This guide is for hiring teams: VPs, heads of talent, COOs, and line-of-business leads who need to fill an insurance risk manager role and want to do it right the first time. You'll find copy-paste JD templates, 2026 salary ranges, the certifications that actually matter, and interview questions that separate good candidates from great ones.

What an insurance risk manager actually does.

An insurance risk manager sits at the intersection of underwriting, actuarial, compliance, and operations. The job is to identify exposures that could hurt the business, price them correctly, transfer what makes sense to reinsurers, and retain what the company can carry. That sounds tidy on paper. In practice it means making judgment calls with incomplete data under time pressure.

At a carrier, the role tends to focus on portfolio-level risk: aggregate exposure across lines, catastrophe modeling, reinsurance program design. At a corporate (a non-insurance company managing its own risk), the focus shifts to buying the right coverage, managing captives, and keeping self-insured retentions calibrated to the balance sheet. Both versions require the same core skill: knowing what a risk costs before it happens.

$95K-185K
2026 US salary range
72h
JobCompass shortlist for this level
12%
Flat placement fee, no retainer

What this role does day-to-day.

Day-to-day varies by seniority and employer type, but there are a few things every insurance risk manager does repeatedly.

Risk identification and assessment. Walking business units through their exposures, scoring them by frequency and severity, and deciding what the company needs to do about each one. This involves a lot of stakeholder interviews, loss run analysis, and some uncomfortable conversations about things people would rather not think about.

Insurance program management. Renewing the company's coverage portfolio, working with brokers, negotiating terms, and making sure the limits and retentions still make sense given changes to the business. A $10M property limit that was fine 3 years ago may be badly underinsured after an acquisition.

Catastrophe and scenario modeling. Using tools like AIR Worldwide, RMS, or Verisk to model tail-risk scenarios. This is where technical depth matters. Someone who can interpret a 1-in-250-year PML figure and translate it for a CFO is worth considerably more than someone who just runs the numbers.

Claims oversight. Working with claims teams on large or unusual losses, helping with coverage analysis, and making sure reserves are appropriate. Good risk managers stay close to claims because that's where you find out whether your risk assessment was actually right.

Reporting and governance. Preparing risk committee materials, board updates, and regulatory filings. At public companies this includes Sarbanes-Oxley-adjacent work and, increasingly, TCFD climate risk disclosures.

Key responsibilities.

  • Design and manage the enterprise risk management (ERM) framework across all business lines.
  • Own the annual insurance renewal process: submissions, broker management, terms negotiation, binding.
  • Run loss run analysis and trend reporting to surface emerging exposures early.
  • Model catastrophe scenarios and maintain aggregate PML positions within board-approved tolerances.
  • Manage captive insurance entities or self-insured retention programs where applicable.
  • Coordinate with legal, finance, and operations on contract risk review and indemnification language.
  • Prepare risk committee and board-level reporting on a quarterly and ad-hoc basis.
  • Oversee claims management for complex or high-value losses, including coverage advocacy.
  • Monitor regulatory developments (NAIC, state DOI, SEC climate disclosure rules) and update programs accordingly.
  • Mentor junior risk analysts and build team capability over time.

Skills and qualifications by seniority.

Associate risk manager (0-3 years). This person is learning the job. They can run loss runs, prepare renewal submissions, manage broker data requests, and handle routine coverage questions. What they can't do yet is design a reinsurance program or tell a CFO the company is underinsured. Look for intellectual curiosity, attention to detail, and the ability to read a policy form and find the exclusion that matters.

Risk manager (3-7 years). The core hire. They own the insurance program day-to-day, run renewals with minimal oversight, and can independently assess a new exposure and recommend a treatment strategy. They should have at least one catastrophe-prone line of business under their belt (property, cyber, directors and officers) and experience working directly with underwriters, not just brokers.

Senior/Director of risk management (7+ years). Strategy, governance, and executive influence. This person designs the ERM framework, presents to the board, and makes the case for capital allocation decisions tied to risk tolerance. They've probably managed a significant loss event from first notice through final settlement and lived to tell about it. Captive management experience is a genuine differentiator at this level.

Skills by level
  • Associate Loss run analysis, policy review, broker coordination, Excel/data management
  • Manager Program design, catastrophe modeling, reinsurance basics, claims oversight
  • Senior/Director ERM frameworks, captive management, board reporting, regulatory strategy

Tools and certifications that matter.

Certifications. The Associate in Risk Management (ARM) from The Institutes is the standard entry credential. The Chartered Property Casualty Underwriter (CPCU) carries more weight at senior levels because it signals deep technical knowledge of coverage forms and underwriting. For ERM-focused roles, the Risk Management Society's RIMS-CRMP designation is gaining traction. If the role touches financial risk or capital management, a CFA or FRM can set a candidate apart.

Catastrophe modeling platforms. RMS RiskLink, AIR Touchstone, and Verisk Respond are the big 3. Proficiency in at least one is expected for any property-heavy role. Don't require all 3; candidates who know one can learn the others.

ERM and GRC software. LogicManager, Riskonnect, and SAP GRC come up most often. These matter more at larger companies with formal ERM programs. At a Series B insurtech, they're probably using Notion and spreadsheets.

Data tools. SQL for loss data queries, Excel at an advanced level (pivot tables, power query), and increasingly Power BI or Tableau for board reporting. Python is a genuine plus at the senior level for modeling automation.

The CPCU designation takes 3-5 years to complete and tells you something important: this person sticks with hard things.

Salary benchmarks as of 2026.

These are US ranges based on market data as of 2026. Geography matters a lot here: New York, Chicago, and San Francisco command 15-25% premiums over the national median. Carrier roles tend to pay slightly more than corporate risk roles at equivalent seniority, and specialty lines (cyber, D&O, cat property) command more than standard commercial.

Level Experience Base salary (US, 2026) Total comp (with bonus)
Associate risk manager 0-3 years $75,000 - $95,000 $80,000 - $110,000
Risk manager 3-7 years $105,000 - $140,000 $120,000 - $165,000
Senior risk manager 7-12 years $145,000 - $170,000 $170,000 - $210,000
Director of risk management 12+ years $165,000 - $185,000+ $200,000 - $260,000+

Bonuses at carriers typically run 10-20% of base for managers and 20-35% at director level. Corporate risk roles tend toward 10-15% regardless of level. If you're competing with a broker on comp, note that brokers often pay lower base but much higher variable once a book of business matures.

Career path.

Most insurance risk managers start in one of 3 places: underwriting, claims, or actuarial. Each entry point shapes how they think. Underwriters tend to be commercial and relationship-focused. Claims-background managers are forensic and detail-oriented. Actuarial converts are quantitative and model-heavy. The best senior candidates have touched at least 2 of those functions during their career.

A typical path looks like: Risk Analyst (1-2 years) to Associate Risk Manager (2-4 years) to Risk Manager (3-5 years) to Senior Risk Manager or Director (5+ years) to VP/Chief Risk Officer. The VP/CRO jump usually requires either a major loss event you managed well or an ERM build-out you can point to as yours.

Lateral moves into consulting (Marsh, Aon, WTW) and back into corporate are common and generally respected. Consulting accelerates exposure to different industries and risk types; corporate gives you the depth of owning one program for years. Both have value.

How to write the job description.

The most common mistake in insurance risk manager JDs is listing every possible responsibility and credential, then wondering why you're getting applications from people who match on paper but not in practice. Be specific about what this role owns, what it doesn't own, and what success looks like in year 1.

A few things that help: name the lines of business this person will manage (property, cyber, GL, D&O). Specify whether they'll manage a team or work independently. State whether the role reports to the CFO, General Counsel, or a Chief Risk Officer. And be honest about the maturity of the program. "You'll be building this from scratch" attracts a different person than "you'll be inheriting an established ERM framework."

Below is a copy-paste template for a mid-level hire. Adjust the specifics to your situation.

Copy-paste JD template: risk manager (3-7 years)

Risk manager

About the role. We're looking for a risk manager to own our corporate insurance program and ERM framework. You'll report to the CFO and work closely with legal, finance, and operations. This is a hands-on role: you'll manage renewals, oversee claims, and build the analytical infrastructure we currently don't have. The program covers property, GL, cyber, and D&O across 3 US jurisdictions.

What you'll do.

  • Own the annual renewal cycle end-to-end: submissions, broker coordination, underwriter negotiations, binding.
  • Maintain and improve our ERM register, scoring exposures by likelihood and severity on a quarterly basis.
  • Run loss trend analysis and present findings to the risk committee twice a year.
  • Review material contracts for risk and indemnification language; advise legal on coverage gaps.
  • Manage complex claims with outside counsel and coverage counsel as needed.
  • Monitor NAIC and state regulatory developments affecting our coverage obligations.

What you bring.

  • 4-6 years in risk management, underwriting, or a related function at an insurer, broker, or corporate risk department.
  • ARM designation (CPCU preferred or in progress).
  • Hands-on experience managing at least one complex line: cyber, D&O, or property cat.
  • Comfortable reading policy forms and identifying coverage issues without relying solely on broker guidance.
  • Strong written communication: you'll be preparing board materials.

Compensation. Base $115,000-$135,000 depending on experience, plus 12-15% annual bonus and full benefits.

How to hire one.

Insurance risk management is a small world. The people who are good at it tend to know each other, and the best candidates are rarely actively job hunting. That matters for sourcing strategy.

Post the role on RIMS job board and LinkedIn. RIMS members skew senior and credentialed. LinkedIn works for volume but you'll need to do active outreach to passive candidates to get the top tier. The CPCU Society's job board is worth trying for more technical roles.

For interviews, run 3 rounds: a screening call focused on program ownership and technical depth, a case study (give them a real loss run and ask them to walk you through their findings), and a stakeholder interview with the CFO or relevant business leader. The case study is the differentiator. Anyone can talk about risk management. Fewer people can sit down with messy claims data and tell you what it means.

Reference checks for this role should specifically ask about how the candidate handled a bad loss year, whether they pushed back on broker recommendations, and how they communicated with non-insurance executives. That last one is where a lot of otherwise qualified candidates fall short.

If you'd rather we handle the sourcing and screening, our insurance risk manager recruiting page covers how we work and what a 72-hour shortlist looks like in practice.

Frequently asked questions.

What's the difference between a risk manager and an underwriter?

An underwriter works for an insurance carrier and decides whether to accept a risk and at what price. A risk manager typically works for a company buying insurance (or for a carrier managing its own enterprise risk) and decides what risks to transfer, retain, or mitigate. The skill sets overlap in technical areas like policy analysis and loss modeling, but the commercial orientation differs significantly.

Is the ARM or CPCU more important for this role?

ARM is the right credential to require for mid-level hires. It's achievable in 1-2 years and covers the core risk management competencies. CPCU is deeper and broader, and takes most people 3-5 years to complete. At senior and director levels, CPCU (or being actively enrolled) is worth requiring because it signals technical seriousness. For an associate hire, ARM in progress is fine.

Do we need someone with insurance carrier experience, or will corporate risk work?

It depends on what you need them to do. For a corporate risk role focused on buying coverage and managing programs, corporate risk experience translates well. If the role involves sophisticated reinsurance structuring, captive management, or deep underwriting analytics, carrier or broker experience tends to produce better results. When in doubt, ask candidates to walk you through the most complex coverage negotiation they've managed. The answer tells you more than the resume.

How long does it typically take to fill this role?

On average, 8-14 weeks when hiring independently. The search is slow because qualified candidates are mostly passive and the pool is concentrated in specific markets (New York, Chicago, Hartford, Atlanta). Working with a specialist recruiter typically cuts that to 3-5 weeks from brief to accepted offer. We deliver a first shortlist within 72 hours of taking a brief.

What does a strong risk manager case study look like?

Give the candidate 5 years of loss runs across 2-3 lines of business and ask them to identify trends, flag any coverage concerns, and recommend program changes for the next renewal. Strong candidates will spot frequency increases in specific loss categories, question whether the current limits reflect current exposure values, and propose a concrete change (not just "we should review this"). Weaker candidates will describe the data back to you without drawing conclusions.

What's a fair bonus structure for this role?

For a mid-level risk manager at a corporate, 10-15% of base is standard. At a carrier, 15-25% is common at the manager level and can reach 30-35% at director. Bonuses in risk management are typically discretionary rather than formula-based, tied to individual performance ratings and company results. If your bonus structure is purely discretionary with no clear criteria, say so upfront: candidates will ask, and vague answers lose offers.

When should a startup or insurtech hire their first risk manager?

Usually around Series B, when the business is signing contracts with meaningful indemnification obligations, has real property or technology assets to protect, and faces D&O exposure from institutional investors. Earlier than that, the CFO or General Counsel typically handles it. Waiting too long is the bigger risk: one uninsured or underinsured loss can cost more than 5 years of a risk manager's salary.