A Formula One race car zoomed across the closing slide of a Deloitte partner’s risk management survey presentation, delivered to an audience of international bankers on December 11, 2007. “Risk is clearly assuming greater visibility in financial institutions,” the partner concluded, and the trend “is likely to continue.” He couldn’t have imagined how right he was.

Nor, apparently, could the 80 percent of finance executives who called their market and credit risk management “extremely” or “very” effective when polled by Deloitte in late 2006. Of course, they were already locked into a collision course, driving full throttle toward a wall.

“2008 was clearly a tail event,” says Janus Capital Group risk management chief Ashwin Alankar, a disciple of Myron Scholes. “It was a so-called black swan event that should have happened once every billion years or something, according to models of volatility, which we had focused on for decades in assessing risk.” One fundamental tenet went down, Alankar explains, and took another — the most sacred — with it. “Finance is rooted in the idea that you can get diversification by holding a variety of instruments. And in 2008 there was no umbrella to get under.” Conventional financial wisdom wasn’t all that wise, it turned out. The investment industry knew it needed new thinkers — and plenty of them. But from where?

Sourcing and securing risk management talent has only gotten harder since the industry learned what happens without enough of it. Among institutional allocators, perhaps no role is tougher to fill than the in-house investment risk guru. “Certainly there are more opportunities now than there were ten years ago,” says Guy Foutz, investment risk officer for the $29 billion Utah Retirement Systems. “It seems like it picked up post-2008, and perhaps a little before.” Foutz joined the Salt Lake City–based public pension in November 2009, after more than a decade with local life insurer Beneficial Financial Group. He rose from crunching life expectancies as an actuarial trainee to managing asset-liability flows and firm-wide enterprise risk — as direct a path to the institutional chief of risk seat as one will find.

Alankar got two chemical engineering degrees at MIT before transitioning to finance in time for a Ph.D. at the University of California, Berkeley. Harvard University endowment chief risk officer Jake Xia pursued both electrical engineering and computer science all the way to his doctorate at MIT, then pivoted to investment risk over a two-decade-plus career on Wall Street. He left a top job at Morgan Stanley for Harvard’s battered fund in 2013. When asked to name the most respected risk leaders on the asset-owning side, peers and insiders often mention Xia in the same breath as the University of Chicago’s Mike Edleson. His resume will by now sound familiar: MIT, Ph.D. (economics), and Wall Street, followed by a post-crisis hop to the buy side (2010).

“I have a Ph.D. in theoretical physics — and it’s a great BS filter,” says Helmsley Charitable Trust’s Christopher Rapcewicz (Cornell, Blackstone, 2013 arrival at the foundation). “Risk tends to be fairly quantitative,” he explains. “No asset manager is going to intimidate me with a model. I can ask dumb questions, because I’m not afraid of not understanding the math. It’s just a matter of moving through it.” Having a mathemagician in the investment office arms against sales tactics. In Rapcewicz’s experience as an allocator, “people try it no matter what,” he says. “If you don’t have that technical background, you’re potentially open to that kind of manipulation, or marketing.”

Deep quantitative skill remains the sole must-have for future institutional risk officers, according to members of this inaugural generation. “Get the background, then add the soft stuff,” Rapcewicz says. In other words, the profession has yet to quite professionalize. Meeting the strong demand for portfolio risk experts with an underdeveloped pipeline forces recruiters to get creative, says David Barrett. His firm, David Barrett Partners, has placed investment leaders at Harvard, the University of California, and the American Red Cross, among other prominent institutions, but finds CRO roles particularly challenging: “It’s not as cookie cutter in terms of where you’re going to find someone. These folks may be in academia, at macro hedge funds, funds-of-funds, sell-side banks, or the sovereign wealth funds and Canadian plans that are more developed. There is no typical path.” Barrett has active CRO searches for sovereign and nonprofit clients, and reports more are in the pipeline: “We’re seeing much more demand for this position. And it’s still very much evolving, especially on the asset-owner side.”

Two certifications have come to garner respect and marketability — financial risk manager (FRM) by the Global Association of Risk Professionals (GARP) and professional risk manager (PRM) by the Professional Risk Managers’ International Association (PRMIA). Starting around the crisis, according to Foutz, “people didn’t know where to look for these skills, but knew that they needed them.” And since few CIOs, CFOs, or trustees can personally verify candidates’ technical know-how, many find comfort in these third-party stamps of approval. “They are not absolutely necessary, but I think they tell an employer that someone has a foundation,” says Foutz, whose own resume includes the PRM, CFA, a bachelor’s in statistics, and three actuarial ribbons. “If junior professionals go out of their way to get the FRM or PRM, it shows their commitment.”

But do eyes glaze over when they talk work at a cocktail party? If so, back away. “The risk officer has to be able to communicate in normal terms,” Foutz says. “My background is actuarial. You learn pretty quickly that if you want to be part of the game, you have to be able to communicate to technical audiences and laymen alike.” To do this well, one must be both quant and diplomat, math nerd and culture czar — and not just say no to every potential opportunity. “We actually have to make money,” Rapcewicz says. “As an institution, not taking risk is a risk.”

But not taking it seriously — that’s the greatest risk of all.