Risk & Governance Manager - SC CLEARANCE NEEDED

PLEASE ONLY APPLY IF YOU HAVE CURRENT, TRANSFERABLE SC CLEARANCE

• Owning and developing the organisation's enterprise risk management (ERM) framework, policies and processes, ensuring they are fit for purpose, Embedded across the organisation and aligned with HM Treasury's Orange Book, MOD risk policy and IRM standards
• Leading the design and maintenance of the organisation's corporate risk register, facilitating regular risk reviews with senior leaders and ensuring risks are accurately assessed, owned and mitigated in line with the organisation's risk appetite
• Providing expert advice, challenge and support to business areas on risk identification, assessment, treatment and escalation - fostering a culture of proactive, proportionate risk management across the organisation
• Preparing high-quality risk management reports, papers and horizon-scanning intelligence for the Executive Leadership Team, the Board and Audit and Risk Assurance Committee (ARAC)
• Leading on governance frameworks and committee structures, including maintaining terms of reference, assurance mapping and governance documentation in line with central government requirements
• Managing and developing the organisation's Business Continuity Management (BCM) programme in line with ISO 22301, coordinating Business Impact Analyses, Business Continuity Plans and exercising schedules
• Supporting the Head of Business Assurance in maintaining and evolving the integrated management system (IMS) and providing second-line assurance across the organisation's ISO certified systems (ISO 9001, ISO 14001, ISO 22301, ISO 45001)
• Coordinating the organisation's management of audit and inspection activity from external parties, including MOD internal audit, the National Audit Office, and certification body surveillance visits
• Maintaining awareness of developments in the Government Risk Profession, central government assurance expectations, and broader regulatory or legislative changes affecting the organisation as a trading fund and MOD executive agency
• Building capability across the organisation through training, guidance and communications on risk management

Experience:

• Substantial experience in enterprise risk management, governance or a second-line assurance function - ideally within a government department, regulated body or complex organisation
• Demonstrable experience of developing and embedding risk frameworks, policies and processes, with evidence of influencing senior leadership and Boards on risk matters
• Experience of preparing and presenting high-quality risk and governance reports to senior stakeholders and governance committees
• Strong understanding of HM Treasury's Orange Book risk management principles or equivalent government/MOD risk frameworks
• Familiarity with business continuity management and ISO management systems (ISO 22301 and/or ISO 9001)
• Experience of working in or alongside a second-line assurance or internal audit function

Technical Skills:

• Strong analytical and critical thinking skills, able to assess complex risk landscapes and present balanced, evidence-based advice
• Excellent written communication skills - able to produce clear, authoritative reports, board papers and briefings to senior audiences
• Sound understanding of corporate governance frameworks and the three lines of defence model

Person Specification - Desirable Criteria

• Membership of the Institute of Risk Management (MIRM) or working towards; or membership of the Chartered Quality Institute (MCQI) or equivalent
• ISO 22301 Internal Auditor qualification
• Fundamentals of Risk Management (IRM) certificate or equivalent
• Certificate of the Business Continuity Institute (CBCI) or equivalent
• Experience in a defence, security or MOD trading fund environment, including familiarity with central government governance and accountability frameworks
• Experience working with or presenting to Audit and Risk Assurance Committees (ARACs) or equivalent governance bodies
• Working knowledge of ISO 9001, ISO 14001 and/or ISO 45001