Chat with us, powered by LiveChat

Security Risk Management

Industry / Jobs / Qualifications

The Security Risk Management (SRM) sector is expanding rapidly as demand from both government and private enterprise grows. So too is the range of roles available within this industry. At one end of the spectrum there will always be straight forward security guard and personal protection roles, however increasingly security and risk careers have evolved into the realm of data protection and corporate IP security, with opportunities both domestically and internationally.

Property Casualty 360 says, “In many ways, the news story of 2018 was security. From social media privacy and data breaches to active assailants and nuclear threats, the country has been engrossed in conversations about safety and security risks.”

What this means from an employment point of view is ever increasing opportunities to enter the industry, move up the rungs, or move sideways into a completely new career, utilising your same skillset. Security Risk Management careers represent a prime civilian industry for ex-military and ex-police personnel. However it is also an industry that values a wide range of life and work experience, particularly business skills. We offer Security Risk Management qualifications attained through Recognition of Prior learning (RPL) at a range of levels to meet the entry requirements for SRM roles at a variety of advisory and management positions.

Our SRM qualifications include:

Find out if you have RPL eligibility for these qualifications by filling in the form on this page.

In this report you will find:

  • Industry Snapshot
  • Emerging Trends
  • SRM Careers
  • Responsibilities & Skills
  • Qualifications and RPL
  • Certificate IV SRM Explained
  • Diploma SRM Explained
  • Case studies
  • Complementary Qualifications

SRM Industry Snapshot

In Australia, SRM is a $4.5 billion industry, with about half of that representing wages. Gone are the days that security and risk management was essentially a close personal protection job. Now, there is a focus on protecting industries and businesses, not just protecting individual people. According to the Australian Security Industry Association Ltd (ASIAL)… “The industry employs over 170,000 personnel nationally and most of those are employed in two broad groups:

  1. Manpower roles include bodyguard, crowd controller, gatekeeper, mobile patrol guard, security agent, security officer, loss prevention officer, concierge, etc.
  2. Technician roles include security systems installers who fit and repair security systems in homes and businesses, control room operators monitoring alarm systems, or network administrators operating vast security systems.There are also roles as a private investigator, security adviser or risk assessor.”

There is a rise in security and risk management opportunities in the mining sector. Mining information and training site iMINCO states:

“Safety and security of plant, equipment and personnel are top priorities for Australian mining companies, given the high-risk nature of the industry and the public interest mining activities attract. Having the appropriate strategies in place to protect the mining company’s workforce, assets and reputation is critical to the ongoing success of mining operations.”

There are also security and risk management opportunities internationally. Governments and NGOs all around the world employ private security companies – with ex-defence from Australia featuring prominently in these companies.

It is a cheaper, more politically sensitive and readily mobilised option than placing regular armed services in multiple locations around the world. With security jobs currently outstripping police numbers, and an ever increasing range of security roles available, now is a great time to consider a career in SRM. Perhaps the biggest growth sector for SRM positions is the world of cyber security.

Emerging Trends in Security Risk Management

As a by-product of increasing globalisation and reliance on technology, demand for SRM is growing, and so too are employment opportunities. Here is a summary of the biggest trends in the SRM industry right now…

  • Terrorism – including cyber terrorism
  • Health sector – increasing security risks driven by drugs and alcohol. Synthetic drugs are highlighted by police specialising in drugs.
  • Data security – firms and consultants specialising in IT security are in ever increasing demand to prevent data breaches, system hacks and develop sophisticated encryption algorithms.
  • Security Tech – SRM firms and consultants are using an expanding array of technological solutions to support their work, from drones and robots to advanced security systems.

Taken together, these trends mean the security workforce is changing. At one time, many security professionals had a background in law enforcement or the military. Now, they are increasingly being drawn from IT companies, the FBI and other specialised agencies. Because experience and training go a long way towards effective security risk management, these changes are important to keep an eye on in 2019.

Security Risk Management Careers

Risk management careers play an important role in any organisation, and are a big contributor to an organisation’s overall success. Following is a list of actual SRM careers that range from entry level for those just starting out, to options for advancement and diversification for those with strong skills and experience. You will find a very useful ‘day in the life of’ interview for each of these careers on the Institute of Risk Management website. (We’ve included a snippet of what each person enjoyed most about their job.)

A look at Seek indicates strong growth in the area of cyber SRM roles:
  • Cyber Security Compliance & Risk Manager
  • Manager ICT Governance, Security & Risk
  • Cyber Security Risk Specialist
  • Security Risk and Compliance Specialist
  • Technology & Security Risk Analyst
  • Strategy and Risk Director
  • Senior Risk and Cyber Security Specialist
  • Security Consultant
  • Technology, Cyber Strategy and Risk Director
  • Security Architect
  • Security Specialist – Governance & Risk
  • Lead Implementor – Information Security Management System
  • Senior Risk and Cyber Security Specialist
  • Cyber Security Risk, Compliance and Governance
  • IT Risk Cyber Security Manager
Military to Civilian Risk Management

And here is an interview with Alastair who transitioned from a 16 year military career with RAF, into a SRM role. Alastair had some great skills from his defence career that were directly transferrable to his new risk career:

  • Enterprise risk management
  • Risk management
  • Information governance
  • Programme/project risk
  • Training

SRM Responsibilities & Skills

Responsibilities for Risk Management Professionals include:
  • Establishing and monitor key risk indicators/factors, as well as developing and then executing plans designed to mitigate risks
  • Analysing transactions, internal reports and financial information to identify potential fraud risks – which traditionally had been financial fraud, but can be fraudulent identities, and intellectual property issues as well
  • Maintain current reports addressing and rating risks, aligned with recommendations to respond to potential or real risks
  • Policy and procedure creation
  • Evaluating how effective an organisation’s internal control frameworks are in managing risks and still advancing the company’s goals and objectives
  • Ongoing education for management and employees, as well as technical support, around risk management strategies and programs
Common technical skills to deliver on in a SRM role:
  • Starts with identifying direct and indirect risks that can impact your organisation/client
  • Applying a Risk Management model – a common one is the prevention, preparedness, response and recovery (PPRR) model – which has been used by emergency response in Australia for a very long time and represents a comprehensive approach to risk management.
  • Developing a business continuity plan
  • Preparing a risk management plan and a business impact analysis
  • Preparing an incident response plan
  • Developing a recovery plan (information relating to planning for recovery as well as the resumption of critical business activities after a crisis has occurred, including anticipated timeframes to get back to business as usual)
  • Cybersecurity – including protections from cyber crimes
  • Protecting IT and data systems
  • Protecting assets and premises
  • Managing physical hazards in the workplace
  • Managing financial downturns
  • Keeping your workplace safe – human resources, bullying, harassment claims as well as physical safety of staff
  • Protecting reputations – including conducting due diligence, protection from scams
There are a consistent set of soft skills required in SRM roles:

For example, in many roles, there are high standards of communication required in report preparation and influencing/negotiating with stakeholders. You would also be expected to have:

  • Communication skills – Interpersonal skills, reporting skills
  • Analytical skills – Ability to analyse and advise on data and events
  • Attention to detail – Ability to follow procedures and take in information
  • Initiative and enterprise – Adapt to change, develop better systems
  • Commercial acumen – Especially ability to look at broader business implications
  • Planning and organisational skills – Coordinate responses, manage and plan
  • Self Management – Adhere to procedures, prioritise, time manage
  • Learning – Develop, implement and monitor development plans

SRM Qualifications & Recognition of Prior Learning

In this section we give you an explanation of each of our Security Risk Management qualifications, and examples of position titles relevant to each.

What is the Certificate IV in Security Risk Management about?

This is a standard level of training for security risk officers. It is comprised of 11 core (compulsory) units, plus four elective units of competency (which allows some range to match your experience or interests to particular units).

There are no pre-requisites to enrol in the Certificate IV in Security Risk Management. The core units put a focus on the fundamentals of Security Risk Management responsibilities: starting with the importance of establishing effective workplace relationships, managing a safe workplace, implementing effective communication techniques, assessing risks, advising security needs, monitoring security operations and facilitating workplace briefing and debriefing processes.

Elective units build on core units according to the direction you want to take your qualification. Directions include customer service, financial activity, technology, small business, security equipment, investigations, network security and biometrics.

Examples of Position Titles relevant to Certificate IV level work:
  • Security System Installer
  • Security Provider
  • Security Coordinator
  • Investigations Coordinator
  • Biometrics Security Consultant
Case Studies

Wondering how others have used a Certificate IV in Security and Risk Management to get ahead in their careers?

MUHAMMAD – Started his own security business Security RPL Story Muhammad combined a passion for people, a background in IT and a Certificate IV in Security Risk Management to start his own security business.
Read Muhammad’s story here



What is the Diploma of Security Risk Management About?

The role of a Risk Manager sits at a Diploma level, as a general rule. Risk Managers are responsible for communicating risk policies and the overall policies and procedures for an organisation that minimise and manage risks. This includes development of risk models, monitoring and improving controls to ensure there is effective risk management at an operational and strategic level.

To achieve these outcomes, a Risk Manager is going to need to ensure extensive and appropriate research and quantitative and qualitative analysis has occurred. Risk Managers must have the business skills to communicate effectively through a range of reports, negotiations and educational presentations, balanced with savvy business and operational knowledge.

To complete the Diploma of Security Risk Management through Recognition of Prior Learning (RPL), you need to demonstrate at least two years experience in:

  • Establishing and maintaining an occupational health and safety system
  • Coordinating security operations
  • Assessing security risk management options
  • Ensuring team effectiveness in a security/risk management environment

The Diploma of Security Risk Management has 12 units of competency, seven of which are core (or mandatory) units, and five elective units of competency. The core units address skills and knowledge in these areas:

  • Establish and maintain an occupational health and safety system
  • Coordinate security operations
  • Assess security risk management options
  • Manage quality customer service and people performance
  • Manage personal priorities, professional development and team effectiveness

As with the Certificate IV, elective units can be chosen according to the direction you want to take your SRM career – be that risk management, biometrics, financial security, network security or business, marketing and HR management.

2.2 Examples of Position Titles relevant to Diploma level work:
  • Security and Risk Manager
  • Security Advisor
  • Risk Consultant (Security)
  • Investigations Manager
Case Studies

Wondering how others have used a Diploma of Security Risk Management to get ahead in their careers?

Glenn Upson Case StudyGLENN – War zones to celebrity personal protection 
From protecting ambassadors in the war zones of Iraq and Afghanistan, to managing security for the Australian Cricket Team, Gold Coast Commonwealth Games and global celebrities, Glenn Upson is a great example of the opportunities available in the Security Risk Management Industry.
Read Glenn’s story here  


Derek Keir: Dream job with RPLDEREK – Landed his dream job after 70 knock backs
Before converting his 27 year military career with RAAF into nationally recognised qualifications through RPL, Derek had applied for close to 70 jobs and been knocked back for all of them. Then he landed his dream job!
Read Derek’s story here  


KEN – Transitioned from the Military into a Civilian Career Kenneth Carter
After 30 years of military service, Ken was medically discharged. He used RPL to convert his defence career into nationally recognised qualifications including a Diploma of Security and Risk Management. Ken’s qualifications helped him to move into a satisfying civilian role.
Read Ken’s story here


Using RPL qualifications as credit towards university studies

Many people who have gained qualifications with Churchill Education have used them to gain credit towards further education, including Bachelor degrees or Masters at university. All nationally recognised qualifications can be used for credit transfer. Most universities state that the amount of credit granted depends on the specific application of an individual.

What Other Qualifications Complement a SRM career?

Security Risk Management is a career path that is best built on the back of another career and this is why: it builds on life experience, and the ability to think about not just the risks right in front of you but the risks that are emerging as society, business and technology changes.

Yes, it requires some strong analytical abilities but it also needs to be practical and form part of the bigger picture for what success looks like for an organisation. At the managerial level you need to be a business thinker first, and a risk manager second, which makes a professional background in business or organisational operations a strength.

In preparing this report, we spent considerable time reviewing online job advertisements and position descriptions to see what other skills and qualifications employers are looking for.

The specialist complementary skills and qualifications we often found mentioned were:

  • Leadership and Management skills
  • Incident Investigation qualifications
  • Work Health Safety qualifications
  • Quality Auditing qualifications
  • Human Resources qualifications

From there, it helps to align the qualifications to a similar level that sits with your Security Risk Management qualification.

Certificate IV Level

If you are at Certificate IV level in Security Risk Management, then you could consider adding some academic recognition of your skills and knowledge in one or more of the following qualifications:

For SRM positions in business and people management
For SRM positions requiring specialist / technical skills
Diploma Level

If you are at Diploma level in Security Risk Management then you could consider adding some academic recognition of your skills and knowledge in one or more of the following qualifications:

For WHS positions in business and people management
For WHS positions requiring specialist / technical skills


We hope you found our SRM Industry Report helpful.

If you still have questions, or would like to find out what qualifications you might be eligible for through RPL, fill in the form on this page, or:
Call: 1300 793 002



  • ASIAL, Security careers and training, accessed 13 February 2019, <>.
  • Bronwyn, T 2019, 4 trends to watch in security risk management, Property Casualty 360, accessed 13 February 2019, <>.
  • Brown, J 2014, Guns for hire, accessed 13 February 2019, <>
  • iMINCO, Mining security jobs on the rise in Australia, accessed 13 February 2019, <>
  • Institute of Risk Management, Risk Management Careers, accessed 13 February 2019, <>
  • Seek, Security Risk Management Jobs, accessed 20 March 2019, <>.



Security Risk Management Report

Find out what you’re eligible for:

  • Want us to get started on your assessment? Upload your CV.
    Drop files here or

Security Risk Management Qualifications

Certificate IV Security and Risk Management

Diploma of Security and Risk Management