Mercuryo
Head of Risk and Regulatory Compliance
NEWJob Description
[AI-summarized by JobStash]
You will lead the establishment and maintenance of the risk management and regulatory compliance framework for the Croatian entity. You will identify, assess, and monitor operational, regulatory, ICT and cybersecurity, third-party, outsourcing, and financial crime risks. You will develop risk appetite and monitoring processes, prepare regular risk reports and dashboards, and ensure compliance with MiCA, DORA, and EU AML/CFT rules. You will support CASP authorisation and regulatory supervision, oversee ICT third-party risk and outsourcing registers, classify and escalate ICT incidents, support resilience testing and operational continuity planning, draft and maintain governance and compliance documentation, perform due diligence on service providers, and act as the primary liaison with regulatory authorities for inspections, audits, and reporting.
Requirements
- āBachelor's or Master's degree in Law Finance Risk Management Economics or related discipline
- ā7+ years experience in risk management compliance or regulatory roles
- āExperience in regulated financial institutions fintech or crypto-asset businesses
- āFamiliarity with EU financial services regulation including MiFID MiCA DORA and AML frameworks
- āExperience interacting with regulatory authorities
- āRelevant certifications are advantageous
- āExpertise in enterprise risk management and compliance governance
- āExperience managing outsourcing and third-party risk
- āStrong analytical and problem-solving capabilities
- āExcellent policy drafting and regulatory interpretation skills
- āStrong communication and stakeholder management abilities
- āWillingness to undergo mandatory Fit & Proper pre-assessment and meet Annex II Skills and ESMA Fit & Proper guidelines for CASPs
- āPreferably previous Fit & Proper approval experience
Responsibilities
- āEstablish and maintain the risk management framework
- āIdentify assess and monitor operational regulatory ICT cybersecurity third-party outsourcing and financial crime risks
- āDevelop and maintain the risk appetite framework and risk monitoring processes
- āPrepare regular risk reports and dashboards for senior management and the Board
- āEnsure compliance with MiCA DORA and EU AML/CFT frameworks and Croatian financial services regulation
- āMonitor regulatory developments and update internal policies accordingly
- āMaintain and oversee the regulatory compliance programme
- āProvide guidance to management and internal teams on regulatory obligations
- āSupport CASP authorisation ongoing regulatory supervision and regulatory reporting
- āSupport implementation and oversight of the DORA framework and ICT risk management
- āOversee ICT third-party risk management maintain the register of ICT service providers and monitor service provider performance
- āEnsure ICT incidents are classified escalated and reported appropriately
- āSupport resilience testing and operational continuity planning
- āMaintain oversight of outsourcing arrangements ensure compliance with EBA outsourcing guidelines
- āPerform due diligence and risk assessments for new service providers
- āDevelop and maintain key governance documents including risk policies compliance policies and internal control frameworks
- āProvide risk and compliance input to new products partnerships and operational processes
- āAct as primary liaison with regulatory authorities coordinate inspections and supervisory reviews
- āSupport internal and external audits related to risk and compliance
Benefits & Perks
- āPerformance-based incentives
- ā22 days annual leave plus 6 company days and bank holidays
- āComprehensive health insurance plans
- āExtensive benefits program
- āFlexible work schedule and remote work options
- āProfessional development and training opportunities