Head of Risk

Job Description

Company Introduction

Job Responsibilities and Duties

• Design, implement, and maintain a comprehensive Risk Management Framework (RMF) aligned with MiCA, EMI, and MiFID regulatory requirements;
• Lead risk-related workstreams for licensing applications, including drafting and coordinating all risk sections within regulatory submissions;
• Serve as the primary liaison with regulatory authorities on all risk management matters;
• Ensure ongoing compliance with EU and local regulatory obligations, including governance, monitoring, and reporting requirements;
• Define and maintain the organisation’s risk taxonomy, risk appetite framework, and risk assessment methodologies;
• Identify, assess, monitor, and report on key risks across operational, financial, market, liquidity, technology, cybersecurity, and compliance areas;
• Develop and maintain risk dashboards, key risk indicators (KRIs), and regular reporting for senior management and the Board;
• Oversee incident management processes, including root-cause analysis, remediation planning, and tracking of corrective actions;
• Establish and enhance controls and processes for safeguarding customer funds, transaction monitoring, and operational resilience;
• Work closely with operations, technology, and product teams to embed effective risk controls into system design, with a particular focus on crypto-asset services and payments infrastructure;
• Lead business continuity planning, disaster recovery initiatives, and third-party risk management activities;
• Provide guidance and support to key governance forums, including executive, audit, risk, compliance, and internal audit committees;
• Foster a strong risk-aware culture through training initiatives, clear communication, and cross-functional collaboration;
• Deliver strategic risk insights to support business growth, product development, and market expansion initiatives;
• Support the development of fraud monitoring analytics to assist in identifying and mitigating fraud patterns and emerging risks.

Experience

• Minimum of 7 years’ experience in risk management within fintech, payments, crypto-asset services, or other regulated financial services environments;
• Hands-on experience with at least one of the following regulatory frameworks: MiCA, EMI, or MiFID; exposure to two or more is considered an advantage;
• Ability to be eligible for MFSA approval;
• Demonstrated experience in designing, implementing, or scaling risk management frameworks within startup or high-growth organisations;
• Proven experience engaging with regulatory authorities and contributing to licensing, authorisation, or ongoing supervisory processes;
• Strong working knowledge of Maltese and EU regulatory and governance frameworks, including DORA, PSD2/PSD3, MiCA, EMI, MiFID II, and EU AML / FATF directives, as well as EBA and ESMA guidelines;
• Good understanding of recognised enterprise risk management frameworks such as COSO ERM and ISO 31000;
• Familiarity with cybersecurity and information security standards, including ISO 27001, NIST, and related frameworks.

Personal Skills

• Strategic and forward-thinking, with the ability to convert regulatory requirements into practical and scalable operational frameworks;
• Demonstrate strong leadership presence, with the confidence to challenge assumptions, influence decisions, and guide senior stakeholders effectively;
• Excellent analytical and problem-solving capabilities, supported by a structured and methodical approach;
• Comfortable working in ambiguous environments and building risk frameworks from the ground up;
• Highly effective communicator, both verbally and in writing, able to present clear and concise risk insights to executive and board-level stakeholders;
• Upholds the highest standards of integrity, sound judgement, and professional ethics, with a proactive and accountable mindset;
• Collaborative and hands-on, with the flexibility to thrive in a fast-paced, high-growth startup environment.