The Leaders in Risk Management & Compliance Executive Recruiting

Archive for the ‘Uncategorized’ Category

CyberSecurity – Risk or Compliance Issue?

Wednesday, August 30th, 2017

For the past 16 years, I have had the pleasure of watching the risk and compliance professions evolve, stumble, steady, and become a critical mainstream function in financial service firms, as well as multi-nationals and healthcare firms. We have had the great fortune to fill senior risk and compliance roles at top firms including BlackRock, Blue Mountain Capital, Fidelity, Bank of Montreal, Goldman Sachs, GE, Wells Fargo, BP, Protiviti, Blue Shield of California, and Duke Health. It seems to be no coincidence that Risk Talent Associates never received a request for risk or compliance search assistance from Enron, Lehman, Bear Stearns, and certainly not from Bernie Madoff.

What are the biggest risks facing our clients in 2017? Tough question, because particularly in healthcare, where the risks often can involve loss of life, there is a vast shortage of clinically trained risk professionals. But, even with that challenge, the single greatest risk facing firms, our markets, and our way of life is CyberSecurity. Our research shows that most of the Fortune 100 firms appear to be working diligently on this, but then it drops off significantly. The number of posted Chief of Information Security openings far exceed the supply.

Here is what our new SEC Chairman Jay Clayton said in a recent speech on July 12, 2017 at the Economic Club in NYC:

“Speaking more generally, cybersecurity is also an area where coordination is critical. Information sharing and coordination are essential for regulators to address potential cyber threats and respond to a major cyberattack, should one arise. The SEC is therefore working closely with fellow financial regulators to improve our ability to receive critical information and alerts and react to cyber threats…. As a final comment on enforcement, I want to go back to cybersecurity. Public companies have a clear obligation to disclose material information about cyber risks and cyber events. I expect them to take this requirement seriously. I also recognize that the cyber space has many bad actors, including nation states that have resources far beyond anything a single company can muster. Being a victim of a cyber penetration is not, in itself, an excuse. But, I think we need to be cautious about punishing responsible companies who nevertheless are victims of sophisticated cyber penetrations. Said another way, the SEC needs to have a broad perspective and bring proportionality to this area that affects not only investors, companies, and our markets, but our national security and our future.”

Basically, Clayton is saying CyberSecurity is a critical area, and that the SEC needs to support, rather than punish, companies who are diligently working to eliminate and minimize cybersecurity threats. As a board member, you realize that much of your role is ensuring that stakeholders are protected from risks, and that the firm is doing its best to understand and mitigate risks. Where does your firm stand on CyberSecurity? If you don’t know the answer to this, that, in itself, is a risk.

The answer to the question is – CyberSecurity is the most significant risk that most people, and businesses, face. Specifically, CyberSecurity is an operational risk, and until this function becomes more mainstream, and mature, the role should either report to the Chief Risk Officer or to someone else in the CSuite.

Regardless of the reporting structure, frankly, the challenge isn’t simply finding smart IT guys to build systems to outwit the hackers. Hackers, by their nature, will find ways around the systems, or will prey on the weaker systems. Sure, firms need the best and the brightest technical resources. But, the challenge is finding the right people who can can interface between the business and tech – to make sure that customers, employees and shareholders are protected. Even the largest financial services firms in the world are dealing with this same issue.

Do you have senior risk and business people, who are thinking strategically about CyberSecurity risk?

Risk Talent has partnered with leaders in the CyberSecurity consulting industry. If we can make a connection for you, feel free to reach out. And, due to the nature of this beast, our CyberSecurity recruitment services include a pre-search discussion between industry-leading CyberSecurity experts and your management team, to ensure that both the short term CyberSecurity strategy, as well as the search/hiring plan, makes sense.

Risk Management for Recruiters – Definition of key terms

Friday, August 15th, 2014

Risk Management for Recruiters

Definitions of Key Terms


Market Risk

Credit Risk

Operational Risk

Enterprise Risk



Risk Management for Recruiters

What is Risk Management

Risk Management is broad discipline both within as well as outside of financial services. In summary, risk management involves defining and addressing the risks that currently impact and/or could potentially impact a business. These risks can be addressed in many ways including insurance, hedging, processes, technology, and people.

The risk function in a firm typically reports up to a Chief Risk Officer, who reports to the CEO, but in many organizations the reporting structure differs. Risk can report to the CFO, to the General Counsel, and even directly to the Board of Directors. The most common structure has risk reporting up to someone in the organization, usually a CEO, and almost always outside of a revenue-generating role. For instance, risk reporting to sales or to trading or even to the Chief Investment Officer significantly reduces the efficacy and independence of the role.

These terms are being defined below for recruiters and human resource professionals. While the definitions are accurate, they are meant to assist the recruiters in doing their job in sourcing and evaluating risk talent and not for risk professionals. Risk professionals should seek more detailed descriptions which can be found at and


1)   market risk – the risk that pricing in sthe financial markets will move against your position. A simple example is United Airlines and the price of oil. The price of oil is a market risk to United Airlines. United has little to no control over the price of oil. When its price moves up and down, this can significantly impact the profitability and even the viability of United Airlines because they rely on jet fuel, an oil product, to run their business.

2)   Credit risk – the risk that your financial partner will be unable to pay you back at the time funds are due. An example would be JP Morgan creating a $50 million bank line of credit for Starbucks. Credit risk is the risk that when the note is due, Starbucks would lack either liquidity or collateral to pay back the line balance. Another example is called counterparty credit risk. That credit risk involves the risk that the financial trading partner, maybe a bank or a hedge fund, is unable to complete a financial transaction such as an interest rate swap, due again to lack of liquidity or lack of collateral.

3)   Operational risk – the risk that operations, involving people, processes and technology will adversely impact your firm. These risks include fraud, errors, technology glitches, reputation, regulatory, etc. It is somewhat of a catch-all for risks that are not market or credit risks. Basel I, II III are international banking regulations that require mostly banks to set aside capital for these risks. Calculating these measurements is important, as capital set aside to cover potential operational losses cannot be deployed for other, more profitable, pursuits.

4)   Enterprise risk – this is the combination and inter-relationship of the three primary risks above. Pulling it all together is important. A simple example would be that, as shown above, the price of oil, a market risk, can impact United Airlines ability to pay back a bank loan, a credit risk. Or, software systems and their potential trading errors, can impact reputational risk if clients rely on this software to run their businesses. Most firms, including healthcare and insurance firms, are taking a hard look at enterprise risk.

For more information, please contact me at

Risk Recruiting Training – Risk for Recruiters 101

Tuesday, July 29th, 2014

Risk Recruiting Training Series

Risk for Recruiters 101

Recruiting Exceptional Risk Management Candidates

Last week we discussed the characteristics of an exceptional risk manager. Traits include quantitative, communicative, market savvy, and strategic. But, how would a corporate recruiter, who is accustomed to recruiting a broad range of professionals, source and recruit these exceptional risk managers?

There is no magic wand to source risk management candidates. However, a disciplined and structured approach is required, if you expect to generate candidates who will be appreciated by your hiring manager. Follow these five steps:

1)   Ask the hiring manager to verbalize the job description by walking you through it in detail – approximately 15-30 minutes. Don’t be too shy to have your hiring manager explain key terms. Feel free to contact me at Risk Talent to discuss the search. This is a free service that we provide.

2)   Draft a search plan and share it with the hiring manager. The key component to a search plan is to determine – where are the likely candidates working now? Make a list of 10-20 companies, minimum. The search plan should include the several steps to successfully complete the search. More on search plans in a later post.

3)   Execute the search plan by first posting the job on websites such as , Linkedin, and Indeed. However, if you stop here, you will likely fail. This is one step to the process but it isn’t enough.

4)   Go to LinkedIn and search for contacts at the search plan target companies, as per #2 above. Search on company name and risk, or company name and other key words from the job title or job description. Connect with these people so that you have access to their networks. Plan to source at least five candidates through this process. At Risk Talent, our goal is to source 20 qualified candidates for each role, but five is a good place to start. Keep working this step until you have sourced five quality candidates.

5)   Manage the flow that comes in from your job postings, but do this only at the beginning of each day, for a total of one hour per day maximum. Make it a habit not to look at replies to job postings after 10am each day. They can wait until tomorrow.

6)   Interview the candidates. More on interviewing risk management candidates in a later post.

7)   Manage the hiring manager interview process. More on that in a later post.


Get started. There are quality risk candidates out there.   If you post a job online and wait for candidate flow, you will be disappointed. Feel free to contact me for advice on risk recruiting at

PRM or FRM – Risk Certification Programs – Is it worth the effort?

Thursday, July 24th, 2014

Over the years I have often times been asked by candidates if a PRM or FRM certification is required, or even appreciated by employers. For those of you who have completed these certifications, you know that the process is time consuming and challenging. In 13 years, with over 200 risk and compliance searches completed, I have never once been asked by a client to only recruit an individual with a PRM or an FRM designation. We are typically asked to make sure that a candidate has an MBA, or for more quantitative roles, clients typically want a Master’s degree or a PhD. But, never have we been asked to only source candidates with one of these certifications. That said, at Risk Talent Associates, we have found that individuals who are certified with a PRM or an FRM make themselves better risk management professionals and candidates, and they are more likely to be hired for a new role. The breadth and depth of these certifications provide a candidate with knowledge that often times helps them to better navigate their way through the interview process, as risk executives ask broad reaching interview questions. So, my advice to emerging risk professionals – get the certification, it will make you a better risk manager and also prepare you for the interview process when looking for a new role in risk.

Four components of an Exceptional Risk Manager

Monday, July 21st, 2014

Clients and newcomers to the field of risk management have often asked, “What makes a great risk manager?” In the 13 years that I have led Risk Talent Associates, the leading executive recruiting firm in risk management, I have found that exceptional risk managers have all four of the following traits:
1) Quantitative Skills – While some people are more quantitative than others, top risk managers understand the nuances of financial risk management and the metrics that are important. Not everyone has a PhD, but the best risk managers understand the models and the results at the detail level.
2) Market Savvy – Top Risk Managers need to know the financial markets, or their specific industry, such as healthcare. They need to know the nuances of their market including the products traded in financial services, or the key metrics in healthcare. In both cases, financial and healthcare, the risk manager must have intimate knowledge of the regulatory environment.
3) Strategic – Exceptional Risk Managers look forward. Internal Auditors look backward. Particularly in Enterprise Risk Management, the best risk managers need to be thinking about the risks impacting their firm today, as well as expected risks in the future.
4) Communicative – Exceptional risk managers can communicate key concepts and risks to varied constituencies. Communication with clients, board members, executives, regulators and others all must be handled professionally and delicately so that the risk issues are clearly understood.

Let’s talk about risk recruiting.

Risk Analytics – The Hottest Risk Management Skillset

Wednesday, March 27th, 2013

Risk Analytics Managers are in high demand in March, 2013 as financial services firms, including banks, hedge funds, asset managers, insurance companies, captive finance companies, GSE’s and regulators all look to upgrade talent in risk analytics – with particular emphasis on credit analytics.  At Risk Talent Associates,, we have seen steady increases in activity for this skill set.  Individuals with 10-15 years of experience are in the highest demand, because while Risk IT budgets continue to be tight, it appears that available resources are being allocated to this risk area and firms need individuals with experience, and who can manage a team,  on the risk side to lead these development efforts.  Why risk analytics in 2013?  Because financial firms are slowly but surely gearing up to take more risk, and they want to make sure to take smart risks.  Individuals with 10-15 years of experience are young enough to have renaissance skills, such as quantitative finance and programming, but they have also lived through the past couple of down cycles – valuable experience for new system build-outs.  For more information contact

Risk Hiring in 2013

Wednesday, January 9th, 2013

At Risk Talent Assoicates,, we are seeing a definite uptrend in recruiting activity in 2013. Client inquiries are up 40% already year to date, as compared to 2012. While we are only a week into 2013, the activity level seems to be at a four year high. My conversations with CRO’s seem to point to a slight uptick in headcount, but CRO’s are also saying that they are under business pressure to upgrade their risk organizations, so that if the economy picks up in 2013, they won’t be left with open positions and challenging recruiting. Please provide some insight on your thoughts for risk hiring in 2013.

Compensation is Up for Technology Risk Managers, Not Including Chief Risk Officers

Friday, April 15th, 2011

Risk Talent Associates, a risk management recruiting firm, stated in their 2010 Compensation Survey covering Technology & Software  that compensation for risk executives at all levels was up, except those with over 16 years of experience.  This year’s survey did not include Chief Risk Officers, a title that has been included in all past surveys. 

Our risk management recruiting surveys generally cover compensation for professionals from the Analyst/Associate level up through Chief Risk Officer.

Total Compensation, Salary and Bonus by Years of Experience (US Dollars)

Source: Risk Talent Associates Salary Survey 2010. All figures in US Dollars and rounded to nearest thousand.

Total Compensation, Salary and Bonus by Title (US Dollars)

Source: Risk Talent Associates Salary Survey 2010. All figures in US Dollars and rounded to nearest thousand.

Greater Risk Management Job Movement in Technology and Software

Monday, March 7th, 2011

Risk Talent Associates, in risk recruiting, stated in their 2010 Compensation Survey covering Technology & Software that 21% of survey respondents report changing jobs during the past two years, in contrast to 9% in last year’s survey.  The survey also found that it is likely that job movement for risk management jobs will continue to rebound since 29% of survey respondents predict they will change jobs in the next two years.

Our risk recruiting survey includes executives focused on credit, enterprise, market, and operational risk, as well as financial compliance.

Risk Recruiting 2010 Comp Survey – Technology & Software

Tuesday, February 22nd, 2011

Risk Talent Associates, in risk recruiting, who executes Chief Risk Officer recruiting and Director of Risk Management executive searches for leading financial services and consulting firms around the world, recently announced their findings for their 2010 Compensation Survey covering Technology & Software. 

Overall, total compensation has rebounded for risk management jobs in technology and software. The rebound is consistent with risk recruiting trends for risk managers in asset management and capital markets which are seeing a return to strong growth in compensation. Our risk recruiting survey includes executives focused on credit, enterprise, market, and operational risk, as well as financial compliance.

Full details can be found in Risk Talent’s 2010 Professional Compensation Survey covering Technology & Software.

  • You are currently browsing the archives for the Uncategorized category.