Head of Risk Job Description

Head of Risk Job Description

The Head of Risk is a senior leadership role responsible for designing, implementing and operating the organisation’s risk management framework — identifying, assessing and mitigating the financial, operational, regulatory and strategic risks that could affect the business’s objectives. Adrian Lawrence FCA, founder of FD Capital and a Fellow of the ICAEW, leads FD Capital’s risk and compliance recruitment practice. Our network includes Heads of Risk, Chief Risk Officers and risk management professionals with experience across FCA-regulated businesses, PE-backed corporates, financial services firms and listed groups.

This page provides a comprehensive Head of Risk job description — covering responsibilities, qualifications, salary benchmarks and career path — for organisations drafting a role specification, candidates building a career in risk leadership, or businesses evaluating whether a full-time, interim or fractional appointment best suits their risk management needs.

Call 020 3287 9501 or email recruitment@fdcapital.co.uk. Shortlists typically delivered within three to seven working days.

What Does a Head of Risk Do?

The Head of Risk — sometimes titled Director of Risk, Chief Risk Officer (CRO) or Head of Enterprise Risk — leads the risk management function and is typically accountable to the Chief Executive Officer, Chief Financial Officer or directly to the Board and Risk Committee. In FCA and PRA-regulated businesses, the role frequently carries a Senior Manager Function designation under the Senior Managers and Certification Regime (SMCR).

The core purpose of the role is to ensure the organisation understands and manages its risk exposure — providing the Board with confidence that risks are identified, assessed within appetite, appropriately mitigated, and that the risk culture across the business is sound. In financial services businesses, the Head of Risk is one of the most closely scrutinised senior appointments from a regulatory perspective.

Key Responsibilities

Enterprise Risk Framework

The Head of Risk designs, implements and maintains the enterprise risk management (ERM) framework — the policies, methodologies, tools and governance structures through which the organisation identifies, assesses, monitors and reports on risk. This includes defining the organisation’s risk appetite statement in consultation with the Board, establishing risk registers at business unit and group level, and ensuring the framework is aligned with recognised standards such as those published by the Institute of Risk Management (IRM) and the ISO 31000 risk management standard.

Risk Identification and Assessment

The Head of Risk leads the organisation’s risk identification process — working across all business units and functions to surface financial, operational, regulatory, strategic and reputational risks before they materialise. This includes facilitating risk workshops and scenario analysis, maintaining and updating the risk register, assessing the likelihood and potential impact of identified risks, and ensuring that emerging risks — including macroeconomic, geopolitical and technology-driven threats — are captured and evaluated on a continuous basis.

Financial Risk

In organisations with material financial risk exposures — including credit risk, market risk, liquidity risk and counterparty risk — the Head of Risk works alongside the Head of Treasury and CFO to ensure that financial risks are quantified, reported within appetite and mitigated through appropriate controls. In banking and financial services businesses, financial risk management is typically the largest and most technically demanding component of the role, requiring familiarity with Value at Risk (VaR) methodologies, stress testing and the Basel III capital framework.

Operational Risk

Operational risk — the risk of loss resulting from inadequate or failed internal processes, people, systems or external events — is a primary focus area for most Heads of Risk. Responsibilities include maintaining the operational risk event log, running the key risk indicator (KRI) framework, overseeing the control self-assessment (CSA) process, and ensuring that operational risk incidents are escalated, investigated and remediated in line with policy. In regulated businesses, operational resilience — the ability to absorb, adapt and recover from disruption — is an area of increasing regulatory focus under FCA and PRA operational resilience rules.

Regulatory and Compliance Risk

In FCA and PRA-regulated firms, regulatory risk management is a core responsibility of the Head of Risk. This includes monitoring the regulatory environment and assessing the impact of regulatory change on the business, supporting the compliance function on risk matters relating to FCA conduct requirements, SMCR obligations and Consumer Duty, and ensuring the business’s interactions with the FCA and PRA on risk-related matters are appropriately managed. FD Capital’s FCA regulated firms recruitment practice covers risk and compliance roles for firms under regulatory supervision.

Risk Reporting and Committee Governance

The Head of Risk prepares and presents risk reports to the Risk Committee, Audit Committee and Board — covering the risk profile, key risk indicators, appetite limit breaches, emerging risks and the effectiveness of risk mitigations. The role acts as secretary or adviser to the Board Risk Committee where one exists, and ensures that risk reporting is clear, timely and actionable for non-executive directors and senior leadership. The Basel Committee’s principles for risk data aggregation and reporting set the gold standard for risk reporting architecture in larger financial institutions.

Risk Culture and Training

Embedding a risk-aware culture across the organisation is a behavioural as much as a technical responsibility. The Head of Risk designs and delivers risk training programmes, promotes a culture in which risk is visible and discussed openly, and ensures that risk management is integrated into business planning, product development, new market entry and senior decision-making processes rather than treated as a retrospective compliance exercise.

Crisis Management and Business Continuity

The Head of Risk leads the development and testing of the organisation’s crisis management and business continuity plans — ensuring the business can respond to and recover from significant adverse events including cyberattacks, operational failures, regulatory interventions and external shocks. In regulated businesses, the FCA and PRA’s operational resilience frameworks require firms to identify their important business services, set impact tolerances and demonstrate their ability to remain within those tolerances through stress scenarios.

Team Leadership

The Head of Risk leads, develops and mentors the risk team — which may include risk analysts, risk managers, model risk specialists and operational risk business partners depending on the size and sector of the organisation. The role sets team objectives aligned to the Board-approved risk strategy and supports team members in pursuing professional qualifications through the IRM qualification framework or the Global Association of Risk Professionals (GARP) FRM designation.

Head of Risk in FCA-Regulated Firms

In FCA and PRA dual-regulated firms — including banks, insurers, investment managers and larger financial services businesses — the Head of Risk typically holds SMF4 (Chief Risk Function) designation under SMCR, making the postholder personally accountable to the regulator for the integrity of the risk framework. This carries significant personal liability and requires an individual with a demonstrably clean regulatory record, direct prior experience of FCA and PRA supervisory engagement, and the seniority and independence to challenge the business without fear of commercial pressure.

Key regulatory risk responsibilities in FCA-regulated firms include supporting the preparation of the Internal Capital Adequacy and Risk Assessment (ICARA) process — which replaced the ICAAP for IFPR-regulated firms in January 2022 — managing the firm’s relationship with its supervisory contact at the FCA, and providing risk input into the Consumer Duty implementation and ongoing monitoring framework. See our Chief Risk Officer recruitment page for the full senior risk leadership profile in regulated businesses.

Head of Risk in Corporate and PE-Backed Businesses

In non-regulated corporates and PE-backed businesses, the Head of Risk operates in a less prescriptive regulatory environment but faces equally demanding risk challenges — particularly around operational resilience, supply chain risk, cyber security risk and the financial risks associated with leveraged capital structures. In PE-backed businesses, the Head of Risk supports the CFO and Board in maintaining covenant compliance, stress testing the business plan against downside scenarios, and ensuring the risk framework is sufficiently robust to satisfy both the sponsor’s requirements and the expectations of lenders under the credit facility.

FD Capital’s PE CFO search and outsourced CFO practices work regularly with PE sponsors and portfolio companies on senior finance and risk appointments across all sectors.

Head of Risk vs Chief Risk Officer

The titles Head of Risk and Chief Risk Officer (CRO) are used interchangeably in many organisations, but in larger or more complex businesses there is a meaningful distinction. The CRO is typically a Board-level or C-suite appointment with an independent reporting line to the Board Risk Committee — providing a formal second line of defence that is structurally separate from the CFO and CEO. The Head of Risk is more commonly a senior operational leadership role that reports to the CFO, CEO or CRO, with responsibility for running the risk framework rather than providing independent Board-level challenge. In SMCR-regulated firms, SMF4 (Chief Risk Function) is the formal regulatory designation and is typically held by whichever of these individuals is most senior in the risk function. See our CRO recruitment page for the full Chief Risk Officer profile.

Qualifications and Experience

Qualifications

Most Heads of Risk hold a professional qualification in risk management, finance or a related discipline. Widely recognised risk management qualifications include the IRM’s Certificate and Diploma in Risk Management, the GARP Financial Risk Manager (FRM) designation and the Professional Risk Manager (PRM) qualification from PRMIA. Many Heads of Risk also hold accounting qualifications (ACA, ACCA, CIMA) or the CFA charter, particularly in financial services contexts. For roles in FCA and PRA-regulated businesses, a clean SMCR regulatory record and prior SMF4 experience are strongly preferred.

Experience

A minimum of 8–12 years of risk management experience, with at least 3–5 years in a senior risk leadership role, is the typical benchmark. Specific requirements include direct experience of building or operating an enterprise risk framework; risk committee and Board reporting experience; sector-specific risk knowledge appropriate to the business (financial services, PE-backed corporate, regulated industry); and, for FCA-regulated firms, prior direct engagement with the FCA or PRA supervisory process. Experience of managing risk functions through significant events — regulatory reviews, business model changes or crisis situations — is highly valued.

Head of Risk Salary Guide UK 2026

Total compensation typically includes annual performance bonus (15–50% of base depending on sector), car allowance, private medical insurance and pension contributions of 8–15%. In PE-backed businesses, equity participation may be available. For senior finance salary benchmarks see our Finance Director Salary Guide and CFO Salary Guide.

Career Path to Head of Risk

The Risk Specialism Route

Most Heads of Risk have built their career within risk functions: Risk Analyst (0–4 years) covering risk data, registers and reporting; Risk Manager (4–8 years) with framework ownership, committee reporting and business partnering; Senior Risk Manager (8–12 years) with team leadership, regulatory engagement and independent challenge responsibilities; and Head of Risk or CRO (12+ years) with Board accountability and full framework ownership. Professional development typically follows the IRM qualification pathway and/or the GARP FRM route.

The Finance or Audit Route

Some Heads of Risk transition from finance or internal audit backgrounds — particularly in corporate and PE-backed organisations where the risk function sits within a broader Group Finance remit. Chartered accountants (ACA, ACCA, CIMA) with internal audit or financial control backgrounds bring strong analytical and governance skills to risk leadership roles, particularly where financial risk, model risk or regulatory capital are the primary risk concerns.

Related Services

Businesses considering a Head of Risk appointment may also be interested in: Chief Risk Officer Recruitment | Risk and Compliance Recruitment | SMCR Compliance Recruitment | CCO Recruitment | Financial Crime Recruitment | Outsourced CFO | Interim CFO | FCA Regulated Firms Recruitment | CFO Executive Search | Head of Treasury Job Description