The Modern Risk Professional – Boardroom Friend, Leader and All-Round People Person

As a recruitment consultant in the area of risk, specifically in financial services, this is my brief take for the modern-day risk professional on how to win friends and influence people… and build a successful career in the process.

When Dale Carnegie published his best-selling book in the 1930s, “How to Win Friends and Influence People,” the term “Risk Professional” had not been coined. 

Carnegie’s own view of risk was typical of business at that time and was the dominant view for many years. “Take a chance,” he said. “All life is a chance. The man who goes farthest is generally the one who is willing to do and dare.”

In those good, old/bad, old days, which prevailed until as recently as twenty years ago, the CRO’s role tended to be fulfilled by technically-minded actuary types. They reported to the CFO, and their role was seen, and viewed by them, as that of a quasi-accountant, primarily there to ensure a company’s financial health – no more, no less. The risk professional was frequently viewed negatively, as a necessary evil or even as a brake on inspirational ideas for company growth.

Well, those days have gone. 

Welcome to the world of the modern risk professional – at senior level, reporting to the board, a leader of people, with a requirement for significant business insight – and great communication skills - there to contribute to building company success and along with it, their own career.  

First, though, let’s stand back for a minute. Why are risk professionals now so crucial to the wellbeing of a company? Why have the demands of their role changed?

The answer can be summed up in one word: reputation. You can add to that, of course, regulation. But reputation is fundamental, in my view, and predates regulation.

The increase in global connectivity means that when a company or institution falls victim to a risk, the whole world knows – almost straight away. Whether it is KFC running out of chicken or Facebook, in effect, pimping out your personal data, when systems go wrong – or are misused – a company’s reputation, at best, can be severely dented or, at worst, be beyond repair. For financial services, the risk of reputational damage is particularly important because trust in the institution is core to the confidence of the public in that institution and, therefore, to profitability and growth. If you damage that trust, the outcome is potentially catastrophic. At the very least, it will take work to repair and will have considerable cost implications.

The sharp rise in publicity around issues of risk since the turn of the millennium – fuelled by the rise of the internet – has led to concerns about stalwart risk protection strategies becoming an issue at boardroom level. This concern has been further intensified, of course, by the rise in statutory regulation to protect us, the customer, against the effects of failed risk policies, a rise which is itself a reflection of the general mood of the public.   

How has this change in perception of the significance of risk on business health and strategy impacted on the role of the modern risk professional? How has the role changed? What are financial services and other regulated industries looking for in a risk professional?

In my job as a Financial Services Risk recruitment consultant, I talk to clients and potential candidates every day. Every day, clients tell me what they are looking for – and it’s a lot more than someone with good technical skills. My work has made me only too aware of the crucial importance, in today’s world, of leadership skills in the successful career progression of any senior risk professional. 

One of my clients explained it brilliantly when I was discussing the attributes of a good risk professional with him. He equated the situation to a top football team with an all-star squad looking to hire a new coach. They hire the world’s most recognised and respected coach…but he speaks a completely different language to everyone at the club and he knows nothing about the way the club works. It’s then a team with all the top talent in the world and a leader who can’t communicate with the players, a leader who can’t possibly understand his players’ motivations or explain his ideas and tactics because there’s no shared language and no mutual understanding of culture and mindset. 

A senior risk professional is like the coach. It is an excellent analogy. Why would the board-level executives want a risk leader who can’t communicate, who doesn’t know all levels and areas of the business and who talks a kind of technospeak, which is a foreign language to most people in the company. It doesn’t matter how technically skilled the CRO is, if they don’t know where the potential risks are in the business they are joining, if they can’t influence the stakeholders into upholding systems that protect against risk, and if they can’t explain to the non-risk literate stakeholders why embedding a specific framework matters, then from a strategic standpoint their usefulness becomes problematic. 

In this brave, new world then, what exactly are the requirements for a good risk professional? How can they win friends and influence people and achieve career and personal success? 

When interviewing for a more strategic role, what attributes do I seek to encourage a candidate to highlight beyond technical skills? What do I look for? What do I know the client wants? Some of those wider strengths I have already alluded to but here’s my list of some key strengths – outside the technical – which I think are important: 

Communication: When implementing a framework, your stakeholders are more likely to enact the changes that you are making to their processes if you explain why you are making them. Often, they are highly resistant because they have been working in a certain way for a long time and they haven’t seen any issue arise from it, so why change? It is your job to explain the potential risks, to bring potential scenarios alive to them so they can understand why the changes matter

Empathy: If you take the time to sympathise and understand the role of others, appreciate how risk is to them a minor facet of a stakeholder’s role, you’d be surprised at how effective that approach can be. Acknowledge the demands you are making of other people, relate to the difficulties it causes them in executing their roles, relate to their concerns

Personality: The image of risk is often, even today, that it is filled with boffins with few people skills. I know, from my own experience, that this is not the case, but your stakeholders often need to be convinced. They need to know that you are not just there to set up and implement systems but that you have a personality, you are fun and friendly. Humour works wonders.

Business Insight: You need to understand the business you are in, be flexible in your approach so that the technical safeguards you want to introduce (which may be the same between different organisations) take account of the particular product, division, culture of the organisation you are in or hoping to join.

Imagination: if you are interviewing, you need to convince the board that you know what technical systems will support a good risk strategy, but also how your approach can enhance the organisation’s general strategy for growth and sustainability The boardroom view of risk professionals is in the process of huge change. Their role is now being seen as less an impediment to growth and more a necessity which, handled well, will allow a company to grow as freely as possible, in short, to flourish. As a result, it more important than it has ever been that risk professionals appreciate how to work effectively inside an organisation. 

You need to be able to win friends and influence people. Get that right (at interview and in the role), and couple that with good technical skills, and your career can soar.

About the Author:

Durshan Mistry
Recruitment Consultant
Broadgate Search

Thank you to our sponsors, including:


Contact Us

Looking to further your career?

Become a Member

Sign Up for Mailing List