Risk Management Officer

Organisation: The National Trust for Scotland

Salary: £33,702

Location: Edinburgh


This role exists in order to:
1. Develop and implement the processes for capturing, monitoring, and reporting-on internal compliance with external-facing and internal-facing policies;
2. Develop and implement the processes for capturing, monitoring, and reporting-on identified corporate risks and their mitigations;
3. Advocate risk-management and compliance across the organisation, and pursue non-compliance.

It should be noted that this role does not normally handle financial risk and audit, matters relating to data protection compliance, and health & safety risk and audit.


The Trust is Scotland’s leading conservation organisation, caring for a wide range of national heritage, hosting millions of visitors annually, and acting as a responsible employer for our workforce. As a responsible organisation, the Trust is committed to identifying risks, and putting in place appropriate controls and mitigation measures to manage these.

The Policy Team as a central function has oversight over the Trust’s policy and guidance, and is therefore best placed to ensure that all relevant risks have been identified, that appropriate owners have been allocated, and that the necessary controls are in place and are being applied.

The Trust is currently applying the 4Risk risk management system, which will assist in the identification, description and assignation of organisational risks. The system will record the controls in place to manage these risks, along with supporting materials.


The main areas of responsibility of this role are to:

• Develop and implement frameworks (applicable across the whole organisation) for identifying and recording corporate risks, noting proposed mitigating measures, and monitoring progress towards mitigation measures being implemented to reduce risk .
• Develop and implement frameworks for monitoring overall compliance with Trust policies, for escalating policy breaches to senior management, and for recording and reporting-on the Trust’s response to breaches of its policies.
• Work with those identified as risk owners & leads to contribute their input to the risk and compliance frameworks – including coaching individuals to increase understanding of the Trust’s approach and methodology, as well as pushing for participation in those frameworks.
• Collate and systemise information relating to risk/compliance (including evidence of compliance), and prepare ExCo/Board-ready reports for the Head of PPR&C to keep senior executives and non-executives well-informed of corporate risk and mitigations, and to record/track agreed strategies for encouraging compliance and the reduction of risk.
• Develop and deliver appropriate training on risk/compliance as a concept, as well as the frameworks and tools used within the Trust to capture and manage risk/compliance.
• Liaise with external partners tasked with supporting the Trust with risk and compliance matters.
• Ensure that the Trust’s frameworks for capturing and governing risk/compliance are cognisant of industry ‘best practice’ and fit for purpose within the context of the Trust.


People Management
• Not a line manager.
• Works across all operational levels of the organisation, and may, from time-to-time, work with members of the Board (in particular the Audit & Risk Management Committee), and the senior management team (“ExCo”: comprising the CEO and Directors).
• Establishes and actively engages with a peer-network for risk/compliance within the heritage/not-for-profit sector.
• Works with external suppliers/advisers.

Finance Management
• Not a budget-holder.

• Normal place of work will be in Edinburgh, but, on occasion, required to travel throughout Scotland to other NTS sites, or to meetings with external partners and peers.

• Demonstrable significant experience in an audit, risk-management, or compliance field – including the creation and management of frameworks, gaining ‘buy-in’ across the business, reporting to senior levels, and operationalising strategic decisions on risk/compliance;
• Thorough understanding of risk and compliance issues within the heritage or visitor-attraction context;
• Exemplary inter-personal skills evidenced through success in influencing and persuading colleagues to comply with initiatives – including the delivery of coaching/training sessions on risk/compliance;
• Exemplary information-gathering, analysis, report-writing and presentation skills.

• Thorough knowledge of Scotland, particularly its geography, natural, built and cultural heritage, land use and politics, together with their related risk and compliance contexts;
• Knowledge and understanding of the National Trust for Scotland.

The Key Responsibilities, Scope of Job, and Required Qualifications, Experience, Skills & Knowledge reflect the requirements of the job at the time of issue. The Trust reserves the right to amend these with appropriate consultation and/or request the post-holder to undertake any activities that it believes to be reasonable within the broad scope of the job or his/her general abilities.

Application Deadline: Friday 22/07/2022