Risk managers advise organisations on any potential risks to the profitability, safety, security or existence of the company
As a risk manager you'll be responsible for managing the risk to an organisation, its employees, customers, reputation, assets and interests of stakeholders.
You'll identify and assess threats to an organisation, put plans in place for if things go wrong and decide how to avoid, reduce or transfer risk.
Areas of risk management
You may work in a variety of sectors and specialise in a number of areas, including:
- business continuity
- commodity (buying and selling) risk
- corporate governance
- enterprise risk
- environmental risk
- financial risk
- information and security risk
- market and credit risk
- regulatory and operational risk
- technology risk.
Specific tasks will vary considerably depending on the area of risk you work in, for example financial or operational risk management, how specialised your role is and the level at which you're working.
However, as a risk manager, you'll typically need to:
- plan, design and implement an overall risk management process for the organisation
- make risk assessments, which involves analysing risks as well as identifying, describing and estimating the risks affecting the business
- evaluate risk, which involves comparing estimated risks with criteria established by the organisation such as costs, legal requirements and environmental factors, and evaluate previous handling of risks
- establish and quantify the organisation's 'risk appetite', i.e. the level of risk they are prepared to accept
- report risk in an appropriate way for different audiences, for example, to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks
- undertake corporate governance involving external risk reporting to stakeholders
- carry out processes such as purchasing insurance, implementing health and safety measures, and making business continuity plans to limit risks and prepare for if things go wrong
- conduct audits of policy and compliance to standards, including liaison with internal and external auditors
- provide support, education and training to staff to build risk awareness within the organisation.
- Risk management is not an entry-level role. Typical salaries for those starting in a risk technician role start at around £21,000, rising to around £23,000 to £30,000 for risk analysts.
- Salaries for risk managers are around £30,000 to £45,000, depending on your experience.
- Senior risk managers can earn around £45,000 to £70,000, rising to in excess of £70,000 for those with substantial experience at director level.
Salaries vary widely depending on the sector, level of responsibility and location. The highest salaries are found in financial sectors and in London-based positions.
Income figures are intended as a guide only.
Working hours are typically 9am to 5pm, Monday to Friday. You can expect to work additional hours at more senior levels.
Part-time work and career breaks are possible and are more likely in larger organisations.
What to expect
- Work is primarily office based but often includes visits to other offices to see clients (if you're working in consultancy) or to sites (if you're working in sectors such as construction or energy). At a more senior level, you may spend time away from the office at conferences.
- There are opportunities for self-employment for experienced risk managers who want to set up their own consultancy. There may also be opportunities to work abroad as demand for risk managers is growing, particularly in fast-developing economies.
- Work in risk management can carry personal liability, in particular with relation to the health and safety elements of risk work.
- Travel within the working day is common, but this depends on the size of the organisation and your level of responsibility. Risk management jobs are available across the UK.
- Overseas travel may be required if you're working for a company that operates internationally.
Although this area of work is open to all graduates, a degree in one of the following subjects may increase your chances:
- finance or economics
- management or business studies
- risk management
Postgraduate qualifications are not essential but can be useful, particularly if your degree is in an unrelated subject. Masters degrees in risk management are available at a number of universities. Courses cover risk management as a whole or focus on particular areas such as corporate and financial or health and safety risk management. Search for postgraduate courses in risk management.
Graduates of less relevant subjects could also consider taking the Institute of Risk Management (IRM) International Certificate in Enterprise Risk Management, which provides an introduction to risk management and might help increase their chances of gaining an entry-level position.
Students on risk management degree and postgraduate courses are able to apply for free student membership of the IRM. See the IRM website for details of the different levels of membership available.
It's also possible to get into a career in risk by taking an apprenticeship, which combines paid work with part-time study. Apprenticeships are available at various levels, including degree-level.
You could also start in an administrative role before working your way up to a risk assistant position and then progressing on to a risk manager role. Employers expect A-levels or equivalent qualifications for entry through this route.
You'll need to have:
- interpersonal, communication and presentation skills
- problem-solving and decision-making abilities
- analytical skills
- a good eye for detail
- negotiation skills and the ability to influence people
- resilience and the ability to cope under pressure
- planning and organisation skills
- the ability to react quickly and think on your feet
- technical acumen
- the skills to be a team player and to work on our own
- leadership qualities
- numerical skills and the ability to evaluate costs
- a proactive approach to work, in terms of suggesting changes and improvements to processes and systems
- commercial awareness and the ability to understand broad business issues.
Employers look for experience or knowledge of risk management. In order to start building up your experience, you could do a year's industrial placement as part of your course or look for summer work placements or internships. Doing a placement provides you with practical experience and helps you develop a network of contacts that may be useful for future job opportunities.
Experience in a particular industry, for example the financial sector, could also be helpful if it relates to the sector you want to specialise in.
Risk management is a fast-growing profession with large graduate employers increasingly offering opportunities to train and specialise in this function at graduate-entry level. This is especially true in the banking and capital market sectors, which are employing more people in their risk teams.
Risk managers are employed in the public sector, charities and in private organisations. Some small organisations carry out risk management duties in the finance or operations departments.
Employers of risk managers include:
- banks and financial companies
- central and local government
- commercial businesses
- energy and utilities companies
- engineering and construction companies
- insurance companies
- NHS trusts.
Look for job vacancies at:
- ALARM - risk management vacancies in the public sector.
- The Association of Insurance and Risk Managers (AIRMIC)
- Insurance Jobs - risk management jobs in insurance.
Individual companies may advertise opportunities on their websites. Recruitment agencies and LinkedIn also advertises vacancies.
Some organisations run graduate schemes and you'll follow a programme of training, often rotating around different sections to get an overview of the whole business. If you're not on a graduate scheme, most training is carried out on the job, learning from more senior colleagues, and supplemented by internal or external training.
For those new to the career, the IRM provides the International Certificate in Enterprise Risk Management, an introductory distance-learning qualification, which takes five to nine months to complete.
The IRM also offers an International Diploma in Risk Management, which is a postgraduate qualification for risk management professionals. The diploma usually takes around three years to complete and is undertaken by distance learning. IRM Certificate and Diploma students have the option to join the IRM as student members during their studies.
Other professional bodies which offer sector or occupation-specific training include:
- CFA Institute
- Chartered Insurance Institute (CII)
- Global Association of Risk Professionals (GARP)
- National Examination Board in Occupational Safety and Health (NEBOSH)
You can study postgraduate courses in risk management, sometimes on a distance-learning basis. These courses can be a way to develop your career and may be supported by your employer.
Continuing professional development (CPD) is also important and the IRM has a range of courses and training events running throughout the year, to help risk managers keep up to date with developments in the area and refresh their skills.
You're likely to start in the risk management profession through a graduate training programme or enter at a risk technician/analyst level. With experience, your career can develop to the level of risk manager, with progression to chief risk officer (CRO) after ten or more years' experience.
Opportunities for career development are increasing as organisations are often recognising the need to appoint CROs as board members. Departments are also restructuring and making risk a key part of their strategy.
Risk management roles and experience can be transferred across a range of sectors, and risk managers enjoy great flexibility in the transferability of their expertise and skills. Transferring across sectors can often open up opportunities to gain higher salaries, better prospects and sponsorship of further qualifications.
Self-employment is also possible and risk managers may progress to open their own consultancy or become freelance contractors.