SEC Looking for Chief Risk Officer

Audit and risk professionals with a yearning for public service at a good salary, you have a new option: the Securities and Exchange Commission is looking for its first-ever chief risk officer.

The agency posted the job this week. Salary is $185,000 to $245,000, which is on par with what CROs earn in the private sector, according to But no reimbursement for relocation expenses, and you do need to work in the most toxic city outside a Superfund site.

Also important: this job does not require Senate confirmation, so you don’t need to worry about those nude selfies you can’t get off your iCloud account.

Alas, compliance officers, you may want to pass on this one. The job is more about connecting risk tolerances in an ERM framework to the SEC’s internal controls. This is part of a larger effort in the federal bureaucracy to improve risk management within government agencies—a superb idea, that the private sector should be pursuing too. But the role is much less about “ethics and compliance” in the usual sense of the term, and the SEC has a chief compliance officer already anyway.

The duties include…

  • Develop, implement, and oversee the enterprise risk management program; including the processes for identifying, assessing, prioritizing, mitigating, monitoring, and reporting on key risks that could impair the agency’s ability to achieve its mission or goals.
  • Collaborate with division and office leadership to promote effective governance of significant enterprise risks that span multiple divisions and offices, and serve as partner to ensure other key risks are locally identified and owned; and risk measurement, mitigation, and monitoring tools are effectively deployed.
  • Advise and inform the COO, chairman, the agency’s senior executive enterprise risk committee, and other agency leaders on risk management matters, and promote the consideration of risk management factors in budgetary, operational, and strategic decision-making.
  • Oversee the assessment of internal controls by divisions and offices required by the Federal Managers Financial Integrity Act and OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Controls.

That last point about Circular A-123 is what’s driving this new role, I suspect. For many years A-123 was the federal government’s counterpart to Section 404 of the Sarbanes-Oxley Act, spelling out how agencies should manage internal control over financial reporting.

Starting last year, however, the Office of Management and Budget expanded Circular A-123 to include enterprise risk management.

That new guidance said all federal agencies must either establish a Risk Management Council, with the agency’s chief operating officer as chairman; or name some chief risk officer who will lead the ERM program. Agencies had to develop their implementation approach as soon as possible, finish their first risk profile by June 2017, and integrate their ERM program into management’s annual evaluation of internal control by Sept. 15, 2017—that is, by the end of fiscal 2017. ERM and internal control should be reviewed annually after that. (Incidentally, the SEC just passed its annual audit with high marks.)

This chief risk officer role fits that profile. The CRO even answers to the Securities and Exchange Commission’s chief operating officer, Kenneth Johnson—who actually is the SEC’s chief financial officer, pulling double duty as acting COO, too.

Deadline to apply is Dec. 1. If you get the job, leak me some news.

Leave a Comment

You must be logged in to post a comment.