Role overview
JOIN OUR AWARD WINNING TEAM!
Location: Hybrid, with 2 days per week
Salary: Competitive + Car Allowance
Working Hours: Between the hours of 8:00 to 17:00 (7 hour days), Monday to Friday.
Benefits: Car Allowance, Private Healthcare, 25 days holidays + Bank holidays, Health Cash Plan, Discount Shopping, Gym, Days Out, Learning & Development opportunities, Paid Volunteering Days, plus many more.
About EMCOR UK:
At EMCOR UK, we revolutionise facilities management by combining our engineering heritage and innovation capability. We prioritise people in everything we do, collaborating closely with our customers to understand all their needs, from the big picture to day-to-day operations. Our purpose is to “create a better world at work”. Using our unique insight platform, "One Data World," we harness data-driven intelligence to make informed decisions, adapting our services to meet our customers’ evolving requirements. This allows us to cultivate an enhanced workplace experience for their teams whilst optimising efficiency, meticulously managing every asset, and minimising their impact on the planet. All supported by our commitment to safety, compliance, and assurance. Our partnering approach empowers our customers to shape a better future. Whether guiding their path to net zero or redeveloping their facilities for enhanced efficiency, we create better places for work whilst taking away the burden of facility operations, freeing up our customers to concentrate on their business.
Role Overview: The Risk Assurance & Business Continuity Planning (BCP) Manager is responsible for overseeing the implementation and continuous improvement of the organisation’s enterprise risk management framework. This includes managing and maintaining risk registers, facilitating risk assessments, and ensuring that effective controls and mitigation plans are in place. The role provides independent assurance that risks are being appropriately identified, assessed, and managed across the business. Additionally, the manager leads the development, maintenance, and testing of business continuity and crisis response plans, ensuring organisational readiness and resilience in the face of disruptions. By embedding strong risk and continuity practices, the role supports informed decision-making, regulatory compliance, and strategic risk mitigation.
Risk management
1. Accelerate and continually improve the organisations enterprise risk management framework aligned to ISO 31000.
2. Manage and maintain comprehensive risk registers reflecting the identification, analysis, evaluation and treatment of risks.
3. Ensure the development and maintenance of operational risk registers with appropriate escalation and de-escalation of risk within the business.
4. Develop and facilitate risk training courses to ensure a comprehensive understanding and progression of organisational culture for risk management.
5. Co-ordinate development and monitoring of risk treatment plans to mitigate risk.
6. Collaborate with the Safety Operations team and other departments to align risk matrices within the organisation within the enterprise risk management system.
7. Provide an independent assurance that the risk management process conforms to ISO 31000 framework and organisational policies.
8. Conduct periodic reviews and validations, collaborating with internal audit and compliance teams to test risk controls and effectiveness.
9. Report risk exposure, treatment status and assurance findings to senior management, the risk review committee and the Executive Leadership Team (ELT).
10. Customer facing lead for key contracts, with resource from these accounts having a dotted line into the role.
Business Continuity Management
11. Lead the design, implementation, and continual improvement of the Business Continuity Management System (BCMS) in line with ISO 22301 requirements.
12. Maintain and recertify ISO 22301 and re-evaluate internal audit provision and delivery.
13. Conduct Business Impact Analyses (BIA) to identify critical business functions, resources, and recovery time objectives (RTOs).
14. Develop, maintain, and review business continuity plans (BCPs) ensuring alignment with organisational risk priorities and resilience goals.
15. Plan and coordinate regular BCP testing, exercises, and simulation drills to validate preparedness and identify improvement opportunities and effectiveness of plans.
16. Maintain incident response and crisis management plans to ensure effective response and recovery from disruptive events.
17. Proactive SME engagement in bid & mobilisation support (Risk & BCP).
18. Lead and continue to develop organisational resilience through engagement from departments to develop and implement business continuity plans.
19. Working closely with the IT team to connect the BCMS with the IT infrastructure and information security requirements (ISO 27001)
20. Collaborate with the SQP Team to develop and implement US Platform model to meet UK reporting requirements.
Stakeholder Engagement & Reporting
21. Collaborate with business units, IT, HR, and external partners to embed risk and continuity practices organisation wide.
22. Prepare and present clear, concise risk management and business continuity reports and dashboards for executive leadership, risk committees, and regulators.
23. Support compliance audits and regulatory inspections related to risk and continuity management.
Continuous Improvement & Training
24. Promote ongoing development of risk and business continuity awareness through tailored training programs and communications aligned with ISO 31000 and ISO 22301 standards.
25. Monitor industry best practices, regulatory changes, and emerging threats to proactively update risk and continuity frameworks.
26. Lead post-incident reviews and incorporate lessons learned into the risk and BCMS processes.
Accountabilities
27. Accountable for ensuring that the enterprise risk management framework is fully compliant with ISO 31000 principles and effectively integrated into organisational strategy.
28. Ownership of the business continuity management system aligned with ISO 22301, ensuring that business continuity plans are comprehensive, regularly tested, and up to date
29. Ensuring accurate maintenance of risk registers and BIA documentation, reflecting current risk exposures and continuity priorities.
30. Timely escalation and reporting of risk and continuity status, incidents, and assurance outcomes to senior management and governance bodies.
31. Driving compliance with applicable laws, regulations, and international standards for risk management and business continuity
About the role
Key Deliverables
32. ISO 31000-Aligned Risk Management Framework – Documented and implemented enterprise risk management framework with supporting policies and procedures. • Comprehensive and Updated Risk Registers – Reflecting risk assessments, controls, and treatment plans compliant with ISO 31000 methodology.
33. Risk Assurance and Monitoring Reports – Independent reviews, control testing results, and risk exposure reports.
34. ISO 22301-Compliant Business Continuity Plans – Detailed, tested, and approved BCPs for all critical business units and functions.
35. Business Impact Analysis (BIA) Reports – Identification of critical processes, dependencies, and recovery objectives.
36. BCP Test and Exercise Reports – Documentation of results, lessons learned, and corrective action plans.
37. Incident and Crisis Management Plans – Updated plans to manage disruptions and support swift recovery.
38. Training and Awareness Programs – Materials and records demonstrating risk and business continuity culture development.
39. Practical analytical and specific related IT experience
40. Membership with relevant professional body (IIRSM, BCI etc)
41. Minimum level 3 qualification in Risk Management, Business Continuity Management and/or similar risk assurance related topic
42. A comprehensive knowledge and understanding of aspects of safety, and risk management.
43. A comprehensive knowledge and understanding of BCM
44. A comprehensive knowledge of current safety issues legislation, management and standards
45. Ability to forensically interpret and provide authoritative advice and recommendations on risk assurance and incident investigation management issues
46. Knowledge of workplace risk assurance initiatives and how they add value to an organisation
47. Analysis and reporting, with the ability to structure analysis into meaningful supportive data to drive solution proposals. Extracting and effectively applying leading and lagging data to support the Safety and Health agendas.
48. Knowledge of occupational Health and Safety legislation and standards.
49. Experience in the development of risk-based policies strategies, management systems and controls that have been successful in improving general health and productivity.
50. Experience of informing businesses in good practice safety management based upon learning from experience through thorough incident investigation
Personal Specification
51. Ability to organise workload effectively for the purpose of meeting deadlines
52. Ability to demonstrate flexibility /versatility combined with initiative, drive and ability to meet deadlines
53. Strong interpersonal skills and the ability to deal with a wide variety of contacts
54. Ability to work autonomously and flexibly, responding to business needs
55. Exemplar analytical and interpretative skills
56. Investigative pedigree and strong report writing capabilities
At EMCOR UK, we embrace and celebrate diversity in all its forms.
We welcome applicants from all backgrounds and experiences, regardless of age, race, gender, sexual orientation, religion, disability, or any other characteristic that makes you unique. We believe that a diverse and inclusive workforce fosters creativity, innovation, and better problem-solving.
We encourage applications from all candidates and are committed to providing equal opportunities for employment and growth, supported by our inclusive policies and practices.
Join us in our endeavour to build a culture of mutual respect and equity, a place where every voice is heard, and every individual is championed.
Join us in building a better world at work.
EMCOR UK benefits
57. Industry leading maternity & paternity policies
58. Refer a friend scheme – worth £500 per referral
59. GEMS – Internal recognition scheme with vouchers for Amazon and retail/dining
60. Extensive learning & development opportunities, including opportunities for progression
61. Discount shopping, gym, mobile, family activities, insurance, dining experiences, car leasing and breakdown cover
62. Bike To Work Scheme
63. Health cash plan - Benefits covered include optical, physiotherapy and a health & wellbeing
64. Dental scheme
65. Access to health assessments
66. Employee Assistance Programme - Offering guidance and advice on Personal, Health, Legal and Financial queries