Director of Enterprise Risk Management

Requisition ID:  171025-01

Location:  Washington D.C. Metro Area

US Citizenship Required: Yes

Clearance: TS Eligible

Travel:  30%


The Director of Enterprise Risk Management (ERM) oversees and participates in the design, development, implementation, assessment and maintenance of ERM programs, processes, functions and procedures, ensuring effective risk management and controls exist across our client engagements. This leadership role will assist our clients in building and sustaining an integrated ERM program including the identification, measurement, monitoring, reporting and mitigation of risks within a client’s risk tolerance and operational limits. The Director serves as a risk management consultant to a client’s internal lines of business, collaborating with business unit leaders to develop, implement, maintain and manage controls to minimize or mitigate the effects of risk on the client’s capital, assets, and operations and provides risk management training to managers and internal business partners.


Duties of the Director of Enterprise Risk Management include leading and facilitating the following for our clients, when applicable.

  • Provides a framework for risk management, identifying a broad spectrum of business risk and opportunities and assessing likelihood and magnitude of impact. Determines a response strategy, monitors progress and manages stakeholder expectations and adherence to risk management action plans.

  • Serves as the lead ERM architect developing analytical processes supporting risk measurement, compiling risk information across all risk types, and designing and delivering risk management reports.

  • Assists the client’s executives in ensuring completion of Risk Management Initiatives such as Risk Assessments, Threat Assessments, Control Assessments, and Business Impact Analyses.

  • Follows industry risk management best practices, methodologies, and frameworks to assist with the stand-up of an enterprise risk management office.

  • Leads the development of ERM compliance strategy including accountability for the ongoing maintenance of the risk policies, governance processes, ERM steering committee charters and escalation limits and thresholds.

  • Leads risk oversight activities and the effective review of the client’s ERM steering committee’s adherence to charter requirements.

  • Ensures appropriate integration of Enterprise, Operational and Capital risk management programs utilizing the COSO RMF (or similar) and, where applicable, SAS 70 or ISAE 3402 activities.

  • Evaluates the conceptual strength and operational effectiveness of internal controls and recommends measures to strengthen and improve IT, financial and operational controls to mitigate financial, legal or operational risk and impact to the client.

  • Ensures timely identification, assessment, measurement and monitoring of risks together with the creation of actionable mitigation plans.

  • Develops measures and metrics to inform business units of risk processes, policies and standards.

  • Monitors and reports on enterprise and business unit risks utilizing metrics and risk indicators.

  • Develops and delivers quarterly risk limits reports for the Client’s senior leadership and Boards of Directors.

  • Supports the client’s Chief Risk Officer and Risk Management Team in maintaining an open and effective working relationship with regulators, external auditors/consultants, senior management and the Board of Directors.

  • Engages with members of senior leadership on risk within their business units.

  • Trains senior and mid-level managers and subordinate staff regarding ERM, effective controls, best practices, Three Lines of Defense (3LD), etc.

  • Follows up to ensure risk avoidance practices are being followed.

Preferred Qualifications

The successful Director of Enterprise Risk Management will possess the preferred qualifications:

  • Bachelor’s Degree in accounting, finance, actuarial science, risk management, insurance, or related field of study and/or equivalent combination of training and experience.

  • ERM professional certifications (CRMA, CRMP, CRM, CERA) preferred.

  • CPA, CIA, or CISA designation, desired.

  • Six (6) years of progressively responsible experience in ERM, public accounting, audit or related role supporting multi-national organizations or clients.

  • Extensive experience with Excel, Word, Project, and PowerPoint. Visio or mind mapping tools helpful.

  • An understanding of the impact of threats to information security and global impact of cybersecurity is desired.

  • Demonstrated experience with projects in risk management, business, or strategic planning.

  • Knowledge of and experience with ERM best practices and internal controls. Possesses an intimate knowledge of internal business processes of multi-national operations.

  • Ability to research and implement ERM best practices utilizing standard frameworks such as COSO.

  • Excellent communication and presentation skills, both written and verbal at all levels of an organization and with external parties including agents, customers and regulators.

  • Demonstrated ability to work with others, build teams and be an influential, persuasive and decisive leader.

  • Strong organizational and analytical skills.

  • Effective change agent abilities including ability to lead change and manage projects.

  • Effective influence of the client’s culture to champion support, adoption and compliance to ERM best practices.

  • Ability to proactively identify the client's significant risks through surveys, assessments and/or discussions.

  • Ability to identify, develop and implement appropriate risk mitigation strategies, appetites and risk tolerances.

  • Ability to develop reports to assist in the identification and monitoring of current and emerging risks.

  • Ability to develop detailed business and strategic risk management plans, functional requirements and documentation and execute those plans.


Support the development of microservices framework that ingest and pre-process data, feeding an aggregation pipeline that de-duplicates and correlates data across multiple data sources. The framework leverages both relational and NoSQL data stores backing REST APIs used by a data-driven analysis and visualization interface.