Chief Risk Officer and Head of Information Security - CryptoLocation: LuxembourgAbout Our ClientOur client is a leading, regulated cryptocurrency exchange operating across Asia, Europe and the United States.
The firm is licensed in multiple major jurisdictions and is a financial institution authorised by the Luxembourg Ministry of Finance and regulated by the CSSF in Luxembourg.As a Luxembourg-based entity registered as a Virtual Asset Service Provider (VASP), the company operates at the forefront of digital asset regulation and innovation.
The organisation combines strong governance standards with a dynamic, international culture and a deep commitment to blockchain and digital asset technology.About the RoleOur client is seeking an Authorised Manager primarily responsible for Risk Management, Internal Control and Information Security.
The role is based in Luxembourg and forms part of the firm's senior management.The Authorised Manager will be accountable for the design, implementation, oversight and effectiveness of the firm's risk management framework, internal control system and ICT / information security governance, in line with MiCA/MiFID requirements and applicable EU regulations, including DORA.This is a hands-on role with no dedicated Risk or Information Security team.
In addition to functional responsibilities, the successful candidate will serve as one of the firm's Authorised Managers, sharing overall managerial responsibility for the entity alongside the other Authorised Manager.
The position requires senior management oversight and coordination across all functions, including Risk and Compliance, while fully respecting the functional independence of the Compliance function.Key ResponsibilitiesAuthorised Manager ResponsibilitiesAct as Authorised Manager vis-à-vis the CSSF for Risk, Internal Control and Information Security mattersEnsure the sound, prudent and compliant operation of the firm in coordination with the other Authorised Manager(s)Contribute to defining the firm's strategy and development planRepresent the firm in internal and external meetings, including with regulators, auditors and other stakeholdersLiaise with regulatory authorities, external auditors, service providers and vendors as requiredCoordinate with global group functions to ensure alignment and consistency of approachFunctional OversightAs one of the Authorised Managers, hold overall senior management responsibility for the firm, with functional oversight of:Risk Management and Internal ControlComplianceIT and Information SecurityHR and AdministrationEnsure these functions operate effectively and in alignment with the firm's governance framework, strategy and regulatory obligations.With respect to Compliance, provide senior management oversight and coordination while fully respecting its functional and operational independence, and act as a senior management escalation point for the Head of Compliance.Risk Management & Internal ControlDevelop, maintain and enhance the risk management framework, policies and procedures, including:Risk identification and risk universeRisk appetite frameworkRisk assessment and monitoringRisk reporting and Key Risk Indicators (KRIs)Cover the full risk universe, including but not limited to:Operational riskICT and information security riskCredit riskMarket and FX riskLiquidity riskReputational riskIdentify, assess and monitor material risks and ensure appropriate mitigating controls are in placeReview, document and evaluate the internal control framework, including automated and manual controlsIdentify gaps or weaknesses in the risk and control framework and ensure remediation aligned with regulatory expectations and industry standardsPrepare and present risk and internal control reporting to senior management and the BoardOversee outsourcing and third-party risk, including methodology and ongoing monitoringInformation Security, ICT Risk & DORAAct as senior accountable person for ICT risk management and information security governanceDefine, maintain and review:Information security policyICT-related policies and proceduresIncident management and escalation frameworksEnsure compliance with DORA and other applicable ICT / information security regulatory requirementsPerform and coordinate ICT and information security risk assessmentsOversee ICT controls across the full system lifecycleMonitor security vulnerabilities, incidents and emerging threats, ensuring appropriate mitigationOversee third-party IT service providers, including SLAs and security requirementsCoordinate ICT-related regulatory reporting and audits in collaboration with ComplianceQualificationsUniversity degree in risk management, finance, accounting, law, IT or a related fieldProfessional risk or control qualification (e.g. FRM) or equivalent professional experience is an assetRequired ExperienceMinimum 5 years' experience in a senior Risk, Internal Control, Compliance or related function within a regulated financial institutionStrong experience in risk management within a MiCA/MiFID-regulated firmSolid and practical knowledge of:Information security and ICT riskDORA regulatory frameworkGood understanding of finance and accounting, including:Financial statementsCapital and prudential considerationsFinancial and operational controlsExperience interacting with regulators, auditors and senior managementAbility to operate effectively in a hands-on role without a dedicated teamExperience in multicultural and international environmentsExposure to digital assets or blockchain is an advantage, though not essentialKey CompetenciesStrong judgment and decision-making capability at senior management levelAbility to combine strategic oversight with operational executionClear communication and stakeholder management skillsIndependence of mind and ability to challenge constructivelyHigh level of integrity and regulatory awareness