Commonwealth of Pennsylvania

POSITION DESCRIPTION FOR JOB POSTING

Position Number:  50703107

Description Activated On:  3/5/2026 3:28:27 PM

Position Purpose: Describe the primary purpose of this position and how it contributes to the organization’s objectives. Example: Provides clerical and office support within the Division to ensure its operations are conducted efficiently and effectively. 

 This position functions as Chief Risk Officer (CRO) for the PA State Employees’ Retirement System (SERS) and is responsible for establishing and directing the agency’s enterprise-wide risk management program to identify, assess, manage, and mitigate operational risks and to ensure alignment with agency strategic objectives, compliance, and regulatory requirements. The CRO reports directly to the SERS Executive Director and works closely with the SERS Board, senior leadership, and agency program personnel to foster risk awareness, to facilitate collaboration on risk management efforts, and to incorporate enterprise risk management (ERM) principles and practices into the agency’s operations and organizational culture.

Description of Duties: Describe in detail the duties and responsibilities assigned to this position. Descriptions should include the major end result of the task. Example: Types correspondence, reports, and other various documents from handwritten drafts for review and signature of the supervisor.

Develop, implement, manage, and continually enhance a comprehensive ERM program and strategy aligned with the Strategic Plan, goals, and objectives of SERS.

Incorporate the SERS Audit Committee, Board, and Executive Director’s overall risk appetite and tolerance levels into the agency risk management framework and strategy.

Proactively evaluate new and existing/legacy business processes and controls to inform agency risk tolerance decisions and to determine how risks will be mitigated and actively managed.

Collaborate with the Executive Director and agency staff to ensure that the risk management framework and mindset is consistent across all the internal organizational control structures to effectively manage ERM objectives.

Lead initiatives (e.g., stress testing) to proactively identify emerging/accumulating risks which may impact expected results and to recommend mitigation alternatives.

Identify and advise the Executive Director on best practices regarding mitigation strategies for enterprise-level risks facing SERS, including operational, third-party, strategic, and reputational risks.

Advise the SERS Audit Committee and Board about ERM program activity and the identified enterprise-level risks and related strategies to mitigate those risks.

Chair an ERM Oversight Committee, whose members are appointed by the Executive Director, to oversee the implementation and operation of the ERM framework at SERS.

Monitor and manage agency risk assessments, risk mitigation, and risk oversight. Monitor drivers of risk and update the risk profile in response to major changes both externally and internally in areas such as legislation/regulatory, technology, strategic direction, global influences (e.g., pandemic), continuity of operations, indirect risks, etc.

Ensure required reporting is submitted timely as requested by the Commonwealth’s Office of Comptroller Operations (OCO) and the Office of the Budget and that the Annual ERM Report to OCO is submitted annually by September 30th of each year for the fiscal year ending June 30.

Collaborate with CISO and COOP Coordinator to implement robust advance planning for incident recovery.

Review third-party independent reviews of risk.

Prepare for disruptions by engaging with the COOP Coordinator in scenario planning, stress testing, and tabletop exercises and by creating “playbook” templates for disruption response.

Develop key-risk indicator dashboards to monitor changes in risk conditions.

Manage the risks associated with digital transformation along with risks resulting from system enhancements, conversions, implementation, and all aspects of the SERS Strategic Plan.

Identify opportunities for enhanced control, oversight, and effective challenge using data analytics, and prepare charts, graphs, tables, heat maps, etc., for the visualization of data.

Provide input during the agency budget preparation process to match resourcing decisions to risk conditions.

Create and conduct risk-related training in collaboration with the agency’s Training Officer.

Assist in the procurement process for services and products, which may include drafting request for proposal (RFP) language, evaluating bids, and reviewing purchase orders on an as-needed basis.

Monitor industry trends, advancements, and best practices, and adapt and apply these to SERS business practices when feasible.

When assigned by the Executive Director, travel to participate in meetings and assess risk at SERS work locations & contracted vendor locations.

Perform other, related duties as required.

Decision Making: Describe the types of decisions made by the incumbent of this position and the types of decisions referred to others. Identify the problems or issues that can be resolved at the level of this position, versus those that must be referred to the supervisor. Example: In response to a customer inquiry, this work involves researching the status of an activity and preparing a formal response for the supervisor’s signature.

This position serves as the SERS Chief Risk Officer and implements and manages the agency ERM program in accordance with the Commonwealth policy and ERM framework defined in Management Directive 325.12, Amended, Standards for Enterprise Risk Management in Commonwealth Agencies.

The Chief Risk Officer holds a senior leadership role. This position carefully identifies and assesses potential agency risks by applying an in-depth understanding of SERS business practices and internal controls, studying external risk factors such as trends and regulations, and determining risk probability, impact, and mitigation cost. This position then advises the SERS Audit Committee, Board, Executive Director, and senior management so they are best positioned to make strategic, risk-aware decisions. As directed, this position will implement and manage agreed upon risk management solutions within the agency.

Requirements Profile: Identify any specific experience or requirements, such as a licensure, registration, or certification, which may be necessary to perform the functions of the position. Position-specific requirements should be consistent with a Special Requirement or other criteria identified in the classification specification covering this position. Example: Experience using Java; Professional Engineer License

Experience:



Licenses, registrations, or certifications:

1.   N/A
 
2.   N/A
 
3.   N/A
 
4.   N/A
 
5.   N/A
 
6.   N/A

Essential Functions: Provide a list of essential functions for this position. Example: Transports boxes weighing up to 60 pounds.
 
 1. Implement and manage the SERS enterprise risk management program.
 2. Evaluate internal controls and processes, and identify inherent operational risks.
 3. Analyze, interpret, & apply risk management policies, principles, practices, and methodologies.
 4. Collect, organize, and analyze data to draw conclusions, make predictions, & drive informed decision-making.
 5. Make strategic recommendations to the SERS Audit Committee, Board, and Executive Director supported by analysis and business rationale.
 6. Problem-solve to address control gaps and to resolve business risks within resource limitations.
 7. Communicate and collaborate effectively.
 8. Adapt to fluctuating workloads and priorities.
 9. Use standard office equipment, laptop computer, & job-related software & websites, including Microsoft applications.
 10. Travel to participate in meetings and assess risk at SERS work locations & contracted vendors.