Risk managers advise organisations on any potential risks to the profitability, safety, security or existence of the company
You'll identify and assess threats to an organisation, put plans in place for if things go wrong and decide how to avoid, reduce or transfer risk.
Areas of risk management
You may work in a variety of sectors and specialise in a number of areas, including:
- business continuity
- commodity (buying and selling) risk
- corporate governance
- enterprise risk
- environmental risk
- financial risk
- information and security risk
- insurance risk
- market and credit risk
- regulatory and operational risk
- technology risk.
Specific tasks will vary considerably depending on the area of risk you work in, for example financial or operational risk management, how specialised your role is and the level at which you're working.
However, as a risk manager, you'll typically need to:
- plan, design and implement an overall risk management process for the organisation
- make risk assessments, which involves analysing risks as well as identifying, describing and estimating the risks affecting the business
- evaluate risk, which involves comparing estimated risks with criteria established by the organisation such as costs, legal requirements and environmental factors, and evaluate previous handling of risks
- establish and quantify the organisation's 'risk appetite', i.e. the level of risk they are prepared to accept
- report risk in an appropriate way for different audiences, for example, to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks
- undertake corporate governance involving external risk reporting to stakeholders
- carry out processes such as purchasing insurance, implementing health and safety measures, and making business continuity plans to limit risks and prepare for if things go wrong
- review risk policies regularly to ensure they are compliant with relevant new legislation
- conduct audits of policy and compliance to standards, including liaison with internal and external auditors
- provide support, education and training to staff to build risk awareness within the organisation.
- Risk management is not an entry-level role. Typical salaries for those starting in a risk technician role are around £21,000, rising to in the region of £30,000 or more for risk analysts.
- Salaries for risk managers are around £30,000 to £45,000, depending on your experience.
- Senior risk managers can earn in the region of £45,000 to £80,000, rising to in excess of this amount for those with substantial experience at director level.
Salaries vary widely depending on the sector, level of responsibility and location. The highest salaries are found in financial sectors and in London-based positions.
Income figures are intended as a guide only.
Working hours are typically 9am to 5pm, Monday to Friday. You can expect to work additional hours at more senior levels.
Part-time work and career breaks are possible and are more likely in larger organisations.
What to expect
- Work is primarily office based but often includes visits to other offices to see clients (if you're working in consultancy) or to sites (if you're working in sectors such as construction or energy). At a more senior level, you may spend time away from the office at conferences.
- There are opportunities for self-employment for experienced risk managers who want to set up their own consultancy. There may also be opportunities to work abroad as demand for risk managers is growing, particularly in fast-developing economies.
- Work in risk management can carry personal liability, in particular with relation to the health and safety elements of risk work.
- The amount of travel involved in the working day depends on the size of the organisation and your level of responsibility. Risk management jobs are available across the UK.
- Overseas travel may be required if you're working for a company that operates internationally.
Although this area of work is open to all graduates, a degree in one of the following subjects may increase your chances:
- finance or economics
- management or business studies
- risk management
Some large companies offer risk management graduate training schemes in areas such as financial, operational, technological and enterprise risk.
Postgraduate qualifications are not essential but may be useful, particularly if your degree is in an unrelated subject. Masters degrees in risk management are available at a number of universities. Courses cover risk management as a whole or focus on particular areas such as corporate and financial risk management, health and safety risk management, and risk, crisis, disaster and resilience management.
If your degree is in a less relevant subject, you could consider taking the Institute of Risk Management (IRM) International Certificate in Enterprise Risk Management, which provides an introduction to risk management and might help increase your chances of gaining an entry-level position.
Students on risk management degree and postgraduate courses are able to apply for free student membership of the IRM. See the IRM website for details of the different levels of membership available.
It's also possible to get into a career in risk by taking an apprenticeship, which combines paid work with part-time study. Apprenticeships are available at various levels, including degree-level.
You could also start in an administrative role before working your way up to a risk assistant position and then progressing on to a risk manager role. Employers expect A-levels or equivalent qualifications for entry through this route.
You'll need to have:
- interpersonal, communication and presentation skills
- problem-solving and decision-making abilities
- analytical skills
- a good eye for detail
- negotiation skills and the ability to influence key stakeholders
- resilience and the ability to cope under pressure
- planning and organisation skills
- the ability to react quickly and think on your feet
- technical acumen
- the skills to be a team player and to work on your own
- leadership qualities
- numerical skills and the ability to evaluate costs
- a proactive approach to work, in terms of suggesting changes and improvements to processes and systems
- commercial awareness and the ability to understand broad business issues.
Employers look for experience or knowledge of risk management. In order to start building up your experience, you could do a year's industrial placement as part of your course or look for summer work placements or internships. Doing a placement provides you with practical experience and helps you develop a network of contacts that may be useful for future job opportunities.
Experience in a particular industry, for example the financial sector, could also be helpful if it relates to the sector you want to specialise in.
Find out more about the different kinds of work experience and internships that are available.
Risk management is a fast-growing profession with large graduate employers increasingly offering opportunities to train and specialise in this function at graduate-entry level. This is especially true in the banking and capital market sectors, which are employing more people in their risk teams.
Risk managers are employed in the public sector, charities and in private organisations. Some small organisations carry out risk management duties in the finance or operations departments.
Employers of risk managers include:
- auditing firms and consulting groups that specialise in risk management
- banks and asset and wealth management companies
- central and local government
- charities and not-for-profit organisations
- commercial businesses
- emergency services
- energy and utilities companies
- engineering and construction companies
- insurance companies
- IT and telecommunications companies
- logistics companies
- NHS trusts and care providers
- school, college, universities and exam boards
- transport and infrastructure industries.
Look for job vacancies at:
- The Association of Insurance and Risk Managers (AIRMIC)
- CII Careers - includes risk management jobs in insurance and financial planning.
Individual companies may advertise opportunities on their websites. Recruitment agencies and LinkedIn also advertises vacancies.
Some large organisations run risk management graduate schemes and you'll follow a programme of training, often rotating around different sections to get an overview of the whole business. You may take specific qualifications as part of your training, e.g. accountancy qualifications, depending on the type of risk you're managing.
For those new to the career, the IRM provides the International Certificate in Enterprise Risk Management, an introductory distance-learning qualification, which takes six to nine months to complete.
The IRM also offers an International Diploma in Risk Management, which is a postgraduate qualification for risk management professionals. The diploma usually takes around three years to complete and is undertaken by distance learning. IRM Certificate and Diploma students have the option to join the IRM as student members during their studies.
Membership of the IRM is useful in terms of opportunities for continuing professional development (CPD). They have a range of courses and training events running throughout the year, to help risk managers keep up to date with developments in the area and refresh their skills.
The IRM has several membership grades. The highest level is Certified Member (CMIRM), for those who have the required technical competence, broad experience and a commitment to professional development, which allows you to use the title Certified Risk Professional.
Other professional bodies offering sector or occupation-specific training and qualifications include the Chartered Insurance Institute (CII). Completion of the CII Advanced Diploma in Insurance enables you to apply for Chartered Insurance Risk Manager status (subject to having five years' experience, not necessarily post-qualification).
You can also study postgraduate courses in risk management, sometimes on a distance-learning basis. These courses can be a way to develop your career and may be supported by your employer.
You're likely to start in the risk management profession through a graduate training programme or enter at a risk technician/analyst level. With experience, your career can develop to the level of risk manager, with progression to chief risk officer (CRO) after ten or more years' experience.
Opportunities for career development are increasing as organisations are often recognising the need to appoint CROs as board members. Departments are also restructuring and making risk a key part of their strategy.
Risk management roles and experience can be transferred across a range of sectors, and risk managers enjoy great flexibility in the transferability of their expertise and skills. Transferring across sectors can often open up opportunities to gain higher salaries, better prospects and sponsorship of further qualifications.
Self-employment is also possible and risk managers may progress to open their own consultancy or become freelance contractors.