Chief Risk Officer and Head of Information Security - Crypto Location: LuxembourgAbout Our Client Our client is a leading, regulated cryptocurrency exchange operating across Asia, Europe and the United States. The firm is licensed in multiple major jurisdictions and is a financial institution authorised by the Luxembourg Ministry of Finance and regulated by the CSSF in Luxembourg. As a Luxembourg-based entity registered as a Virtual Asset Service Provider (VASP), the company operates at the forefront of digital asset regulation and innovation. The organisation combines strong governance standards with a dynamic, international culture and a deep commitment to blockchain and digital asset technology.About the Role Our client is seeking an Authorised Manager primarily responsible for Risk Management, Internal Control and Information Security. The role is based in Luxembourg and forms part of the firm's senior management. The Authorised Manager will be accountable for the design, implementation, oversight and effectiveness of the firm's risk management framework, internal control system and ICT / information security governance, in line with MiCA/MiFID requirements and applicable EU regulations, including DORA. This is a hands-on role with no dedicated Risk or Information Security team. In addition to functional responsibilities, the successful candidate will serve as one of the firm's Authorised Managers, sharing overall managerial responsibility for the entity alongside the other Authorised Manager. The position requires senior management oversight and coordination across all functions, including Risk and Compliance, while fully respecting the functional independence of the Compliance function.Key Responsibilities Authorised Manager Responsibilities Act as Authorised Manager vis-à-vis the CSSF for Risk, Internal Control and Information Security matters Ensure the sound, prudent and compliant operation of the firm in coordination with the other Authorised Manager(s) Contribute to defining the firm's strategy and development plan Represent the firm in internal and external meetings, including with regulators, auditors and other stakeholders Liaise with regulatory authorities, external auditors, service providers and vendors as required Coordinate with global group functions to ensure alignment and consistency of approach Functional OversightAs one of the Authorised Managers, hold overall senior management responsibility for the firm, with functional oversight of: Risk Management and Internal Control Compliance IT and Information Security HR and AdministrationEnsure these functions operate effectively and in alignment with the firm's governance framework, strategy and regulatory obligations. With respect to Compliance, provide senior management oversight and coordination while fully respecting its functional and operational independence, and act as a senior management escalation point for the Head of Compliance.Risk Management & Internal Control Develop, maintain and enhance the risk management framework, policies and procedures, including: Risk identification and risk universe Risk appetite framework Risk assessment and monitoring Risk reporting and Key Risk Indicators (KRIs) Cover the full risk universe, including but not limited to: Operational risk ICT and information security risk Credit risk Market and FX risk Liquidity risk Reputational risk Identify, assess and monitor material risks and ensure appropriate mitigating controls are in place Review, document and evaluate the internal control framework, including automated and manual controls Identify gaps or weaknesses in the risk and control framework and ensure remediation aligned with regulatory expectations and industry standards Prepare and present risk and internal control reporting to senior management and the Board Oversee outsourcing and third-party risk, including methodology and ongoing monitoringInformation Security, ICT Risk & DORA Act as senior accountable person for ICT risk management and information security governance Define, maintain and review: Information security policy ICT-related policies and procedures Incident management and escalation frameworks Ensure compliance with DORA and other applicable ICT / information security regulatory requirements Perform and coordinate ICT and information security risk assessments Oversee ICT controls across the full system lifecycle Monitor security vulnerabilities, incidents and emerging threats, ensuring appropriate mitigation Oversee third-party IT service providers, including SLAs and security requirements Coordinate ICT-related regulatory reporting and audits in collaboration with ComplianceQualifications University degree in risk management, finance, accounting, law, IT or a related field Professional risk or control qualification (e.g. FRM) or equivalent professional experience is an assetRequired Experience Minimum 5 years' experience in a senior Risk, Internal Control, Compliance or related function within a regulated financial institution Strong experience in risk management within a MiCA/MiFID-regulated firm Solid and practical knowledge of: Information security and ICT risk DORA regulatory framework Good understanding of finance and accounting, including: Financial statements Capital and prudential considerations Financial and operational controls Experience interacting with regulators, auditors and senior management Ability to operate effectively in a hands-on role without a dedicated team Experience in multicultural and international environments Exposure to digital assets or blockchain is an advantage, though not essential Key Competencies Strong judgment and decision-making capability at senior management level Ability to combine strategic oversight with operational execution Clear communication and stakeholder management skills Independence of mind and ability to challenge constructively High level of integrity and regulatory awareness