Risk managers advise organisations on any potential risks to the profitability or existence of the company. They identify and assess threats, put plans in place for if things go wrong and decide how to avoid, reduce or transfer risks.
Risk managers are responsible for managing the risk to the organisation, its employees, customers, reputation, assets and interests of stakeholders. They may work in a variety of sectors and may specialise in a number of areas including:
- enterprise risk;
- corporate governance;
- regulatory and operational risk;
- business continuity;
- information and security risk;
- technology risk;
- market and credit risk.
Specific tasks depend on the industry in which you are working, how specialised your role is and the level at which you are working. However, key activities may include:
- planning, designing and implementing an overall risk management process for the organisation;
- risk assessment, which involves analysing risks as well as identifying, describing and estimating the risks affecting the business;
- risk evaluation, which involves comparing estimated risks with criteria established by the organisation such as costs, legal requirements and environmental factors, and evaluating the organisation's previous handling of risks;
- establishing and quantifying the organisation's 'risk appetite', i.e. the level of risk they are prepared to accept;
- risk reporting in an appropriate way for different audiences, for example, to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks;
- corporate governance involving external risk reporting to stakeholders;
- carrying out processes such as purchasing insurance, implementing health and safety measures and making business continuity plans to limit risks and prepare for if things go wrong;
- conducting audits of policy and compliance to standards, including liaison with internal and external auditors;
- providing support, education and training to staff to build risk awareness within the organisation.
- Risk manager is not an entry-level role. Typical starting salaries for those starting in a risk technician role are around £21,250.
- Risk analysts with between one and six years' experience can earn from £29,000 to £44,000.
- With several years' experience at risk manager level, salaries can range from £46,500 to £74,000. With substantial experience at director level it is possible to earn £70,000 or more.
Salaries vary widely depending on the sector, level of responsibility and location. The highest salaries are found in financial sectors and in positions based in London.
Income data from Discover Risk. Figures are intended as a guide only.
The working hours are typically 9am to 5pm, Monday to Friday. Additional hours can be expected at more senior levels.
Part-time work and career breaks are possible and are more likely in larger organisations.
What to expect
- Work is primarily office based but often includes visits to other offices to see clients (if working in consultancy) or to sites (if working in sectors such as construction or energy). At a more senior level, time may be spent away from the office at conferences.
- There are opportunities for self-employment for experienced risk managers who want to set up their own consultancy.
- Risk management jobs are available across the UK.
- Work in risk management can carry personal liability, in particular with relation to the health and safety elements of risk work.
- Travel within the working day is common, but this depends on the size of the organisation and your level of responsibility.
- Overseas travel may be required if you are working for a company that operates internationally.
Although this area of work is open to all graduates, a degree in the following subjects may increase your chances:
- risk management;
- finance or economics;
- management or business studies.
Graduates of risk management courses and courses with risk management content are sought after and targeted by recruiters of risk managers.
Students on risk management degree and postgraduate courses are able to apply for free student membership of the Institute of Risk Management (IRM), which can help with job prospects. See the IRM website for details of the different levels of membership available.
Postgraduate qualifications are not essential but can be advantageous. A Masters in risk management is available at a number of universities and may be particularly relevant for those who have not completed a risk management-related degree.
Entry without a degree is possible, but it would usually entail a career path through an administrative role, working up to a risk assistant position and progressing to a risk manager role. Employers would expect A-levels or equivalent qualifications for entry through this route.
Graduates of less relevant subjects can also take the IRM's International Certificate in Risk Management to give them an introduction to risk management and increase their chances of getting an entry-level position.
You will need to show evidence of the following:
- technical acumen;
- problem-solving and decision-making abilities;
- analytical skills and a good eye for detail;
- ability to cope under pressure;
- planning and organisation skills;
- negotiation skills and the ability to influence people;
- good communication and presentation skills;
- commercial awareness;
- numerical skills and the ability to evaluate costs;
- ability to understand broad business issues.
At the higher levels, employers look for experience or knowledge of risk management so it may be useful to get work placements during the holidays if they are not part of your course. This could set you up with risk and insurance contacts, which could help with future job prospects.
Experience in a particular industry could also be helpful if it relates to the sector in which you wish to specialise your risk management role.
Risk management is a fast-growing profession with large graduate employers increasingly offering opportunities to train and specialise in this function at graduate entry level. This is especially true in the banking and capital market sectors, which are employing more people in their risk terms.
Risk managers are employed in the public sector and in private organisations. Some small organisations carry out risk management duties in the finance or operations departments.
Employers of risk managers include:
- insurance companies;
- NHS trusts;
- local authorities;
- engineering and construction companies;
- energy and utilities companies;
- charities and commercial businesses.
Look for job vacancies at:
- ALARM - vacancies in the public sector.
- The Association of Insurance and Risk Managers (AIRMIC) - has job listings in its members' section.
- Enterprise Risk Magazine (IRM)
- Institute of Risk Management (IRM)
- Jobs In Risk
- National and regional press.
Individual companies may advertise opportunities on their websites.
There are specialist recruitment agencies which have details of risk management vacancies. These include:
- Adam Appointments - agency for risk management recruitment in Scotland;
- IPS Group - recruitment of risk managers in a variety of sectors and locations.
For those new to the career, there is an introductory distance-learning qualification that takes six to nine months to complete. The International Certificate in Risk Management is provided by the Institute of Risk Management (IRM).
The IRM offers an International Diploma in Risk Management, which is a postgraduate qualification for risk management professionals. New topics have recently been added to reflect the demands of the profession in the current economic climate such as:
- risk culture;
- global risk events;
- resilience and cyber risk.
The diploma usually takes three to five years to complete and is undertaken by distance learning. IRM Certificate and Diploma students have the option to join the IRM as student members during their studies. Some risk management undergraduate and postgraduate courses offer exemptions from IRM professional qualifications.
The IRM also offer the more specialist Certificate of Risk Management in Financial Services, which may be useful for those working in this sector.
Other professional bodies which offer sector - or occupation-specific training include:
- CFA Institute
- Chartered Insurance Institute (CII)
- Global Association of Risk Professionals (GARP)
- National Examination Board in Occupational Safety and Health (NEBOSH)
The most appropriate body will depend on the type of role and sector in which you are working.
You can study postgraduate courses in risk management, sometimes on a distance-learning basis. These courses can be a way to develop your career and may be supported by your employer.
Continuing professional development (CPD) is also important and the IRM has a range of courses and training events running throughout the year, to help risk managers keep up to date with progress in the area and refresh their skills.
In many areas of risk management, networking with others is important. This can take place through informal networks, professional conferences and networks for regional and specialist areas. The IRM has specialist interest groups in areas such as enterprise risk management and legal risk.
Those entering the risk management profession are likely to start through a graduate training programme or enter at a risk assistant/associate level.
On gaining experience, your career can develop to the level of risk manager, with progression to chief risk officer (CRO) after ten or more years' experience.
Opportunities for career development are increasing as organisations are often recognising the need to appoint CROs as board members. Departments are also restructuring and making risk a key part of their strategy.
Risk management roles and experience can be transferred across a wide range of sectors, and risk managers enjoy great flexibility in the transferability of their expertise and skills. Transferring across sectors can often open up opportunities to gain higher salaries, better prospects and sponsorship of further qualifications.
Self-employment is also possible and risk managers may progress to open their own consultancy.