Risk Manager (SC Cleared) - Contract Outside IR35 at Cactus IT Solutions UK Ltd, Bristol/Andover, 6 Months, £425-£450 per day

We are seeking a senior Risk Manager to lead programme-wide risk and opportunity management, ensuring alignment with HM Treasury Orange Book principles and MOD governance frameworks.

This role goes beyond traditional risk reporting-positioning the Risk Manager as a trusted advisor to Senior Responsible Owners (SROs), Programme Boards, and assurance bodies, enabling risk-informed decision-making, shaping strategic trade-offs, and ensuring both threats and opportunities are actively managed to protect and enhance Defence capability outcomes.

Key Responsibilities

Risk Management Strategy & Planning:

• Develop, implement, and continuously refine the Programme Risk Management Strategy and Risk Management Plan, aligned to NAD, MOD, and HMG best practice.
• Define risk appetite, tolerance, thresholds, and escalation frameworks across project, programme, and portfolio levels.
• Ensure integration of risk management into overall programme governance, planning, and delivery life cycle.

Threat & Opportunity (Upside Risk) Management:

• Lead proactive identification and management of both threats and opportunities, ensuring balanced consideration of risk and value.
• Embed opportunity management practices to maximise programme benefits and outcomes.
• Align risk and opportunity management with benefits realisation and Defence capability delivery, not just milestones.

Risk-Informed Decision Making:

• Act as a trusted advisor to SROs and Programme Boards, providing clear analysis of risks, opportunities, and trade-offs.
• Present decision options with associated impacts on cost, schedule, performance, and operational outcomes.
• Support informed decision-making through evidence-based insights and scenario analysis.

Schedule Threshold Management & Escalation:

• Define and manage risk thresholds and escalation triggers, including schedule, cost, and performance tolerances.
• Monitor delivery against thresholds and ensure timely escalation from project to programme and portfolio governance levels.
• Provide early warning of risks that may impact critical paths, approvals, or operational readiness.

Tooling & Quantitative Risk Analysis:

• Lead the use of Active Risk Manager (ARM) and Predict! (or equivalent) to manage risk data, reporting, and analysis.
• Deliver quantitative risk analysis (QRA), including schedule and cost risk modelling where appropriate.
• Ensure data quality, consistency, and auditability across all risk artefacts.

Commercial & Contractual Risk Integration:

• Integrate risk management with commercial strategies, supplier performance, and contractual frameworks.
• Identify and manage risks associated with multi-vendor delivery environments, including misaligned incentives and dependencies.
• Support commercial teams in embedding risk considerations into procurement and supplier management.

Security, Accreditation & Cyber Risk:

• Lead management of security, accreditation, and cyber risks as core programme risk domains.
• Ensure alignment with Defence security policies, accreditation requirements, and cyber assurance processes.
• Provide visibility and escalation of risks impacting authority to operate and operational deployment.

People, Skills & Clearance Risks:

• Identify and manage risks related to SC clearance constraints, key personnel dependencies, and skills shortages.
• Highlight risks associated with succession gaps and single points of failure across programme and supplier teams.
• Support workforce planning through proactive identification of people-related risks.

Governance, Assurance & Independent Challenge:

• Maintain comprehensive and auditable risk registers and RAID logs across programme levels.
• Provide high-quality reporting to Programme Boards, SROs, and assurance bodies (eg, IPA, Cabinet Office).
• Exercise independent challenge, ensuring risks are accurately represented and not understated.
• Escalate material concerns without compromise, ensuring transparency and integrity in reporting.

Stakeholder Engagement:

• Engage with senior stakeholders across NAD, MOD, suppliers, and wider HMG organisations.
• Facilitate risk workshops, reviews, and governance forums to ensure shared understanding and ownership of risk.
• Provide clear, concise communication tailored to both technical and non-technical audiences.

Continuous Improvement & Risk Culture:

• Promote a proactive, transparent, and risk-aware culture across multidisciplinary teams.
• Drive continuous improvement in risk management practices, tools, and maturity.
• Capture and share lessons learned across programmes and portfolios.

Requirements

Essential:

• Proven experience as a Risk Manager within Defence, government, or large-scale regulated environments.
• Extensive experience supporting HMG Category A or Major Programmes, including approvals and assurance processes.
• Strong knowledge of HM Treasury Orange Book and risk management best practice.
• Demonstrated experience developing Risk Management Strategies and Plans.
• Hands-on experience with Active Risk Manager (ARM), Predict!, or equivalent tools.
• Experience delivering quantitative risk analysis (QRA), including schedule and/or cost modelling.
• Strong understanding of commercial, supplier, and multi-vendor risk environments.
• Experience managing security, accreditation, and cyber risks within Defence or similar contexts.
• Ability to influence senior stakeholders and provide independent challenge at Board level.
• Excellent analytical, communication, and reporting skills.

Desirable:

• Experience within NAD/Defence Digital, Land ISTAR, or digital transformation programmes.
• Knowledge of HM Treasury Green Book and business case development.
• Familiarity with Infrastructure and Projects Authority (IPA) and GMPP assurance processes.
• Professional certification in risk management (eg, APM Risk, MoR, PMI-RMP).