Asking questions, really listening to the answers and learning all the time – this is what defines a great risk manager, RMIA’s CEO and company secretary Simon Levy tells Trevor Treharne.

In the face of the litany of challenges and growing crises businesses must manage, education and knowledge exchange may be the risk manager’s most valuable weapons.

However, in a profession that is often characterised by small teams or even risk managers working in isolation, finding peers with whom you can share your ideas and best practices is not always easy.

Simon_Levy_Bio_Pic_with background

This is where risk management associations come in. In Australia, which has seen stringent COVID restrictions and a hefty regulatory environment in recent years, the Risk Management Institute of Australasia (RMIA) is focused on meeting the risk manager’s need for education and for a community of like-minded professionals.

The association’s CEO and company secretary, Simon Levy, brings his over two decades of risk management experience to help deliver this learning to its risk managers. But, like so many in the risk industry, his education in risk and leadership began in a completely different professional environment.


“I graduated from university 25 years ago with a science degree. My first role was working in a meat processing plant – think early mornings, a cold environment and a really tough culture,” says Levy.

“It was in that role where I learned that you need to have a work ethic. I took that work ethic overseas and for 10 years worked in aviation catering, based out of Heathrow in the UK.”

Levy says this was a transformative role for him. The organisation had 30 employees when Levy started and 750 when he left. “There was an energy, drive and entrepreneurial spirit in that organisation and I learned a lot of risk management lessons.”

He then returned to Australia in 2010 to enter the risk fray at Scentre Group, the owner and operator of Westfield in Australia and New Zealand, as risk and security manager.

“There was an energy, drive and entrepreneurial spirit in that organisation and I learned a lot of risk management lessons.”

“Working across the shopping centres, my major leadership lesson was leading from the front and espousing the values of the organisation. It was about having the absolute clarity that the organisation’s leaders were acting in a way that aligns back to its strategy, culture and values.”

Levy then moved onto Australian Unity, a large health insurance company, as enterprise risk manager.

“It was an interesting experience because at the time, no one actually used the word ‘risk’ when engaging with any part of the business.

“It was always framed as ‘tell me about your job?’, ‘what can go wrong?’ or ‘how can I help?’” Levy says. “It was about engaging frontline staff in a way to ensure that they did not shut down during such discussions.”

From there, Levy worked in consulting before his role at RMIA expanded from president of the Victoria chapter in 2016, to joining the board of directors in 2018 and eventually becoming CEO in March 2021.


“As CEO of RMIA, I have looked to combine the leadership lessons from across my career. During my time, we have increased our membership by 50% by doubling down on the activities that matter most for the careers of a risk professional,” says Levy.

“For the last three years, we have invested back into the business, more than doubling our education services. We launched our on-demand learning management system in 2023 and can now offer training that is either face-to-face, live, or on-demand. Everything we do is designed to meet the needs of the risk profession, [which] needs a strong risk association supporting it and vice-versa.”

“As CEO of RMIA, I have looked to combine the leadership lessons from across my career.”

The organisation completed a research study into the profession of risk management last year. “We asked what people’s top three risks were now and then five years into the future. Not surprising, cyber and economic uncertainty were big issues. Geopolitical risks also came through very heavily,” he says.

“We also ran a LinkedIn poll recently, where we asked what’s at the top of the agenda for risk professionals in the next 12 to 24 months. Two clear themes came through. One was upskilling the non-risk professionals within the organisation and the second was risk professionals wanting to upskill themselves.”

Levy adds that the risk management industry is quickly learning about the importance of lifelong learning. That can cover everything from the fundamentals of doing the job to planning and strategising for some of the upcoming regulatory changes.


When discussing what makes a good leader, Levy insists that it takes humility and the ability to demonstrate that within the role.

“You have to keep learning and above everything else, you have to be curious, you have to be able to ask questions and do so in the right way. As a risk manager, you need to be able collect up organisational information by talking to everybody across the enterprise,” he says.

“You have to be curious, you have to be able to ask questions and do so in the right way.” 

“That then needs to be placed into bite-sized chunks so that decision-makers can make a call based on that information.”

Levy said that to achieve this, risk managers need to understand the strategy of the business, the language of the business and the direction that the business is going in.

“Your role as a risk professional is to help reduce the uncertainty of those decisions. That’s very different from compliance, insurance, or governance. This is purely a forward-looking type role that needs to utilise strategic foresight. And ultimately that’s what risk is about.”


Since starting his career over two decades ago, Levy has managed risk through intense upheaval and a dramatically changing the risk landscape — from 9/11 to COVID-19, war returning to Europe and further geopolitical tensions. 

“It’s remarkable how much has happened since I started my career. You do not even need to go back 20 years, just go back three years. So much has changed in terms of what boards talk about,” he says.

“The pandemic elevated risk management into that boardroom psyche. There was a focus on business continuity and the operational stresses of dispersed workforces, which led to people risk, while supply chains were also challenged and stretched.”

“The pandemic elevated risk management into that boardroom psyche.”

Levy adds that over the past three years, ESG has truly risen in importance. “If you go back 20 years, climate issues were known as corporate social responsibility or ethical decision-making, but those concepts have been rebadged. In the last three years, the regulatory environment has become much tighter. If you’re a listed organisation, greenwashing and shareholder activism has very much come to the forefront.”

“Cyber, AI and data… are all major risk management themes that are going to push the capabilities and the competency of organisations’ boards and risk professionals.”


When it comes to Levy’s overall risk philosophy, he insists that knowledge of the key elements of the business is vital.

“Risk managers need to ask: What are the critical functions? What’s the strategy? Where’s the organisation trying to go to? What do we need to get right? What can go wrong? What’s missing from what we’re doing?” he explains.

“The onus for the risk professional is to spend more time talking to people engaging with the business, as opposed to getting a perfectly worded risk register.”

“By repeating those questions, it creates consistency. Whether you are dealing with the c-suite or front-line teams. Everybody has a role to play, and the more you ask questions, the more you will learn. At their core, the majority of people take pride in what they do and are trying to do a good job. They are trying to do the right thing.

“The onus for the risk professional is to spend more time talking to people engaging with the business, as opposed to getting a perfectly worded risk register. That’s the best way that information can be used to help inform decision-makers.

“However, you are not going to be able to perform risk management unless you are out there talking and engaging with the business,” says Levy. 


When asked about bringing the next generation of risk managers through, Levy says one of the key elements is simplicity.

“There is enough complexity in risk management already, with frameworks, risk appetite, ethics and so on. Instead, it should be about taking aspects back to the root cause of what the organisation is trying to achieve,” he explains.

“Risk management now has a seat at the c-suite table. We need to keep adding value to stay there. Getting that seat was a prize, but the challenge now is keeping it. To achieve that, we need to add value, keep things simple and maintain our relevance.”

He concludes: “I remember being asked early in my career: Where’s the proof? What are other organisations doing? How do we compare and what would we benchmark? You need to have those elements to have a risk-based conversation within an organisation.”