Defence - Cost Engineer/Risk Manager (SC Cleared) - Outside IR35 - UK in Andover

We are seeking a senior Risk Manager to lead programme-wide risk and opportunity management, ensuring alignment with HM Treasury Orange Book principles and MOD governance frameworks. This role goes beyond traditional risk reporting - positioning the Risk Manager as a trusted advisor to Senior Responsible Owners (SROs), Programme Boards, and assurance bodies, enabling risk-informed decision-making, shaping strategic trade-offs, and ensuring both threats and opportunities are actively managed to protect and enhance Defence capability outcomes.

Key Responsibilities

• Risk Management Strategy & Planning: Develop, implement, and continuously refine the Programme Risk Management Strategy and Risk Management Plan, aligned to NAD, MOD, and HMG best practice. Define risk appetite, tolerance, thresholds, and escalation frameworks across project, programme, and portfolio levels. Ensure integration of risk management into overall programme governance, planning, and delivery life cycle.
• Threat & Opportunity (Upside Risk) Management: Lead proactive identification and management of both threats and opportunities, ensuring balanced consideration of risk and value. Embed opportunity management practices to maximise programme benefits and outcomes. Align risk and opportunity management with benefits realisation and Defence capability delivery, not just milestones.
• Risk-Informed Decision Making: Act as a trusted advisor to SROs and Programme Boards, providing clear analysis of risks, opportunities, and trade-offs. Present decision options with associated impacts on cost, schedule, performance, and operational outcomes. Support informed decision-making through evidence-based insights and scenario analysis.
• Schedule Threshold Management & Escalation: Define and manage risk thresholds and escalation triggers, including schedule, cost, and performance tolerances. Monitor delivery against thresholds and ensure timely escalation from project to programme and portfolio governance levels. Provide early warning of risks that may impact critical paths, approvals, or operational readiness.
• Tooling & Quantitative Risk Analysis: Lead the use of Active Risk Manager (ARM) and Predict! (or equivalent) to manage risk data, reporting, and analysis. Deliver quantitative risk analysis (QRA), including schedule and cost risk modelling where appropriate. Ensure data quality, consistency, and auditability across all risk artefacts.
• Commercial & Contractual Risk Integration: Integrate risk management with commercial strategies, supplier performance, and contractual frameworks. Identify and manage risks associated with multi-vendor delivery environments, including misaligned incentives and dependencies. Support commercial teams in embedding risk considerations into procurement and supplier management.
• Security, Accreditation & Cyber Risk: Lead management of security, accreditation, and cyber risks as core programme risk domains. Ensure alignment with Defence security policies, accreditation requirements, and cyber assurance processes. Provide visibility and escalation of risks impacting authority to operate and operational deployment.
• People, Skills & Clearance Risks: Identify and manage risks related to SC clearance constraints, key personnel dependencies, and skills shortages. Highlight risks associated with succession gaps and single points of failure across programme and supplier teams. Support workforce planning through proactive identification of people-related risks.
• Governance, Assurance & Independent Challenge: Maintain comprehensive and auditable risk registers and RAID logs across programme levels. Provide high-quality reporting to Programme Boards, SROs, and assurance bodies (eg, IPA, Cabinet Office). Exercise independent challenge, ensuring risks are accurately represented and not understated. Escalate material concerns without compromise, ensuring transparency and integrity in reporting.
• Stakeholder Engagement: Engage with senior stakeholders across NAD, MOD, suppliers, and wider HMG organisations. Facilitate risk workshops, reviews, and governance forums to ensure shared understanding and ownership of risk. Provide clear, concise communication tailored to both technical and non-technical audiences.
• Continuous Improvement & Risk Culture: Promote a proactive, transparent, and risk-aware culture across multidisciplinary teams. Drive continuous improvement in risk management practices, tools, and maturity. Capture and share lessons learned across programmes and portfolios.

Requirements

Essential: Proven experience as a Risk Manager within Defence, government, or large-scale regulated environments. Extensive experience supporting HMG Category A or Major Programmes, including approvals and assurance processes. Strong knowledge of HM Treasury Orange Book and risk management best practice. Demonstrated experience developing Risk Management Strategies and Plans. Hands-on experience with Active Risk Manager (ARM), Predict!, or equivalent tools. Experience delivering quantitative risk analysis (QRA), including schedule and/or cost modelling. Strong understanding of commercial, supplier, and multi-vendor risk environments. Experience managing security, accreditation, and cyber risks within Defence or similar contexts. Ability to influence senior stakeholders and provide independent challenge at Board level. Excellent analytical, communication, and reporting skills.

Desirable: Experience within NAD/Defence Digital, Land ISTAR, or digital transformation programmes. Knowledge of HM Treasury Green Book and business case development. Familiarity with Infrastructure and Projects Authority (IPA) and GMPP assurance processes. Professional certification in risk management (eg, APM Risk, MoR, PMI-RMP).