor is the entire job.

The answer: You are reading it. This site was designed, written, built and deployed with Claude, by a person who cannot write a line of JavaScript, in a day. I am not only applying to sell the product. I am the customer evidence: the domain expert who now ships software because Claude closed the gap. I can tell that story to a room of enterprise buyers with total conviction, because it is mine.

The answer: Guilty as charged, gladly. At a challenger vendor there is no brand gravity and nobody else to run the bid: you build the pipeline, the events, the champions, the commercial model and the close yourself. A UK enterprise motion that is still being created needs people who make markets, not people who harvest them.

The answer: A fair objection to expect, since every candidate now claims to care about safety. My suggested test: judge by dates and by homework. My concern about AI risk is datable to 2021, before ChatGPT existed, and I can tell you exactly what prompted it. And this page argues from your published governance posture to named UK regulatory drivers, because I read those documents the way my buyers do. Performative alignment rarely predates the boom, and it does not usually survive contact with a risk committee. Mine has been doing so, professionally, for seven years.

The answer: None available. I want this one. The only independent assessment is an interview.

Recommend escalation to interview

Charlie Hollinrake · York and London, UK. Currently Country Manager, UK & Ireland at a European GRC software vendor.