Head of Risk and Regulatory Compliance

Skills

About the Role

You will lead the establishment and maintenance of the risk management and regulatory compliance framework for the Croatian entity. You will identify, assess, and monitor operational, regulatory, ICT and cybersecurity, third-party, outsourcing, and financial crime risks. You will develop risk appetite and monitoring processes, prepare regular risk reports and dashboards, and ensure compliance with MiCA, DORA, and EU AML/CFT rules. You will support CASP authorisation and regulatory supervision, oversee ICT third-party risk and outsourcing registers, classify and escalate ICT incidents, support resilience testing and operational continuity planning, draft and maintain governance and compliance documentation, perform due diligence on service providers, and act as the primary liaison with regulatory authorities for inspections, audits, and reporting.

Requirements

• Bachelor's or Master's degree in Law Finance Risk Management Economics or related discipline
• 7+ years experience in risk management compliance or regulatory roles
• Experience in regulated financial institutions fintech or crypto-asset businesses
• Familiarity with EU financial services regulation including MiFID MiCA DORA and AML frameworks
• Experience interacting with regulatory authorities
• Relevant certifications are advantageous
• Expertise in enterprise risk management and compliance governance
• Experience managing outsourcing and third-party risk
• Strong analytical and problem-solving capabilities
• Excellent policy drafting and regulatory interpretation skills
• Strong communication and stakeholder management abilities
• Willingness to undergo mandatory Fit & Proper pre-assessment and meet Annex II Skills and ESMA Fit & Proper guidelines for CASPs
• Preferably previous Fit & Proper approval experience

Responsibilities

• Establish and maintain the risk management framework
• Identify assess and monitor operational regulatory ICT cybersecurity third-party outsourcing and financial crime risks
• Develop and maintain the risk appetite framework and risk monitoring processes
• Prepare regular risk reports and dashboards for senior management and the Board
• Ensure compliance with MiCA DORA and EU AML/CFT frameworks and Croatian financial services regulation
• Monitor regulatory developments and update internal policies accordingly
• Maintain and oversee the regulatory compliance programme
• Provide guidance to management and internal teams on regulatory obligations
• Support CASP authorisation ongoing regulatory supervision and regulatory reporting
• Support implementation and oversight of the DORA framework and ICT risk management
• Oversee ICT third-party risk management maintain the register of ICT service providers and monitor service provider performance
• Ensure ICT incidents are classified escalated and reported appropriately
• Support resilience testing and operational continuity planning
• Maintain oversight of outsourcing arrangements ensure compliance with EBA outsourcing guidelines
• Perform due diligence and risk assessments for new service providers
• Develop and maintain key governance documents including risk policies compliance policies and internal control frameworks
• Provide risk and compliance input to new products partnerships and operational processes
• Act as primary liaison with regulatory authorities coordinate inspections and supervisory reviews
• Support internal and external audits related to risk and compliance

Benefits

• Performance-based incentives
• 22 days annual leave plus 6 company days and bank holidays
• Comprehensive health insurance plans
• Extensive benefits program
• Flexible work schedule and remote work options
• Professional development and training opportunities