Director of Enterprise Risk Management

Career Guide

A Director of Enterprise Risk Management leads an organization-wide program to identify, evaluate, and reduce risks that could disrupt strategy, operations, finances, technology, legal compliance, or reputation. The role partners with executives and business leaders to make risk-informed decisions and to strengthen resilience.

Browse All Roles

Key Responsibilities

Build and lead the enterprise risk management framework and annual risk plan
Facilitate risk assessments with business leaders and consolidate results into a clear risk profile
Define risk appetite and risk limits with executive leadership
Create and maintain a risk register and risk reporting for senior leadership and the board
Design and track risk treatment plans with accountable owners and due dates
Monitor emerging risks such as cyber threats, regulatory changes, and third-party issues
Coordinate scenario planning and stress testing for critical risks
Strengthen risk governance through policies, standards, and committee routines
Review new initiatives for risk impact and control readiness
Partner with internal audit, compliance, legal, finance, and security teams to align oversight activities
Improve key risk indicators and early warning metrics
Lead risk culture efforts through training, communications, and practical tools

Top Skills for Success

Stakeholder Management

Executive Communication

Strategic Thinking

Program Management

Influence Without Authority

Risk Assessment

Risk Appetite Setting

Risk Reporting

Risk Governance

Key Risk Indicator Design

Control Design

Regulatory Awareness

Cyber Risk Fundamentals

Third-party Risk Management

Business Continuity Planning

Career Progression

Can Lead To

Chief Risk Officer

VP of Risk Management

Head of Enterprise Risk Management

Head of Governance Risk and Compliance

Chief Compliance Officer

Chief Audit Executive

Transition Opportunities

Operational Risk Director

Cyber Risk Director

Third-party Risk Director

Business Continuity Director

Internal Audit Director

Compliance Director

Security Risk Leader

Common Skill Gaps

Often Missing Skills

Board-level StorytellingQuantitative Risk ModelingCyber Risk TranslationThird-party Contract Risk ReviewScenario AnalysisKey Risk Indicator CalibrationRisk Technology ToolingChange Management

Development SuggestionsStrengthen board-ready communication by practicing concise risk narratives and clear visuals. Build quantitative skills through scenario analysis and simple models tied to business outcomes. Partner with security, procurement, and legal teams to learn how cyber and vendor risks show up in real contracts and operating processes. Standardize metrics and thresholds so risk indicators are actionable, not just informative.

Salary & Demand

Median Salary Range

Entry LevelUSD 140,000 to 180,000

Mid LevelUSD 180,000 to 240,000

Senior LevelUSD 240,000 to 320,000

Growth Trend

Demand is steady to growing, driven by cybersecurity risk, third-party risk, regulatory scrutiny, and board expectations for stronger risk reporting. Hiring is strongest in financial services, healthcare, energy, technology, and large consumer brands.

Companies Hiring

Major Employers

JPMorgan ChaseBank of AmericaWells FargoCitigroupGoldman SachsMorgan StanleyCapital OneAmerican ExpressUnitedHealth GroupCVS HealthKaiser PermanenteAnthem Blue CrossAmazonMicrosoftGoogleAppleMetaWalmartTargetHome DepotExxonMobilChevronShellBoeingLockheed MartinRaytheonAT&TVerizonComcast

Industry Sectors

BankingInsuranceAsset ManagementHealthcarePharmaceuticalsTechnologyRetailManufacturingEnergyTelecommunicationsTransportationGovernment Contractors

Recommended Next Steps

Audit the current risk program and document the top gaps in governance, assessment cadence, and reporting

Create a one-page enterprise risk profile that links top risks to strategy and measurable indicators

Build a 90-day plan to refresh the risk register, define owners, and set review routines

Standardize risk scoring and write simple guidance so teams apply it consistently

Launch a key risk indicator set for the top five to ten risks with clear thresholds and escalation rules

Run two scenario planning workshops focused on the most disruptive risks

Align with internal audit and compliance on a shared view of controls and testing coverage

Develop a board-ready risk report template with clear decisions and next actions