[Hiring] VP, Head of Enterprise Risk Management @SF Fire Credit Union

Role Description

The Vice President, Head of Enterprise Risk Management (ERM) is a senior leadership role responsible for designing, implementing, and continuously maturing the Credit Union’s enterprise risk management framework. This role provides strategic oversight across all risk disciplines, including ERM, Compliance, Business Continuity Planning (BCP), and Vendor Risk Management.

The VP will lead the organization’s efforts to identify, assess, monitor, and mitigate risks across all NCUA risk categories, while ensuring alignment with regulatory expectations, industry best practices, and organizational strategy. A critical component of this role is strong expertise in technology and IT-related risks, including cybersecurity, data governance, and IT compliance.

What You’ll Be Doing

• Enterprise Risk Management Leadership
  • Lead the development, implementation, and ongoing enhancement of a formal Enterprise Risk Management (ERM) framework aligned with regulatory expectations and industry standards (e.g., COSO ERM Framework).
  • Establish a holistic risk management approach that integrates risk awareness into strategic planning and operational decision-making.
  • Provide enterprise-wide oversight of risk identification, assessment, mitigation, and monitoring activities.
• Risk Oversight Across NCUA Risk Categories
  • Maintain oversight across all seven NCUA risk categories, including Credit Risk, Interest Rate Risk, Liquidity Risk, Operational Risk, Compliance Risk, Strategic Risk, and Reputation Risk.
  • Ensure risks are effectively assessed, documented, and managed across all business units.
• Risk Assessments & RCSA Program
  • Design and oversee the Enterprise Risk Assessment program to identify emerging and top organizational risks.
  • Lead the implementation and ongoing enhancement of Risk and Control Self-Assessments (RCSA) across the organization.
  • Ensure consistency, quality, and reliability of risk assessments across business lines.
  • Partner with business leaders to strengthen control environments and risk mitigation strategies.
• Risk Appetite & Key Risk Indicators (KRIs)
  • Develop, refine, and maintain the organization’s Risk Appetite Framework, ensuring alignment with strategic objectives and board expectations.
  • Establish and monitor KRIs and thresholds to proactively manage risk exposure.
  • Provide actionable insights and early warning signals to executive leadership.
• Risk Reporting & Governance
  • Deliver comprehensive, timely, and insightful risk reporting to executive management.
  • Establish strong risk governance structures, including policies, committees, and escalation protocols.
  • Ensure transparency and clarity regarding risk exposure, trends, and emerging risks.
• Compliance Oversight
  • Oversee the Compliance function, ensuring adherence to applicable laws, regulations, and regulatory guidance.
  • Maintain strong regulatory relationships and support regulatory examinations and audits.
  • Ensure integration of compliance risk into the broader ERM framework.
• Business Continuity Planning
  • Provide executive oversight of Business Continuity and Disaster Recovery programs.
  • Ensure organizational resilience through robust continuity planning, testing, and response capabilities.
  • Oversee crisis management frameworks and incident response coordination.
• Vendor Risk Management
  • Oversee the Third-Party/Vendor Risk Management program, ensuring appropriate due diligence, risk assessment, and ongoing monitoring.
  • Ensure compliance with regulatory expectations related to third-party risk management.
  • Evaluate concentration risk, critical vendor dependencies, and operational resilience risks.
• Technology Risk & IT Compliance
  • Serve as a key leader overseeing technology-related risks, including Cybersecurity Risk, Information Security, Data Privacy & Governance, and Cloud & Third-Party Technology Risks.
  • Partner with IT and Information Security leadership to ensure robust risk identification and mitigation practices.
  • Ensure compliance with relevant regulatory guidance and frameworks (e.g., FFIEC guidance, NCUA expectations).
  • Translate complex technical risks into clear business and executive-level insights.
• Leadership & Collaboration
  • Lead, mentor, and develop a multi-functional risk team spanning ERM, Compliance, Business Continuity Planning (BCP), and Vendor Risk Management.
  • Foster a strong risk culture across the organization through training, communication, and leadership.
  • Serve as a trusted advisor to executive leadership on all risk-related matters.
  • Collaborate cross-functionally with Finance, IT, Internal Audit, and business units.

Qualifications

• Bachelor’s degree required; advanced degree preferred (e.g., MS in Risk Management or related field).
• 12–15+ years of progressive experience in risk management, compliance, or related fields within financial services (credit union or banking experience strongly preferred).
• 10–15 years of experience in senior leadership roles.

Requirements

• Deep knowledge of enterprise risk management frameworks (e.g., COSO ERM).
• Strong understanding of NCUA regulations and supervisory expectations.
• Demonstrated expertise in Risk Appetite Frameworks & KRIs, RCSA Programs & Enterprise Risk Assessments, and Risk Governance & Reporting.
• Strategic thinker with strong execution capabilities.
• Exceptional communication and relationship management skills.
• Proven ability to build and mature risk programs within a dynamic environment.
• Strong analytical, problem-solving, and decision-making capabilities.
• High integrity and sound judgment.

Physical Demands

The physical demands described here are representative of those required to successfully perform the essential functions of this role. Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.

• While performing the duties of this role, the employee is regularly required to sit for extended periods of time, use hands to handle objects and operate a computer, and communicate verbally and hear effectively.
• Specific vision abilities required include close vision and the ability to adjust focus.

Salary

This compensation range takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs. At SFFCU, it is not typical for an individual to be hired at or near the top of the range for their role and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range for the San Francisco Market is an annual salary of $156,000 to $234,000.

Benefits

• 401(k) and Employer Match
• Health, Vision, Dental and Life Insurance
• Annual Incentive/Bonus Program
• Tuition Reimbursement Program
• 11 Paid Holidays + Competitive PTO package
• Home & Consumer Loan Program (Discounted Rates)
• Professional development and training programs
• On-demand personal coaching resource
• Wellness Program (Discounted Gym Membership)