Chief Risk Officer (CRO)

Chief Risk Officer (CRO) — Job Description

Summary
The Chief Risk Officer (CRO) leads enterprise risk management, ensuring the organization identifies, assesses, monitors, and mitigates financial, operational, strategic, regulatory, and reputational risks to meet business objectives and protect stakeholder value.

Key responsibilities

• Enterprise risk strategy: Develop, maintain, and execute a comprehensive enterprise risk management (ERM) framework aligned with business strategy and risk appetite.
• Risk identification & assessment: Lead ongoing identification, quantification, and prioritization of material risks across business units, products, geographies, and third parties.
• Risk appetite & limits: Define and operationalize risk appetite, setting limits, thresholds, and escalation rules; ensure board and senior leadership understand risk exposures.
• Stress testing & scenario analysis: Oversee design and execution of stress tests, reverse stress tests, and scenario analyses to assess resilience under adverse conditions.
• Risk policies & governance: Establish and maintain risk policies, standards, methodologies, and governance (committees, reporting cadence, roles & responsibilities).
• Regulatory compliance & reporting: Ensure compliance with applicable risk-related regulations and reporting requirements; coordinate with regulators and external auditors as needed.
• Risk monitoring & reporting: Deliver timely, accurate risk reporting and dashboards to the board, audit/risk committees, and executive team, highlighting key exposures, trends, and remediation plans.
• Capital & liquidity management (if applicable): Advise on capital adequacy, liquidity risk, and contingency funding plans.
• Operational risk & control assurance: Ensure robust control environment, incident management, root-cause analysis, and remediation tracking for operational losses and near-misses.
• Credit/market risk oversight (if applicable): Oversee credit, market, and trading risk models, limits, and model validation processes.
• Third-party & concentration risk: Manage vendor risk assessment, monitoring, and mitigation for critical suppliers and counterparties.
• Data & analytics: Promote use of quantitative analytics, risk models, data governance, and risk tech to improve risk measurement and reporting.
• Culture & training: Champion risk-aware decision-making across the organization through training, communication, and embedding risk considerations in performance management.
• Team leadership: Build, mentor, and lead the risk organization; recruit and retain talent and set clear objectives and KPIs.
• Cross-functional collaboration: Partner with finance, legal, compliance, internal audit, operations, IT/security, business lines, and strategy teams on integrated risk management.

Qualifications

• Education: Bachelor’s degree in finance, economics, business, risk management, mathematics, engineering, or related field; advanced degree (MBA, MSc, or equivalent) or relevant professional qualification (FRM, CFA, PRM) preferred.
• Experience: 12+ years in risk management or related functions with progressive leadership responsibility; prior CRO or head-of-risk experience strongly preferred, especially in similar industry (banking, insurance, fintech, asset management, corporate).
• Technical skills: Deep expertise in ERM, credit/market/operational risk, stress testing, scenario analysis, capital adequacy, regulatory frameworks (Basel, IFRS 9/17, Solvency II, or industry-specific regs), and risk modeling.
• Analytical ability: Strong quantitative and qualitative analytical skills, comfort with statistical models and risk analytics tools.
• Communication: Clear, concise reporting and presentation skills for board and executive audiences; strong stakeholder management.
• Leadership: Demonstrated ability to influence senior leaders and drive cultural change; experience building high-performing teams.
• Integrity & judgement: High ethical standards, independent thought, and sound decision-making under uncertainty.

Performance metrics / KPIs (examples)

• Timeliness and quality of risk reports to board/executive committee.
• Adherence to risk appetite and limits (number of breaches, severity).
• Reduction in operational losses and incident recurrence rates.
• Effectiveness of remediation plans (closure rate and time-to-close).
• Regulatory/compliance findings and corrective actions.
• Accuracy and coverage of risk models and scenario analyses.
• Employee engagement and retention within the risk function.

Working conditions & travel

• Office-based with variable travel (domestic/international) for board/ regulator meetings or business unit engagement as required.

Equal opportunity statement (brief)

• Employer is an equal opportunity employer; commitment to diversity, equity, and inclusion.

Tailoring tips (if you want a version targeted to a specific industry or company size)

• Indicate industry (banking, insurance, fintech, corporate, energy) to emphasize relevant regulatory frameworks, risk types, and technical skills.
• For early-stage or fintech, emphasize hands-on risk-build, product risk, and vendor/third-party risk.
• For large regulated banks/insurers, emphasize capital, liquidity, model risk, and regulatory engagement.

Job Types: Full-time, Permanent

Pay: QAR290.60 - QAR435.81 per hour

Work Location: In person