Head of Risk Oversight in Leek

Location: Hybrid working with 5 days per fortnight in our Head Office (Leek, Staffordshire) and the remaining time remotely.

Working hours: 35 hours per week, worked flexibly.

Reports to: Chief Risk Officer

The Organisation

At Leek Building Society, we pride ourselves on being a force for good. We exist to help our communities grow, so they can do great things today - and even better things tomorrow. Our colleagues are one of the communities we support. We have created an inclusive and engaging hybrid workplace where colleagues have the freedom to be themselves and grow their careers. As the winner of the SME People Management award at the 2025 CIPD People Management Awards, the 8th most Inspiring Workplace in the UK, and a Top 100 globally Inspiring Workplace, we are committed to maintaining our award-winning proposition while helping our colleagues reach their true potential.

Job Purpose & Scope

The Head of Risk Oversight leads the Society's risk and assurance frameworks, providing independent oversight of strategic, operational, and prudential risks and ensuring a consistent, proportionate, and effective approach to risk governance across all risk types. The role is responsible for maintaining the Enterprise Risk Management Framework (ERMF) and the overarching Assurance Framework, ensuring that governance, oversight, and assurance activity are well-coordinated and aligned to the Society's purpose, strategy, and risk appetite. The role also acts as deputy to the Chief Risk Officer where appropriate.

Duties and Key Responsibilities

• Risk Frameworks, Governance & Policies

• Lead and continuously enhance the Enterprise Risk Management Framework (ERMF), ensuring it is proportionate and embedded across the Society.
• Lead the Society's risk governance and policy framework, ensuring coherent ownership, approval, and maintenance.
• Maintain oversight of the Risk Appetite Framework, aligned to strategy and Board-approved limits.
• Ensure frameworks and policies align with PRA/FCA expectations, best practice, and strategic objectives.
• Drive consistency in risk assessment, control evaluation, and reporting across all risk categories.
• Support the CRO in maintaining strong governance, clear escalation, and line of sight from Board to business.
• Provide leadership in the discharge of the Chief Risk Officer's Data Protection Officer responsibilities.
• Oversee Board and Committee risk reporting, ensuring clarity, insight, and forward-looking commentary.
• Lead second-line oversight of capital, liquidity, and funding risks (ICAAP, ILAAP, RRP, Solvent Exit).
• Provide independent challenge on stress testing, capital adequacy, and liquidity management.
• Ensure prudential insight informs strategic and financial planning.

• Oversee the Operational Risk Framework (RCSAs, incidents, KRIs, lessons learned).
• Provide independent oversight of operational resilience (critical services, tolerances, testing).
• Challenge first-line management of technology, cyber, third-party, data, people, and model risk.
• Support CRO in integrating data protection oversight into risk frameworks.
• Lead second-line oversight of strategy, change, and transformation programmes.
• Challenge key business cases, plans, and delivery assurance.
• Provide thematic insight on cumulative change risk.

• Lead the Integrated Assurance Framework across the three lines of defence.
• Act as the focal point for managing the Society's relationship with Internal Audit, supporting alignment of assurance and strengthening Board confidence.
• Coordinate enterprise risk aggregation, horizon scanning, and emerging risk oversight.
• Provide clear, data-driven risk insight to CRO, Executive Risk Committee, and Board Risk Committee.

• Lead and develop the Risk Oversight team and foster strong collaboration.
• Promote constructive challenge across lines.

Conduct Rules

All employees and NEDs are expected to act in accordance with the PRA and FCA Conduct Rules:

• You must act with integrity.
• You must act with due skill, care and diligence.
• You must be open and co-operative with the FCA, the PRA and other regulators.
• You must pay due regard to the interests of customers and treat them fairly.
• You must observe proper standards of market conduct.
• You must act to deliver good outcomes for retail customers.

All employees and NEDs are expected to:

• Be aware of their personal legal obligations and the legal obligations of the Society in relation to Financial Crime.
• Be aware of the Society's Anti-Money Laundering systems and controls and follow the Society's procedures.
• Be alert for anything suspicious in respect of money laundering or fraud and report any suspicions in line with internal procedures.
• Do not discuss any suspicions with anyone outside of the Society and do not tip off a customer or prejudice an investigation.

Certification Regime Obligations

This role has been deemed a Certification function as it is required to perform a Significant Harm Function or other regulatory function (Regulated Activities) for which the Society is required to certify the role holder with the Regulators as fit and proper.

Person Specification

Qualifications & Knowledge

• Relevant professional risk qualification (e.g., IRM, FRM, PRMIA, ICA) desirable but not essential.

Experience

• Significant second-line risk management or assurance experience within financial services, ideally within a building society, bank, or mutual.
• Working knowledge of prudential and financial resilience principles, including capital, liquidity, stress testing, and recovery planning.
• Proven ability to design and lead enterprise-wide frameworks, governance structures, and policy architectures.
• Experience in overseeing a range of non-financial risks, including operational, conduct, compliance, technology/cyber, third-party and data.
• Experience in risk oversight of change and transformation, including project assurance, oversight strategy, and portfolio risk aggregation.
• Experience overseeing operational resilience, including critical services, impact tolerances, and incident response.

Skills & Abilities

• Proven ability to influence senior stakeholders, including ExCo, Board Committees, and external regulators.
• Strong leadership capability, with experience developing teams, fostering collaboration, and promoting constructive challenge.
• Experience operating within a Three Lines of Defence model, providing effective, independent second-line oversight and challenge.
• Excellent communication skills, with the ability to translate complex risk insight into clear, actionable guidance for senior decision-makers.

What benefits are on offer:

• Competitive salary rates
• Contributory Stakeholder Pension Scheme
• Free health screening
• Minimum of 25 days paid holiday per annum plus bank and public holidays
• Parental Schemes
• Sick Pay guaranteed for 6 months for major illnesses
• Life assurance of 4 times your annual salary
• Employee assistance programme
• We’re open to discussing working flexibly
• Onsite gym available to employees

If the above sounds like something you’d thrive at, we’d love to hear from you.