Job Description
We are seeking a senior Risk Manager to lead programme-wide risk and opportunity management, ensuring alignment with HM Treasury Orange Book principles and MOD governance frameworks.
This role goes beyond traditional risk reporting-positioning the Risk Manager as a trusted advisor to Senior Responsible Owners (SROs), Programme Boards, and assurance bodies, enabling risk-informed decision-making, shaping strategic trade-offs, and ensuring both threats and opportunities are actively managed to protect and enhance Defence capability outcomes.
Key Responsibilities
Risk Management Strategy & Planning:
* Develop, implement, and continuously refine the Programme Risk Management Strategy and Risk Management Plan, aligned to NAD, MOD, and HMG best practice.
* Define risk appetite, tolerance, thresholds, and escalation frameworks across project, programme, and portfolio levels.
* Ensure integration of risk management into overall programme governance, planning, and delivery life cycle.
Threat & Opportunity (Upside Risk) Management:
* Lead proactive identification and management of both threats and opportunities, ensuring balanced consideration of risk and value.
* Embed opportunity management practices to maximise programme benefits and outcomes.
* Align risk and opportunity management with benefits realisation and Defence capability delivery, not just milestones.
Risk-Informed Decision Making:
* Act as a trusted advisor to SROs and Programme Boards, providing clear analysis of risks, opportunities, and trade-offs.
* Present decision options with associated impacts on cost, schedule, performance, and operational outcomes.
* Support informed decision-making through evidence-based insights and scenario analysis.
Schedule Threshold Management & Escalation:
* Define and manage risk thresholds and escalation triggers, including schedule, cost, and performance tolerances.
* Monitor delivery against thresholds and ensure timely escalation from project to programme and portfolio governance levels.
* Provide early warning of risks that may impact critical paths, approvals, or operational readiness.
Tooling & Quantitative Risk Analysis:
* Lead the use of Active Risk Manager (ARM) and Predict! (or equivalent) to manage risk data, reporting, and analysis.
* Deliver quantitative risk analysis (QRA), including schedule and cost risk modelling where appropriate.
* Ensure data quality, consistency, and auditability across all risk artefacts.
Commercial & Contractual Risk Integration:
* Integrate risk management with commercial strategies, supplier performance, and contractual frameworks.
* Identify and manage risks associated with multi-vendor delivery environments, including misaligned incentives and dependencies.
* Support commercial teams in embedding risk considerations into procurement and supplier management.
Security, Accreditation & Cyber Risk:
* Lead management of security, accreditation, and cyber risks as core programme risk domains.
* Ensure alignment with Defence security policies, accreditation requirements, and cyber assurance processes.
* Provide visibility and escalation of risks impacting authority to operate and operational deployment.
People, Skills & Clearance Risks:
* Identify and manage risks related to SC clearance constraints, key personnel dependencies, and skills shortages.
* Highlight risks associated with succession gaps and single points of failure across programme and supplier teams.
* Support workforce planning through proactive identification of people-related risks.
Governance, Assurance & Independent Challenge:
* Maintain comprehensive and auditable risk registers and RAID logs across programme levels.
* Provide high-quality reporting to Programme Boards, SROs, and assurance bodies (eg, IPA, Cabinet Office).
* Exercise independent challenge, ensuring risks are accurately represented and not understated.
* Escalate material concerns without compromise, ensuring transparency and integrity in reporting.
Stakeholder Engagement:
* Engage with senior stakeholders across NAD, MOD, suppliers, and wider HMG organisations.
* Facilitate risk workshops, reviews, and governance forums to ensure shared understanding and ownership of risk.
* Provide clear, concise communication tailored to both technical and non-technical audiences.
Continuous Improvement & Risk Culture:
* Promote a proactive, transparent, and risk-aware culture across multidisciplinary teams.
* Drive continuous improvement in risk management practices, tools, and maturity.
* Capture and share lessons learned across programmes and portfolios.
Requirements
Essential:
* Proven experience as a Risk Manager within Defence, government, or large-scale regulated environments.
* Extensive experience supporting HMG Category A or Major Programmes, including approvals and assurance processes.
* Strong knowledge of HM Treasury Orange Book and risk management best practice.
* Demonstrated experience developing Risk Management Strategies and Plans.
* Hands-on experience with Active Risk Manager (ARM), Predict!, or equivalent tools.
* Experience delivering quantitative risk analysis (QRA), including schedule and/or cost modelling.
* Strong understanding of commercial, supplier, and multi-vendor risk environments.
* Experience managing security, accreditation, and cyber risks within Defence or similar contexts.
* Ability to influence senior stakeholders and provide independent challenge at Board level.
* Excellent analytical, communication, and reporting skills.
Desirable:
* Experience within NAD/Defence Digital, Land ISTAR, or digital transformation programmes.
* Knowledge of HM Treasury Green Book and business case development.
* Familiarity with Infrastructure and Projects Authority (IPA) and GMPP assurance processes.
* Professional certification in risk management (eg, APM Risk, MoR, PMI-RMP).