Overview

Role: Risk Assurance & BCP Manager

Location: Birmingham, Hybrid (2 days per week on site)

Salary: Competitive + Car Allowance

Working Hours: 8:00–17:00, Monday to Friday (7-hour days)

Benefits: Car Allowance, Private Healthcare, 25 days holidays + Bank holidays, Health Cash Plan, Discount Shopping, Gym, Days Out, Learning & Development opportunities, Paid Volunteering Days, and more.

About EMCOR UK

EMCOR UK delivers facilities management by combining engineering heritage with innovation. We prioritise people, work with our customers to understand needs, and aim to create a better world at work. We use data-driven intelligence to support decision-making while maintaining safety, compliance, and assurance.

Role Overview

The Risk Assurance & Business Continuity Planning (BCP) Manager is responsible for overseeing the enterprise risk management framework, risk registers, risk assessments, and the development, maintenance, and testing of business continuity and crisis response plans. The role provides independent assurance that risks are identified, assessed, and managed effectively across the business, and supports regulatory compliance and strategic risk mitigation.

Responsibilities

• Accelerate and continually improve the enterprise risk management framework aligned to ISO 31000.
• Manage and maintain comprehensive risk registers and operating risk registers with appropriate escalation.
• Develop and facilitate risk training courses to embed risk culture.
• Coordinate development and monitoring of risk treatment plans and ensure alignment with the enterprise risk management system.
• Provide independent assurance that risk management conforms to ISO 31000 and internal policies.
• Collaborate with internal audit and compliance to test risk controls and report findings to senior management and ELT.
• Lead the design, implementation, and continual improvement of the BCMS in line with ISO 22301.
• Maintain and recertify ISO 22301 and review internal audit provision.
• Conduct Business Impact Analyses (BIA) to identify critical functions and recovery objectives.
• Develop, maintain, and test business continuity plans (BCPs) and coordinate regular drills.
• Ensure incident response and crisis management plans remain effective.
• Engage with stakeholders to develop and implement resilience across departments and IT integration (ISO 27001).
• Collaborate to meet UK reporting requirements and other platform models as applicable.

Stakeholder Engagement & Reporting

• Embed risk and continuity practices across the organisation with IT, HR, and external partners.
• Prepare and present risk and BC reports for executives, risk committees, and regulators.
• Support compliance audits and regulatory inspections related to risk and continuity management.

Continuous Improvement & Training

• Promote risk and business continuity awareness through ISO-aligned training.
• Monitor industry practices, regulatory changes, and threats; update frameworks accordingly.
• Lead post-incident reviews and incorporate lessons learned into processes.

Accountabilities

• Ensure the enterprise risk management framework aligns with ISO 31000 within organisational strategy.
• Own the BCMS aligned with ISO 22301 and maintain current BCPs and risk documentation.
• Escalate and report risk and continuity status, incidents, and assurance outcomes to senior management.
• Ensure compliance with laws, regulations, and international standards for risk and continuity management.

Qualifications & Deliverables

• ISO 31000-aligned risk management framework with policies and procedures.
• Updated risk registers and BIA documentation.
• Independent risk assurance reports and monitoring outputs.
• ISO 22301-compliant BCPs, tested and approved.
• BCI/IIRSM membership (preferred); minimum Level 3 qualification in Risk Management/BCM or related area.
• Strong knowledge of safety, risk management, BCM, and current safety legislation and standards.
• Analytical and reporting skills to translate data into actionable recommendations; experience with risk-based policy development.
• Experience of incident investigation and ability to advise on risk assurance issues.

Personal Specification

• Ability to manage workload and meet deadlines with flexibility and initiative.
• Strong interpersonal skills and autonomous working style.
• Analytical mindset and strong report writing capabilities.

Applicants Note

We embrace diversity and are committed to equal opportunities. We welcome applicants from all backgrounds. Join us to help build a culture of mutual respect and equity and to support a better world at work.