Director of Enterprise Risk Management
Career GuideKey Responsibilities
- Build and lead the enterprise risk management framework and annual risk plan
- Facilitate risk assessments with business leaders and consolidate results into a clear risk profile
- Define risk appetite and risk limits with executive leadership
- Create and maintain a risk register and risk reporting for senior leadership and the board
- Design and track risk treatment plans with accountable owners and due dates
- Monitor emerging risks such as cyber threats, regulatory changes, and third-party issues
- Coordinate scenario planning and stress testing for critical risks
- Strengthen risk governance through policies, standards, and committee routines
- Review new initiatives for risk impact and control readiness
- Partner with internal audit, compliance, legal, finance, and security teams to align oversight activities
- Improve key risk indicators and early warning metrics
- Lead risk culture efforts through training, communications, and practical tools
Top Skills for Success
Stakeholder Management
Executive Communication
Strategic Thinking
Program Management
Influence Without Authority
Risk Assessment
Risk Appetite Setting
Risk Reporting
Risk Governance
Key Risk Indicator Design
Control Design
Regulatory Awareness
Cyber Risk Fundamentals
Third-party Risk Management
Business Continuity Planning
Career Progression
Can Lead To
Chief Risk Officer
VP of Risk Management
Head of Enterprise Risk Management
Head of Governance Risk and Compliance
Chief Compliance Officer
Chief Audit Executive
Transition Opportunities
Operational Risk Director
Cyber Risk Director
Third-party Risk Director
Business Continuity Director
Internal Audit Director
Compliance Director
Security Risk Leader
Common Skill Gaps
Often Missing Skills
Board-level StorytellingQuantitative Risk ModelingCyber Risk TranslationThird-party Contract Risk ReviewScenario AnalysisKey Risk Indicator CalibrationRisk Technology ToolingChange Management
Development SuggestionsStrengthen board-ready communication by practicing concise risk narratives and clear visuals. Build quantitative skills through scenario analysis and simple models tied to business outcomes. Partner with security, procurement, and legal teams to learn how cyber and vendor risks show up in real contracts and operating processes. Standardize metrics and thresholds so risk indicators are actionable, not just informative.
Salary & Demand
Median Salary Range
Entry LevelUSD 140,000 to 180,000
Mid LevelUSD 180,000 to 240,000
Senior LevelUSD 240,000 to 320,000
Growth Trend
Demand is steady to growing, driven by cybersecurity risk, third-party risk, regulatory scrutiny, and board expectations for stronger risk reporting. Hiring is strongest in financial services, healthcare, energy, technology, and large consumer brands.Companies Hiring
Major Employers
JPMorgan ChaseBank of AmericaWells FargoCitigroupGoldman SachsMorgan StanleyCapital OneAmerican ExpressUnitedHealth GroupCVS HealthKaiser PermanenteAnthem Blue CrossAmazonMicrosoftGoogleAppleMetaWalmartTargetHome DepotExxonMobilChevronShellBoeingLockheed MartinRaytheonAT&TVerizonComcast
Industry Sectors
BankingInsuranceAsset ManagementHealthcarePharmaceuticalsTechnologyRetailManufacturingEnergyTelecommunicationsTransportationGovernment Contractors
Recommended Next Steps
1
Audit the current risk program and document the top gaps in governance, assessment cadence, and reporting2
Create a one-page enterprise risk profile that links top risks to strategy and measurable indicators3
Build a 90-day plan to refresh the risk register, define owners, and set review routines4
Standardize risk scoring and write simple guidance so teams apply it consistently5
Launch a key risk indicator set for the top five to ten risks with clear thresholds and escalation rules6
Run two scenario planning workshops focused on the most disruptive risks7
Align with internal audit and compliance on a shared view of controls and testing coverage8
Develop a board-ready risk report template with clear decisions and next actions