Chief Risk Officer

Job description

Chief Risk Officer🔍Business Affairs, Stanford, California, United States📁Administration📅Mar 30, 2021 Post Date📅88982 Requisition #Chief Risk Officer
Stanford University
Palo Alto, California


Stanford University, recognized as one of the most prestigious and innovative academic and research institutions in the world, seeks an experienced, resilient, and strategic leader with superb communication skills to serve as Chief Risk Officer (CRO). This leader must be highly strategic and creative in collaborating with the wide array of offices and stakeholders required to foster a culture of ethics and compliance and mitigate institutional risks. This critical enterprise-wide position will have responsibility for the University proper as well as its related organizations, such as SLAC National Accelerator Lab, Stanford Management Company, Lucille Packard Children’s Hospital, and Stanford Health Care.

Reporting administratively to the Vice President for Business Affairs & Chief Financial Officer, this position serves as a key advisor across the institution on enterprise risks, internal audit, security and privacy, risk management, code of conduct, and ethics and compliance matters. The CRO has dotted-line reporting to the hospital CEOs, and staffs the Board of Trustees Committee on Audit, Compliance and Risk, and serves as a member of similar committees at both hospitals and SLAC. The CRO will also be responsible for coordinating the University’s ethics and compliance program including overseeing the development, review and revision of compliance-related policies and procedures; serving as a channel of communication to receive and direct compliance issues to appropriate resources within the University; collaborating with issue-specific compliance officers on campus; tracking alleged violations of policies and procedures and ensuring an appropriate University response; coordinating effective monitoring and training programs; developing and monitoring a comprehensive risk map; leading proactive privacy initiatives; and communicating effectively with University leadership. While directly overseeing the diverse teams within the Office of the Chief Risk Officer (OCRO), the CRO will serve as a vital partner to a large and diverse array of campus stakeholders and will place a high value on integrity and transparency. OCRO will work to create strong central framework among varied constituencies, understanding that one size may not fit all. The CRO provides an independent oversight role and will motivate administration, faculty, and staff to embrace a culture of compliance and shared responsibility to support the University’s strategic direction and mission.

The CRO will lead and develop the approximately 70 staff members in the OCRO, which encompasses the following six functions: Internal Audit; Ethics and Compliance; Enterprise Risk Management; Risk Management; Privacy and Information Security. (Information Security reports dually to the CRO and Chief Information Officer.)

Stanford University has retained Isaacson, Miller, a national executive search firm, to assist in this search. All inquiries, nominations, and applications should be directed in confidence as noted at the end of this document.


In its 125-year history, Stanford has become one of the world’s leading teaching and research institutions. Its academic programs demonstrate excellence across the spectrum of the humanities, sciences, engineering, and professional disciplines. The Stanford community includes than 2,000 faculty members and 12,000 staff are committed educators and leaders in their fields, and 16,000 students who hail from all 50 states and more than 90 countries, creating an active, diverse, global, and dynamic community. Known worldwide for its entrepreneurial character, Stanford continues to shape the history of Silicon Valley and fuel innovation across disciplines.


Pioneering neuroscientist, biotechnology executive, and academic leader Marc Tessier-Lavigne became Stanford University’s eleventh president on September 1, 2016. Early in his tenure as Stanford president, Dr. Tessier-Lavigne, in partnership with Stanford Provost Persis Drell, launched a long-range planning process that produced a new strategic vision, which was announced in May 2019. Built on more than 2,800 ideas received from across the Stanford community, the vision sets priorities across the areas of research, education and community. This new vision includes initiatives to support the campus community and to advance teaching and research over the next decade and beyond.

Persis S. Drell became provost on February 1, 2017. She is the Anna Marie Spilker Professor in the School of Engineering, a professor of materials science and engineering, and a professor of physics. She is the former Dean of the Stanford School of Engineering and the former Director of the U.S. Department of Energy’s SLAC National Accelerator Laboratory at Stanford. In her role as Provost, Dr. Drell has focused on a range of key campus issues, including: advancing diversity and inclusion; promoting the open exchange of diverse ideas; enhancing support for student communities; expanding support for efforts to eliminate sexual assault and sexual harassment; and providing new avenues for communication between university leadership and the campus community.


Stanford’s research activities, with annual revenues of over $1.6 billion, span all 7 schools and 18 independent labs, institutes, and centers, encompassing life sciences, physical sciences, social sciences, humanities, engineering, and medicine. Additionally, the SLAC National Accelerator Laboratory (SLAC), run by Stanford for the U.S. Department of Energy (DOE), is home to a 2-mile-long linear accelerator, a synchrotron, and the world’s most powerful X-ray laser. Experiments there probe everything from the most intricate molecular details of artwork or cellular structures to the origins of the universe and materials for better batteries.

Student Life

Stanford students come from all 50 states and all over the world to live together on one campus. More than 97% of Stanford undergraduates typically live on campus, with housing guaranteed for four years. “The Farm,” as the campus is affectionately known, is highly residential and encourages students to invest themselves fully where they live, learn, work and play.

The undergraduate class of 2024 at Stanford is composed of nine percent international students and 19 percent first generation college students. Stanford is committed to a need-blind admission policy for U.S. citizens, undocumented students, and permanent residents. Students are admitted without regard to their ability to pay and about half of undergraduates receive need-based financial aid. With over 228,000 alumni all over the world and in all 50 states, the global reach of Stanford is expansive.


Located 35 miles south of San Francisco and 20 miles north of San Jose, Stanford University is in the heart of Northern California’s dynamic "Silicon Valley,” home to Apple, Facebook, Google, VMWare, Zoom and many other cutting-edge companies. Although the University is virtually a community unto itself and even has its own zip code—94305—it calls the City of Palo Alto home. Downtown Palo Alto is a short walk from campus and includes many attractions, as well as many shops and restaurants. Additionally, Stanford has recently made its first significant expansion beyond the main campus to Redwood City. The new campus includes four modern office buildings, a café and outdoor promenade and plazas, a childcare center, parking garage and employee wellness center, providing workspace for about 2,700 employees - including three of the university’s eight vice presidents.


Enterprise Risk Management (ERM) coordinates the University’s efforts to provide a framework and processes for the identification, assessment, mitigation, and monitoring of risks to the achievement of the University’s mission and goals. These enterprise risks are regularly reviewed and discussed with the University Cabinet and Board of Trustees to drive critical enterprise-wide risk mitigation strategies that effectively balance risks and the advance the Stanford mission. The CRO also supports ERM activities at the hospitals and SLAC.

Internal Audit provides independent, objective assurance and advisory services designed to add value and improve the operations of the University and its affiliated entities by developing and implementing annual audit plans based on systematic and ongoing institution-wide risk assessment. OCRO provides internal audit services to all Stanford entities, including Stanford Health Care, Lucile Packard Children’s Hospital, SLAC and Stanford Management Company.

Ethics and Compliance provides direction and guidance for establishing and maintaining effective oversight and coordinating efforts to advise, partner, and engage the University community to uphold the highest standards of ethics, objectivity, and integrity in pursuing the University’s mission of teaching, learning, and research. This function also provides direction in the areas of investigations and global risk management.

Risk Management identifies and assesses risk, working to reduce potential loss through risk mitigation, risk transfer, and risk financing. The Risk Management office performs claims management, participates in mediation and settlements, and provides risk consulting.

University Privacy provides guidance and services to enable the transparent, ethical, and innovative use of personal data at Stanford, consistent with privacy laws (e.g., HIPAA and FERPA), University policies, and best practices.

Information Security orchestrates the University’s efforts to protect the computing and data assets that are critical to Stanford and its people.

The OCRO has a budget of $9.9 million.


Reporting to the Vice President of Business Affairs and Chief Financial Officer (CFO), the Chief Risk Officer (CRO) will partner with key stakeholders at Stanford University and its related organizations such as SLAC National Accelerator Lab, Stanford Management Company, Lucille Packard Children’s Hospital, and Stanford Health Care to accomplish their objectives by bringing a systematic, focused approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The CRO has a reporting relationship to the President, the CEOs of the Hospitals, and to the Chair of the Audit, Compliance, and Risk Committee of the Stanford University Board of Trustees.

The CRO participates in: the University Cabinet, University's ERM Ethics and Compliance Steering Committee; Executive Privacy Governance Committee; and the Privacy Governance Committee, the hospital's Committee on Management Controls and Compliance; and the SLAC Director's Assurance Council. This individual is expected to maintain effective working relationships and ongoing open communication with a variety of board committees. Additionally, the CRO will maintain an effective audit liaison function with the University’s and Hospitals’ external auditors and cognizant government audit agencies.


The Chief Risk Officer will have the opportunity to address many of the following key opportunities and challenges:

Preserve and promote a University culture centered on ethics and compliance
The CRO will promote a culture where ERM, ethics and compliance, and audit professionals are viewed as key partners and advisors to the Stanford community. To do so, the CRO will embody fairness, respect, effective processes, integrity and sound judgment, while being transparent about policies and procedures. They will promote an environment where information security and compliance are the responsibility of all, and will find creative ways to train, educate, and bring awareness to compliance issues and potential pitfalls. Being proactive to avoid compliance issues will be a key goal of the CRO. Nonetheless, in the event that allegations arise or violations occur, the CRO will foster an environment that is conducive to reporting issues by building trust with all university constituents. University constituents at all levels should feel responsible to report any wrongdoings, and most importantly, should feel comfortable doing so.

Identify and implement best practices in audit, compliance, and ERM appropriate to a complex private research university
The CRO will guide best practices in ERM, audit, and compliance in ways that influence the University’s strategic plan and direction. This includes creating an ecosystem that optimizes coordination efforts across these offices in support of the institution the efforts of these offices across the institution. To do so, the CRO must navigate a uniquely complex environment spanning Stanford University, the Lucille Packard Children’s Hospital, Stanford Healthcare, the Stanford Management Company, and SLAC. The CRO must be creative in finding efficiencies and creating strong central policies and procedures, while understanding that one size may not fit all. The CRO should work to break down silos between offices while recognizing the unique culture of each group. This leader will need to set a broad strategic vision for ERM, audit, and compliance, and be innovative in finding ways to serve that wide variety of offices with which the CRO partners.

Build and maintain ongoing internal and external relationships
The CRO will work with a broad and varied array of constituents at the university. The CRO will collaborate closely with key stakeholders involved in compliance and audit across the university, while also working with subject matter experts throughout the institution who oversee areas such as FERPA, HIPAA, Title IX, Clery Act, public safety, conflicts of interest, student affairs, research, athletics, financial aid, and information technology (IT). The CRO is responsible for presenting to senior leadership and the board of trustees, as well as staffing the board’s audit, compliance, and risk committees.

Lead, recruit, and retain teams of high performing audit, compliance, and Risk professionals
The new CRO will oversee the efforts of the six functions within the Office of the Chief Risk Officer. The functions consist of experienced professionals responsible for bringing an independent, systematic, objective approach to evaluating and improving the University’s operations. These groups will work in partnership with University leadership and other stakeholders to emphasize adding value through analyzing, assessing, and monitoring organizational operations, controls, and risks; examining and evaluating policies, procedures, and systems; and making recommendations for enhancement and improvement where needed. These six teams are high-functioning groups with finite human and financial resources, and the CRO will help maximize the talents of the existing staff. The CRO must foster a culture that rewards innovation and creativity and above all, this person must create lines of communication and lead with transparency and openness. Given the advances of the current information economy, the rise of remote working post-COVID, and the difficulties of recruiting and retaining staff in Silicon Valley, the CRO must have an innovative and resourceful approach to growing and maintaining their strong team.

Qualifications and Characteristics

Stanford University seeks a highly qualified individual who is collaborative, communicative, with exceptional leadership skills and in-depth experience working with enterprise risk management, internal audit, and compliance, ideally within a similarly complex higher education or healthcare setting. The successful candidate will demonstrate many of the following skills and qualities:

• A track record of building compliance and ethics consciousness into the day-to-day activities within a similarly complex
environment, encouraging all employees to conduct business with high standards, honesty, and integrity;
• Demonstrated ability to integrate vision, strategy, tactics, and activities to move an organization’s mission forward;
• An entrepreneurial orientation and a willingness to be innovative and proactive in solving problems;
• Ability to lead, develop, and motivate a diverse team and to build positive working relationships at all levels;
• Proven strategic thinker and thought leader with superior analytical and problem solving skills;
• Demonstrated experience exercising considerable judgment, common sense, and resourcefulness;
• The ability to be nimble, flexible; and work within a space of ambiguity;
• Highly developed communication skills and emotional intelligence with the ability to influence through personal credibility,
integrity, and professionalism;
• Effective communication skills both up and down to all levels of staff;
• Excellent written and presentation skills;
• Inclination to be an educator and promote a culture of learning, while being a mentor and an advocate;
• Collaborative consensus builder; flexible and open to input;
• Ability to effectively plan and execute multiple concurrent initiatives, meeting established deadlines, within budget and
achieving overall objectives;
• Transparency, openness, and commitment to the highest ethical and professional standards;
• Working knowledge of the International Standards for the Professional Practice of Internal Auditing;
• Understanding of Generally Accepted Government Auditing Standards;
• Familiarity with sponsored research administration;
• Knowledge of requirements of OMB Uniform Guidance;
• Knowledge of HIPAA, FERPA, GDPR, and other relevant privacy regulations; and
• Advanced degree and relevant professional certifications preferred.

The job duties listed are typical examples of work performed by positions in this job classification and are not designed to contain or be interpreted as a comprehensive inventory of all duties, tasks, and responsibilities. Specific duties and responsibilities may vary depending on department or program needs without changing the general nature and scope of the job or level of responsibility. Employees may also perform other duties as assigned.

Consistent with its obligations under the law, the University will provide reasonable accommodation to any employee with a disability who requires accommodation to perform the essential functions of his or her job.

Stanford is an equal employment opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other characteristic protected by law.

Additional Information
  • Schedule: Full-time
  • Job Code: 1996
  • Employee Status: Regular
  • Grade: N11
  • Requisition ID: 88982




Diversity Profile: University



View more

Learn more on Inside Higher Ed's College Page for University

Arrow pointing right
Job No:
Posted: 4/1/2021
Application Due: 5/31/2021
Work Type: Full Time