- Former Chair of the Institute of Risk Management’s Cyber Special Interest Group
- Project manager and co-author of the IRM publication Cyber risk for risk practitioners
- Guest lecturer at University of Portsmouth on the IRM Risk Culture publication.
I left the Royal Air Force in 2002 after 16 years’ service in the fighter control specialisation – air defence of the UK specialising in electronic warfare. Despite struggling to find what I wanted to do, I got a job working for Amey Vectra as a risk consultant for a short while before taking a post as enterprise risk manager for Paradigm Secure Communications on the £3.2bn satellite communication programme for the UK Military; the SKYNET 5 project, which was a real success for me on a personal and professional level. I was at Paradigm for nearly 6 years and I joined a risk consulting division within a software company as head of Risk Services working with global companies such as Rolls Royce, Rio Tinto and Saudi Aramco. I was then asked to join Zurich Insurance to head up the Information Governance transformation programme. Since joining Zurich I have progressed to Head of Risk and most lately to the Chief Risk Officer for UK General Insurance
Transition to Civvy Life
I personally found the transition to be difficult as I did not have a plan but I was lucky to have some support from other ex RAF people who helped me find that all important first job. Since then I have taken matters into my own hands; I have gained an MSc in Corporate Risk and Security Management, gained other qualifications and experience within my chosen area of expertise and created opportunities as a result. I prefer to operate in specialist areas than general roles but the military background enabled me to succeed in both by blending my new skills with the leadership and management skills from the RAF. By seeking new challenges and stepping out of my comfort zone, I have shown I am adaptable and open-minded to change and I think this is a great asset to all employers.
The business landscape constantly shifts and the competition needs to be responded to. As a consequence, being open to change and dealing with it in a positive frame of mind has helped me to see through many moments of change that would faze others. Yes it has been unsettling but facing up to the uncertainty and dealing with ambiguity are key skills service personnel have and they have served me well.
Skills transferred from RAF days
Enterprise risk management: This is a key skill of most military staff even if it is called other things. Any leadership role will help develop such skills but the basic skills required to “know your enemy” and how you can develop tactics to counter the enemy is basic risk management. Broaden that across the organisation and you have the “Enterprise” element.
Risk management: Practitioner in project, programme and corporate risk management including the use of quantitative models to support effective decision making and distribution of funding.
Information governance: Establishing Information Governance frameworks and practices within a UK subsidiary of Zurich and providing expertise to Global initiatives. The basic security rules in the Joint Services Manual stood the test of time. Military staff understand classification and security of data so these skills transferred very easily. This is a key risk to be managed in most businesses these days
Programme/project risk: Quantitative analysis of capital projects and programmes to determine confidence of delivery to time and cost prior to contract signature and to ensure ongoing confidence in delivery schedules post-contract. I learnt the basic skills in the RAF and continued to develop them further.
Training: Training needs analysis. course design and delivery of awareness and staff training regimes to affect cultural change of behaviours to protecting customer data or in support of implementing risk management methodologies and tools. I think anyone in the military will recognise these skills.
Alastair talks about the value of being involved with the Institute of Risk Management:
“I have heavily invested in training within my team fully aligned to the IRM to complete both the Certificate in Risk Management and the Diploma. We have changed the requirements of the risk roles to strengthen risk professionalism and to provide credibility in the business based on best practices. This has involved over 14 staff across the business taking these qualifications in the last 12 months and we have completed over 12 other short courses to specifically learn new skills and get fresh insight into current risk practices. These have included Risk Reporting, Developing KPIs, Risk Workshop facilitation, Fundamentals of Risk Management and several others – staying competent is a key factor in this role”.