What do you consider a “hot” job? For seven out of 10, it’s a career in technology, specifically in engineering or DevOps. However, there’s one job that’s often overlooked: the risk manager. Back in 2017, risk management ranked second in a list of the top 100 jobs in America. In a more recent article, Bloomberg writes that this will soon become a “hot job” as a result of the global health crisis and the transition organizations are making into their next normal.
While risk practitioners aren’t known for making news headlines or getting featured in Inc. Magazine, this industry will soon be in high demand. Let’s unpack the hero’s journey for the risk manager, from an uncelebrated contributor to the gladiator that will help businesses thrive in the future.
Relegated and Siloed
Risk management is traditionally a siloed department, kept away from business operations and reporting into legal or finance. Practitioners rely on an array of skills and tools to handle the complex risk challenges large organizations face. Too often, though, they’re asked to manage situations or crises that started because of someone else’s lack of knowledge of the risk involved in a business decision. That’s why risk managers are tasked with assessing risk and determining what controls are needed to mitigate adverse outcomes. Practitioners are often focused on “calculating how much insurance the business should purchase,” according to Michael DeLoach, Executive Director, RSA Risk Transformation Office.
That said, the nature of risk management is changing. According to McKinsey, “the next ten years in risk management will be subject to more transformation than the last decade.” This is a result of the digital evolution many organizations are undergoing. With that change, will come new risks that threaten business success.
Risk as a Reputation Issue
Prior to January 2020, executive leaders recognized risk as a potential threat to business reputation. For nearly 90 percent of leaders, reputation risk was a focus because it was cited as a “key business challenge.” Often, the triggers for this risk included cybersecurity or regulatory compliance – issues that could explode into national news if not managed adequately.
There was also growing acknowledgement by well-resourced organizations that their investment in digital transformation could be exposing them to potential digital risks. In fact, most risk and security leaders believe their organization’s risk profile is expanding, somewhat or significantly, over the next two years, according to the RSA Global Digital Risk Report.
However, for most global organizations, it is not one particular risk keeping business leaders up at night. In fact, it’s a range of threats - cyberattack, regulatory, third-party, cloud security, automation, dynamic workforce - that has changed the risk calculation.
This was the state of risk management before the global health crisis upended the business landscape.
Risk Management in the Next Normal
Today, every organization is piloting into a world they have yet to experience. With that, comes a breadth of uncertainty. Will more employees work from home indefinitely? Will more automation be needed? These questions, among others, linger overhead and carry new unknown risks.
Michael DeLoach believes risk managers’ “unique expertise” will be needed more than ever in the future to “ensure the risk strategy is being followed.”
For risk managers, this next normal will open the door for them to have more strategic conversations about digital risk management with the C-Suite. According to Mark Hofberg, Executive Director, RSA Risk Transformation Office, all risk leaders will soon be “thrust into the front seat of strategic planning.” They’ll be asked to help the organization make sense of the potential business impact of various risk challenges and how to navigate the future landscape. Hence, solutions like cyber risk quantification will be essential to help facilitate these hard conversations.
In the months and years ahead, the role of the risk manager will change forever. Expect these folks to “have a seat at the table,” says Christopher Patteson, Executive Director, RSA Risk Transformation Office. As the risk landscape expands, the need for more risk practitioners will grow too. They’ll also turn to tools to help them manage risk in an integrated way, providing the business a wide-ranging view of the digital risk challenges and the threats they face.