Senior Director – Enterprise Risk

Senior Director Enterprise Risk

Reporting to: Chief Legal, Risk & Compliance Officer

Role Overview

The Senior Director Enterprise Risk will lead the organisations Enterprise Risk Management (ERM) program and strengthen the companys operational resilience. The role is responsible for identifying, assessing, monitoring, and mitigating strategic, operational, cyber, regulatory, and third-party risks that could impact the organisations business objectives, financial stability, regulatory compliance, and reputation.

The position will also lead enterprise crisis management, business continuity, and operational resilience frameworks, ensuring the organisation is prepared to respond effectively to major disruptions. Working closely with senior leadership and governance functions, the role embeds risk awareness into decision-making and provides transparency to executive leadership and the Board on enterprise risk exposure.

Key Responsibilities

Enterprise Risk Management

• Lead the design, implementation, and continuous improvement of the organisations Enterprise Risk Management framework aligned with global standards such as COSO ERM and ISO 31000.
• Identify and assess strategic, operational, regulatory, financial, technology, and reputational risks across the enterprise.
• Maintain enterprise risk registers and ensure risk owners actively manage mitigation plans.
• Support the development of enterprise risk appetite frameworks aligned with organisational strategy.

Operational Risk & Resilience

• Monitor operational risks across delivery functions, technology environments, and business operations.
• Establish risk indicators and early-warning mechanisms to identify emerging risks.
• Strengthen operational resilience through structured risk mitigation and governance practices.

Crisis Management & Business Continuity

• Lead enterprise Crisis Management and Business Continuity frameworks aligned with ISO 22301 operational resilience standards.
• Establish crisis escalation protocols and cross-functional response mechanisms.
• Conduct crisis simulations and resilience testing to strengthen organisational preparedness.

Cyber & Third-Party Risk Oversight

• Monitor cyber risk exposure in coordination with Information Security teams.
• Ensure cyber threats and resilience metrics are incorporated into enterprise risk reporting.
• Implement third-party and vendor risk management frameworks including due diligence and risk monitoring.

Risk Governance & Reporting

• Prepare consolidated enterprise risk reports for executive leadership and the Board / Audit Committee.
• Provide insights on emerging risks including regulatory developments, technology risks, and geopolitical exposures.
• Develop enterprise risk dashboards and reporting mechanisms to strengthen governance and decision-making.

Cross-Functional Collaboration

The Senior Director Enterprise Risk will work closely with key governance functions:

• Information Security: Monitor cyber risk exposure and resilience frameworks
• Compliance & Legal: Address regulatory and compliance risks impacting operations
• Internal Audit: Support independent assurance activities and governance reviews
• Business Leadership: Ensure business units actively own and manage operational risks

Key Qualifications

• 14+ years of experience in enterprise risk management, operational risk, internal audit, or related governance functions within large or multinational organisations.
• Strong knowledge of risk frameworks such as COSO ERM, ISO 31000, or ISO 22301.
• Experience implementing crisis management, business continuity, and operational resilience programs.
• Proven ability to communicate complex risk insights to senior leadership and board committees.
• Strong analytical, governance, and stakeholder management capabilities.

Success Measures

• Enterprise risk framework effectively embedded across business units.
• Improved visibility and proactive management of enterprise risk exposure.
• Successful implementation and testing of crisis management and business continuity programs.
• Strong confidence from executive leadership and Board in enterprise risk reporting.