Mark Clegg, SIRM: Director of Safety, Risk & Resilience, NG Bailey
How did you get your job?
I was fortunate to join NG Bailey following a career which started with almost 23 years in the British military. That most enjoyable period involved me being engaged in risk management at varying levels and in some fascinating environments. Following my military career, I worked as a consultant for the EPC, delivering risk and resilience services to a range of public and private sector organisations in the UK and overseas. Over the years, I have completed a number of professional courses in risk management, cyber security, business continuity and crisis management.
In my other guise, I’m also a non-executive director on the IRM Board. Having benefited from being a member for some time, I was keen to ‘give something back’ and increase my involvement with the IRM. I joined its Education Committee a few years ago, which was thoroughly enjoyable, and in 2018 I was delighted to join the Board.
What’s a typical day like as a Director of Safety, Risk & Resilience?
I’m very privileged to work with a team of extremely talented specialists in each of the fields that I’m responsible for. Consequently, a typical day involves working with them to ensure we have the right measures in place to anticipate, prepare for, respond to and recover from a range of scenarios. Some of this work is driven by long-term, pre-determined development programmes while other elements are initiated by shorter-term changes in situation. In either instance, this work requires engaging with staff from departments and business units across the Group.
What do you enjoy most about your job?
The risk landscape seems to be ever-changing as it has so many different inputs. This makes my role fascinating as it requires constant horizon scanning, lessons learning and identifying where potential weaknesses lie, so that they can be addressed. This requirement to constantly learn and evolve brings plenty of variety which makes working in risk a thoroughly enjoyable career choice.
What would you say to others thinking about joining IRM as a member?
I would definitely encourage those people that are involved or interested in risk management to consider joining the IRM as a member. I have found it extremely useful as a source of learning, providing access to the most up to date thinking in the profession and, most useful of all, increasing networking opportunities with risk experts.
Tips on getting involved in risk management
a. Think strategy. There are a plethora of books and articles written which tell us that strategy and risk management must go hand in hand - without effective risk management, strategies won’t be achieved and so on. This is perhaps our most important principle as risk professionals. However, for this to actually happen in practice, risk professionals simply must ensure that their activities are wholly aligned to the strategies of their organisations. Too often, new articles are published which remind us of this truism as if it were actually more complicated than it is.
b. Choose your language carefully. Given that risk professionals exist to enable business strategies (and not vice versa) we need to translate our work into language which the business understands. An overuse of the technical risk management jargon which is familiar to us only dilutes our key messages and, longer-term, undermines our involvement in top management discussions.
c. Learn to learn. Risk professionals are inundated with information regarding the risk landscape. We cannot simply ignore it, but equally we cannot realistically digest all of it either. Indeed, much of it is repetition so, in my experience, there is some which is of more value than others. However, we need to identify our own learning paths, by choosing where we have the greatest needs, largest gaps in knowledge and, in some instances, simply the most interest. Such continual development is a vital skill for those risk professionals wishing to stay ahead of the curve.
The IRM has previously conducted high-quality work in the field of cyber risk. The year 2018 saw a notable milestone in this area with the advent of the GDPR and also witnessed a number of organisations contend with some high-profile cyber security incidents. Predictions for 2019 look challenging and the increasingly common mantra appears to be ‘it’s not if, but when’ organisations will experience a cyber security incident. Given that this area continues to evolve and to draw corresponding widespread attention, it is fitting for the IRM to contribute to the various works and thinking, by re-launching its Cyber Special Interest Group (SIG).
The core purpose of the Group will be to, act as a forum for discussion and development of thinking in cyber risk management. Building upon previous work conducted by the IRM, its partners as well as wider developments, the Cyber SIG will explore different aspects of, and approaches to, cyber risk. Its outputs will be focused on providing utility to those interested in, and affected by, this fast-moving nature of risk.