Risk management has always been important to law firms. But this is a time in which firms are more aware than ever of the fragility of reputation/brand, the risks posed by on-going economic and business uncertainty, and the need to keep on top of regulatory change and rising competition.

Alongside that are the ever-growing dangers of cyber-attacks: according to the PwC Law Firms’ Survey 2017, the majority of law firms suffered a security incident in the past 12 months, some on a daily basis, and others (nearly a third) on a weekly or monthly basis. Recent large-scale data leaks have exposed the vulnerability of law firms in this digital age, as well as the need to be compliant with changing legislation – most recently the General Data Protection Regulations, coming into force this year.

Combined, these are causing more law firms to prioritise the need to grow a more centralised risk function – headed up by dedicated and increasingly senior (often board level) risk professionals who can streamline strategy and process, and develop an effective risk-management culture, often across international offices.

Remit and responsibilities


At Totum, we are working on an increasing number of senior risk roles, often on new positions as firms invest more in developing this function. Each firm differs in their specific requirements, but typical characteristics of a senior risk role include:

  1. ‘Head of’ or Director of Risk and Compliance roles are becoming more common. Professionals taking on such roles have genuine decision-making responsibility, often sitting on the Executive Committee.
  2. Firms are seeking dedicated and experienced risk professionals, who have a strong understanding of the regulatory environment in which law firms operate.
  3. As teams grow, senior risk professionals will also be responsible for the development of the function and the career development of more junior team members.
  4. A senior risk professional in law can expect to work across the partnership and with all functions – as they act as business advisor on all aspects of safeguarding the firm while allowing for business growth. Experts who can combine technical knowledge with commercial know-how are in high demand.
  5. Developing a firm-wide risk management culture typically requires risk leaders to implement risk training programmes at all levels of the firm. Excellent communication skills are essential to translating requirements into firm-wide day-to-day behaviours.
  6. Today’s risk functions are typically closely aligned with IT, reflecting the growing security risks posed by advancing technology and cyber-attacks.
  7. Risk teams also have an affinity with finance and operations, helping to ensure business resilience and continuity through crisis. Risk leaders will be closely involved in business continuity planning and testing.
  8. Risk leaders can expect to input into client activity – including managing the risks involved in taking on new matters, dealing with client complaints/issues that may arise, and supporting partners across specific client projects.

Today’s risk function in law is critical to the successful legal business. As a risk leader, you can expect to be operating at all levels of the firm, providing both technical and commercial expertise to ensure not only your firm’s resilience, but its ability to seize opportunities as they arise. This is a fast-changing landscape: the best risk professionals are highly trusted advisors and business partners who make a real difference to leadership decision-making.


Contact us today if you would be interested in knowing more about Totum's opportunities for risk professionals in law.



Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.