This job has expired and no longer accepts applications.

Head of Risk and Regulatory Compliance

Remote

We are seeking an experienced Head of Risk & Regulatory Compliance to lead the local risk management and regulatory compliance framework of our Croatian entity, which is applying for authorisation as a Crypto-Asset Service Provider (CASP) under the EU Markets in Crypto-Assets Regulation (MiCA).

The role is responsible for establishing and maintaining a robust risk management and compliance framework, ensuring that the company operates in full alignment with applicable European and Croatian regulatory requirements.

Operating within a wider group of regulated financial institutions, the Head of Risk & Regulatory Compliance will ensure that the Croatian entity maintains strong governance, internal controls, and regulatory oversight, while aligning with group-wide risk and compliance standards.

Your Role:

Establish and maintain the organisation’s risk management framework, aligned with group policies and EU regulatory expectations.
Identify, assess, and monitor key risk categories including: operational risk, regulatory risk, ICT and cybersecurity risk, third-party and outsourcing risk, financial crime risk.
Develop and maintain the organisation’s risk appetite framework and risk monitoring processes.
Prepare regular risk reports and dashboards for senior management and the Board.
Ensure the organisation complies with all relevant regulatory requirements including: MiCA, DORA, EU AML/CFT framework.
Croatian financial services regulation.
Monitor regulatory developments and ensure internal policies are updated accordingly.
Maintain and oversee the organisation’s regulatory compliance programme.
Provide guidance to management and internal teams on regulatory obligations.
Support the organisation’s CASP authorisation and ongoing regulatory supervision.
Maintaining compliance with MiCA governance, operational, and safeguarding requirements.
Supporting regulatory reporting obligations.
Ensuring operational procedures align with regulatory expectations for crypto-asset service providers.
Preparing documentation and responding to regulatory enquiries.
Support the implementation and oversight of the organisation’s Digital Operational Resilience (DORA) framework.
Ensuring the organisation maintains a robust ICT risk management framework.
Overseeing ICT third-party risk management and monitoring technology service providers.
Supporting the maintenance of the register of ICT service providers required under DORA.
Ensuring ICT incidents are properly classified, escalated, and reported.
Supporting resilience testing and operational continuity planning.
Maintain oversight of all outsourcing arrangements and third-party service providers.
Ensure outsourcing arrangements comply with EBA outsourcing guidelines.
Perform due diligence and risk assessments for new service providers.
Maintain the organisation’s outsourcing register and documentation.
Monitor service provider performance and risk exposure.
Develop and maintain key internal governance documents including:
risk policies, compliance policies, internal control frameworks, outsourcing governance procedures.
Ensure segregation of duties and internal control mechanisms are properly implemented.
Provide risk and compliance input to new products, partnerships, and operational processes.
With the Bord of Directors, act as the primary liaison with regulatory authorities in Croatia.
Coordinate regulatory inspections and supervisory reviews.
Support internal and external audits related to risk and compliance.
Prepare regulatory reporting and documentation required by supervisory authorities.
What We're Looking For:
Bachelor’s or Master’s degree in Law, Finance, Risk Management, Economics, or a related discipline.
7+ years experience in risk management, compliance, or regulatory roles.
Experience working in regulated financial institutions, fintech, or crypto-asset businesses.
Familiarity with EU financial services regulation including MiFID, MiCA, DORA, and AML frameworks.
Experience interacting with regulatory authorities.
Relevant certifications are advantageous.
Strong understanding of regulatory frameworks for financial institutions
Expertise in enterprise risk management and compliance governance
Experience managing outsourcing and third-party risk
Strong analytical and problem-solving capabilities
Excellent policy drafting and regulatory interpretation skills
Strong communication and stakeholder management abilities.
The successful candidate will be subject to a mandatory F&P pre-assessment.
Must meet Annex II – Skills of the EBA/ESMA suitability guidelines for members of the management body and key function holders.
Must meet ESMA Fit & Proper assessment guidelines for CASPs under MiCA.
The ideal candidate has already previously obtained a F&P approval.