Chief Risk Officer

Job Description – Chief Risk Officer (CRO)

Location: Turkey (Global role; remote-friendly)

Role Level: Executive Leadership – Direct Board Committee Interface

About the Company:

Our client is one global leading international Group with diversified businesses operating across multiple geographies.

Role Purpose

The Chief Risk Officer leads the independent Enterprise Risk function as the second line of defense. The CRO is responsible for designing, implementing, and sustaining a unified Enterprise Risk Management (ERM) framework, ensuring effective risk governance, business resilience, and organizational preparedness across all global operations. This role provides strategic risk insight to the Board, senior leadership, and executive teams, enabling informed decision-making aligned with the organization’s risk appetite.

Key Accountabilities

1. Enterprise Risk Management (ERM) Framework

Accountability:

Design, implement, and maintain a single, integrated ERM framework across all Sectors, SBUs, and Corporate Functions to enable risk-intelligent strategic and operational decisions.

Key Activities:

• Develop and enforce the enterprise-wide Risk Management Policy, processes, tools, and methodologies aligned with ISO 31000 and COSO ERM.
• Maintain a unified risk taxonomy (shared with Compliance and Audit).
• Oversee risk assessments for strategic plans, new investments, capital projects, and M&A.
• Produce enterprise risk heat maps, dashboards, and Board-level reports.

KPI (Qualitative):

Consistency of risk assessments, quality of Board risk insights, and adoption of the ERM framework across Sectors/SBUs.

2. Business Continuity Management (BCM) & Crisis Management

Accountability:

Ensure the organization is capable of responding to and recovering from disruptions through well-defined business continuity and crisis management frameworks.

Key Activities:

• Establish and implement the enterprise BCM and Resilience Framework.
• Conduct Business Impact Analyses, continuity planning, and periodic BCM testing (e.g., tabletop, simulation).
• Lead the enterprise Crisis Management Team during actual disruptive events.
• Ensure rapid restoration of operations and post-incident reviews.

KPI (Qualitative):

State of BCM readiness, effectiveness of crisis response, and closure of resilience gaps.

3. Risk Culture & Maturity Assessment

Accountability:

Embed a strong, proactive risk culture and elevate the maturity of risk management practices across global operations.

Key Activities:

• Conduct annual governance, risk, compliance, and BCM maturity assessments for all SBUs.
• Drive action plans to uplift maturity levels and risk capability.
• Deliver risk awareness training and promote risk-intelligent decision-making.
• Advocate for transparency, accountability, and continuous improvement.

KPI (Qualitative):

Risk culture adoption, maturity rating improvements, and leadership engagement.

4. Integration with Compliance & Audit

Accountability:

Ensure seamless risk data integration and aligned enterprise risk views, while preserving the independence of Compliance (2LOD) and Internal Audit (3LOD).

Key Activities:

• Align on unified risk taxonomy, risk registers, and enterprise-wide risk reporting.
• Coordinate on joint risk assessments (e.g., compliance risk input into ERM).
• Provide risk insights to Internal Audit’s audit planning cycle.
• Maintain strict independence: CRO does not own compliance policies or audit assurance.

KPI (Qualitative):

Accuracy and alignment of enterprise risk reporting, efficiency of cross-functional collaboration.

5. Qualification & Experience

Education

• Bachelor’s degree in Business, Finance, Economics, Risk Management, or related field.
• Master’s degree (MBA, MSc in Risk Management) strongly preferred.

Experience

• Extensive risk management experience in multinational organizations, including
• 5+ years in a Group or Regional CRO or equivalent leadership role with Board committee reporting.
• Proven success designing and operationalizing ERM frameworks across diverse geographies and business lines.
• Demonstrated experience in risk appetite design, enterprise-level stress testing, and Board-level risk reporting.
• Strong background in Business Continuity, Crisis Management, and Operational Resilience.
• Experience in regulated sectors (e.g., financial services, automotive, mobility, industrial) and high-risk jurisdictions.

Certifications / Languages

• CRMA, FRM, IRM Diploma, or equivalent risk qualification.
• English: Fluent (business professional).

Technical & Behavioral Competencies

Enterprise Risk Management (ERM)

Deep expertise in ISO 31000, COSO ERM, and integrated risk frameworks, including risk taxonomy design and risk scoring methodologies.

Risk Appetite & Stress Testing

Strong capability in developing risk appetite metrics and executing stress testing and scenario analyses.

Business Continuity & Crisis Management

Mastery of ISO 22301, BIA, continuity planning, and crisis leadership.

Risk Technology & Data Analytics

Proficiency with ERM platforms (e.g., CAMMS, Risk Connect, Archer) and real-time risk analytics.