Location: Hybrid working with 5 days per fortnight in our Head Office (Leek, Staffordshire) and the remaining time remotely.
Employment type:Full-time, permanent position.
Salary: Competitive
Working hours: 35 hours per week, worked flexibly.
Reports to: Chief Risk Officer
Direct Reports: Senior Enterprise Risk Manager
The Organisation
At Leek Building Society, we pride ourselves on being a force for good. We exist to help our communities grow, so they can do great things today - and even better things tomorrow.
Our colleagues are one of the communities we support. Weve created an inclusive and engaging hybrid workplace where colleagues have the freedom to be themselves and grow their careers.
As the winner of the SME People Management award at the 2025 CIPD People Management Awards, the 8th most Inspiring Workplace in the UK, and a Top 100 globally Inspiring Workplace, we're committed to maintaining our award-winning proposition while helping our colleagues reach their true potential.
Job Purpose & Scope
The Head of Risk Oversight leads the Societys risk and assurance frameworks, providing independent oversight of strategic, operational, and prudential risks and ensuring a consistent, proportionate, and effective approach to risk governance across all risk types.
The role is responsible for maintaining the Enterprise Risk Management Framework (ERMF) and the overarching Assurance Framework, ensuring that governance, oversight, and assurance activity are well-coordinated and aligned to the Societys purpose, strategy, and risk appetite.
The role also acts as deputy to the Chief Risk Officer where appropriate.
Duties and Key Responsibilities
Risk Frameworks, Governance & Policies
* Lead and continuously enhance the Enterprise Risk Management Framework (ERMF), ensuring it is proportionate and embedded across the Society.
* Lead the Societys risk governance and policy framework, ensuring coherent ownership, approval, and maintenance.
* Maintain oversight of the Risk Appetite Framework, aligned to strategy and Board-approved limits.
* Ensure frameworks and policies align with PRA/FCA expectations, best practice, and strategic objectives.
* Drive consistency in risk assessment, control evaluation, and reporting across all risk categories.
* Support the CRO in maintaining strong governance, clear escalation, and line of sight from Board to business.
* Provide leadership in the discharge of the Chief Risk Officers Data Protection Officer responsibilities.
* Oversee Board and Committee risk reporting, ensuring clarity, insight, and forward-looking commentary.
Prudential Risk Oversight
* Lead second-line oversight of capital, liquidity, and funding risks (ICAAP, ILAAP, RRP, Solvent Exit).
* Provide independent challenge on stress testing, capital adequacy, and liquidity management.
* Ensure prudential insight informs strategic and financial planning.
Operational Risk & Resilience Oversight
* Oversee the Operational Risk Framework (RCSAs, incidents, KRIs, lessons learned).
* Provide independent oversight of operational resilience (critical services, tolerances, testing).
* Challenge first-line management of technology, cyber, third-party, data, people, and model risk.
* Support CRO in integrating data protection oversight into risk frameworks.
Strategy, Change & Transformation Oversight
* Lead second-line oversight of strategy, change, and transformation programmes.
* Challenge key business cases, plans, and delivery assurance.
* Provide thematic insight on cumulative change risk.
Integrated Assurance & Third-L ine Collaboration
* Lead the Integrated Assurance Framework across the three lines of defence.
* Acts as the focal point for managing the Societys relationship with Internal Audit, supporting alignment of assurance and strengthening Board confidence.
Enterprise Oversight & Insight
* Coordinate enterprise risk aggregation, horizon scanning, and emerging risk oversight.
* Provide clear, data-driven risk insight to CRO, Executive Risk Committee, and Board Risk Committee.
Leadership & Culture
* Lead and develop the Risk Oversight team and foster strong collaboration.
* Promote constructive challenge across lines.
Conduct Rules
All employees and NEDs are expected to act in accordance with the PRA and FCA Conduct Rules
* You must act with integrity.
* You must act with due skill, care and diligence.
* You must be open and co-operative with the FCA, the PRA and other regulators.
* You must pay due regard to the interests of customers and treat them fairly.
* You must observe proper standards of market conduct.
* You must act to deliver good outcomes for retail customers.
Financial Crime
All employees and NEDs are expected to:
* Be aware of their personal legal obligations and the legal obligations of the Society in relation to Financial Crime
* Be aware of the Societys Anti-Money Laundering systems and controls and follow the Societys procedures
* Be alert for anything suspicious in respect of money laundering or fraud and report any suspicions in line with internal procedures
* Do not discuss any suspicions with anyone outside of the Society and do not tip off a customer or prejudice an investigation
Certification Regime Obligations
This role has been deemed a Certification function as it is required to perform a Significant Harm Function or other regulatory function (Regulated Activities) for which the Society is required to certify the role holder with the Regulators as fit and proper.
Person Specification
Qualifications & Knowledge
Essential
* Relevant professional risk qualification (e.g., IRM, FRM, PRMIA, ICA) desirable but not essential.
* Relevant regulatory, prudential, or operational resilience certification desirable
Experience
* Significant second-line risk management or assurance experience within financial services, ideally within a building society, bank, or mutual.
* Working knowledge of prudential and financial resilience principles, including capital, liquidity, stress testing, and recovery planning.
* Proven ability to design and lead enterprise-wide frameworks, governance structures, and policy architectures.
* Experience in overseeing a range of non-financial risks, including operational, conduct, compliance, technology/cyber, third-party and data.
Desirable
* Experience in risk oversight of change and transformation, including project assurance, oversight strategy, and portfolio risk aggregation.
* Experience overseeing operational resilience, including critical services, impact tolerances, and incident response.
Skills & Abilities
* Proven ability to influence senior stakeholders, including ExCo, Board Committees, and external regulators.
* Strong leadership capability, with experience developing teams, fostering collaboration, and promoting constructive challenge.
* Experience operating within a Three Lines of Defence model, providing effective, independent second-line oversight and challenge.
* Excellent communication skills, with the ability to translate complex risk insight into clear, actionable guidance for senior decision-makers.
What benefits are on offer:
* Competitive salary rates
* 35 hour working week (full-time)
* Contributory Stakeholder Pension Scheme
* Free health screening
* Minimum of 25 days paid holiday per annum plus bank and public holidays
* Parental Schemes
* Sick Pay guaranteed for 6 months for major illnesses
* Holiday purchase/sale scheme
* Life assurance of 4 times your annual salary
* Employee assistance programme
* Continuous development opportunities
* Were open to discussing working flexibly
* Onsite gym available to employees
If the above sounds like something youd thrive at, wed love to hear from you