Location: Hybrid working with 5 days per fortnight in our Head Office (Leek, Staffordshire) and the remaining time remotely. Employment type: Full-time, permanent position. Salary: Competitive Working hours: 35 hours per week, worked flexibly. Reports to: Chief Risk Officer Direct Reports: Senior Enterprise Risk Manager The Organisation At Leek Building Society, we pride ourselves on being a force for good. We exist to help our communities grow, so they can do great things today and even better things tomorrow. Our colleagues are one of the communities we support. We’ve created an inclusive, engaging workplace where colleagues have the freedom to be themselves and grow their careers. We’re proud to be an award winning employer, accredited as a ‘Great Place to Work’ based on our latest colleague survey, with a continued focus on helping everyone reach their potential. Job Purpose & Scope The Head of Risk Oversight leads the Society’s risk and assurance frameworks, providing independent oversight of strategic, operational, and prudential risks and ensuring a consistent, proportionate, and effective approach to risk governance across all risk types. The role is responsible for maintaining the Enterprise Risk Management Framework (ERMF) and the overarching Assurance Framework, ensuring that governance, oversight, and assurance activity are well-coordinated and aligned to the Society’s purpose, strategy, and risk appetite. The role also acts as deputy to the Chief Risk Officer where appropriate. Duties and Key Responsibilities Risk Frameworks, Governance & Policies Lead and continuously enhance the Enterprise Risk Management Framework (ERMF), ensuring it is proportionate and embedded across the Society. Lead the Society’s risk governance and policy framework, ensuring coherent ownership, approval, and maintenance. Maintain oversight of the Risk Appetite Framework, aligned to strategy and Board-approved limits. Ensure frameworks and policies align with PRA/FCA expectations, best practice, and strategic objectives. Drive consistency in risk assessment, control evaluation, and reporting across all risk categories. Support the CRO in maintaining strong governance, clear escalation, and line of sight from Board to business. Provide leadership in the discharge of the Chief Risk Officer’s Data Protection Officer responsibilities. Oversee Board and Committee risk reporting, ensuring clarity, insight, and forward-looking commentary. Prudential Risk Oversight Lead second-line oversight of capital, liquidity, and funding risks (ICAAP, ILAAP, RRP, Solvent Exit). Provide independent challenge on stress testing, capital adequacy, and liquidity management. Ensure prudential insight informs strategic and financial planning. Operational Risk & Resilience Oversight Oversee the Operational Risk Framework (RCSAs, incidents, KRIs, lessons learned). Provide independent oversight of operational resilience (critical services, tolerances, testing). Challenge first-line management of technology, cyber, third-party, data, people, and model risk. Support CRO in integrating data protection oversight into risk frameworks. Strategy, Change & Transformation Oversight Lead second-line oversight of strategy, change, and transformation programmes. Challenge key business cases, plans, and delivery assurance. Provide thematic insight on cumulative change risk. Integrated Assurance & Third-L ine Collaboration Lead the Integrated Assurance Framework across the three lines of defence. Acts as the focal point for managing the Society’s relationship with Internal Audit, supporting alignment of assurance and strengthening Board confidence. Enterprise Oversight & Insight Coordinate enterprise risk aggregation, horizon scanning, and emerging risk oversight. Provide clear, data-driven risk insight to CRO, Executive Risk Committee, and Board Risk Committee. Leadership & Culture Lead and develop the Risk Oversight team and foster strong collaboration. Promote constructive challenge across lines. Conduct Rules All employees and NEDs are expected to act in accordance with the PRA and FCA Conduct Rules You must act with integrity. You must act with due skill, care and diligence. You must be open and co-operative with the FCA, the PRA and other regulators. You must pay due regard to the interests of customers and treat them fairly. You must observe proper standards of market conduct. You must act to deliver good outcomes for retail customers. Financial Crime All employees and NEDs are expected to: Be aware of their personal legal obligations and the legal obligations of the Society in relation to Financial Crime Be aware of the Society’s Anti-Money Laundering systems and controls and follow the Society’s procedures Be alert for anything suspicious in respect of money laundering or fraud and report any suspicions in line with internal procedures Do not discuss any suspicions with anyone outside of the Society and do not ‘tip off’ a customer or prejudice an investigation Certification Regime Obligations This role has been deemed a Certification function as it is required to perform a Significant Harm Function or other regulatory function (“Regulated Activities”) for which the Society is required to certify the role holder with the Regulators as fit and proper. Person Specification Qualifications & Knowledge Essential Relevant professional risk qualification (e.g., IRM, FRM, PRMIA, ICA) desirable but not essential. Relevant regulatory, prudential, or operational resilience certification desirable Experience Significant second-line risk management or assurance experience within financial services, ideally within a building society, bank, or mutual. Working knowledge of prudential and financial resilience principles, including capital, liquidity, stress testing, and recovery planning. Proven ability to design and lead enterprise-wide frameworks, governance structures, and policy architectures. Experience in overseeing a range of non-financial risks, including operational, conduct, compliance, technology/cyber, third-party and data. Desirable Experience in risk oversight of change and transformation, including project assurance, oversight strategy, and portfolio risk aggregation. Experience overseeing operational resilience, including critical services, impact tolerances, and incident response. Skills & Abilities Proven ability to influence senior stakeholders, including ExCo, Board Committees, and external regulators. Strong leadership capability, with experience developing teams, fostering collaboration, and promoting constructive challenge. Experience operating within a Three Lines of Defence model, providing effective, independent second-line oversight and challenge. Excellent communication skills, with the ability to translate complex risk insight into clear, actionable guidance for senior decision-makers. What benefits are on offer: Competitive salary rates 35 hour working week (full-time) Contributory Stakeholder Pension Scheme Free health screening Minimum of 25 days paid holiday per annum plus bank and public holidays Parental Schemes Sick Pay guaranteed for 6 months for major illnesses Holiday purchase/sale scheme Life assurance of 4 times your annual salary Employee assistance programme Continuous development opportunities We’re open to discussing working flexibly Onsite gym available to employees If the above sounds like something you’d thrive at, we’d love to hear from you