Chief Risk Officer (Nonprofit or NGO Sector)

Career Guide

Leads enterprise risk management for a nonprofit/NGO, identifying, assessing, and mitigating strategic, operational, financial, compliance, security, and reputational risks. Partners with executives and the board to set risk appetite, oversee controls, crisis readiness, and insurance, and ensure donor and regulatory compliance.

Key Responsibilities

Establish and maintain ERM framework and risk appetite
Lead organization-wide risk assessments and maintain risk register
Oversee compliance with 2 CFR 200, donor terms, and IRS filings
Design internal controls and policies; monitor and test effectiveness
Coordinate crisis management and business continuity planning
Direct insurance strategy, coverage selection, and claims
Report risk exposure to executive team and board/audit committee

Career Progression

Can Lead To

Chief Operating Officer (COO)

Chief Administrative Officer (CAO)

Chief Executive Officer (CEO)

Transition Opportunities

Chief Compliance Officer (CCO)

Chief Information Security Officer (CISO)

Head of Internal Audit

Common Skill Gaps

Often Missing Skills

ERM frameworks (ISO 31000/COSO) applied in nonprofit contextsDonor and federal grant compliance (2 CFR 200, USAID rules)Cybersecurity and data privacy risk oversightInternal controls, assurance, and audit liaisonSafeguarding and PSEA risk management for INGOs

Development SuggestionsComplete an ISO 31000 ERM course and pursue CRMA or CCEP; lead a pro bono risk assessment for a nonprofit to build a risk register, heat map, and incident response plan with IT/security.

Salary & Demand

Median Salary Range

Entry Level$110,000–$150,000

Mid Level$150,000–$200,000

Senior Level$200,000–$280,000

Growth Trend

growing — NGOs face rising donor, regulatory, and cyber risks; boards formalize ERM functions.

Companies Hiring

Major Employers

International Rescue Committee (IRC)Save the Children USAmerican Red Cross

Industry Sectors

Non-Profit & NGOsInternational Development & Humanitarian AidPhilanthropy & Foundations

Recommended Next Steps

Enroll in the Nonprofit Risk Management Center’s Risk Leadership Certificate or an ISO 31000 ERM course and build a sample risk register/heat map.

Earn a CRMA or CCEP within 6–12 months to validate ERM/compliance expertise.

Join a nonprofit’s audit/risk committee (as staff or volunteer) and lead a tabletop crisis exercise to demonstrate practical risk leadership.