The Risk Operations Manager will be instrumental in developing, implementing, and overseeing a robust risk management framework to identify, assess, monitor, and mitigate all types of risks associated with crypto exchange operations, products, and services. This role requires a deep understanding of the cryptocurrency landscape, financial market risks, regulatory requirements, and the ability to collaborate effectively across various teams to foster a strong risk-aware culture.
Key Responsibilities:
Risk Framework Development & Implementation:
- Design, implement, and maintain a comprehensive enterprise-wide risk management framework, policies, and procedures tailored to the unique risks of a cryptocurrency exchange.
- Develop and manage Risk Appetite Statements and Key Risk Indicators (KRIs), defining clear thresholds and establishing reporting mechanisms.
- Lead and coordinate Risk & Control Self-Assessments (RCSAs), Product Risk Assessments, and Enterprise Risk Assessments to identify and address key risk areas.
Risk Identification & Assessment:
- Proactively identify, analyze, and assess various types of risks, including but not limited to:
Operational Risk:
- System failures, human error, process breakdowns, fraud, cyber security risks, business continuity, disaster recovery.
Market Risk:
- Volatility, liquidity risk, price manipulation, unexpected market movements.
Credit/Counterparty Risk:
- Risks associated with institutional clients, lending, or decentralized finance (DeFi) protocols.
Regulatory & Compliance Risk:
- Evolving AML/CFT regulations, licensing requirements, data privacy, and other local/international crypto-specific regulations.
Technology Risk:
- Smart contract vulnerabilities, blockchain network issues, platform security, data integrity.
Product Risk:
- Risks inherent in new crypto products (e.g., derivatives, staking, NFTs).
- Conduct targeted data-driven risk assessments and develop risk management reporting using data visualization tools.
Risk Monitoring & Mitigation:
- Implement and oversee control measures to mitigate identified risks effectively.
- Monitor key risk metrics and dashboards for proactive risk detection and incident management.
- Manage crypto-related risk incidents and issues, collaborating with stakeholders for timely resolution and effective remediation.
- Develop and implement tools and systems for real-time fraud detection, suspicious activity alerts, and anti-abuse mechanisms.
- Regularly review and question hedging positions, diversification, and exposure risk.
Compliance & Governance:
- Ensure alignment of risk management practices with regulatory requirements and industry best practices.
- Collaborate with legal, compliance, and audit teams to address regulatory inquiries, close gaps, and ensure adherence to evolving regulations (e.g., MiCA, travel rule, local DPT regulations).
- Participate in risk committees and forums, escalating issues and updating crypto risk policies and procedures.
- Prepare and present regular and ad-hoc risk reports to internal committees, senior management, and boards.
Stakeholder Collaboration & Culture:
- Collaborate closely with cross-functional teams, including Product, Engineering, Trading, Operations, Legal, and Compliance, to integrate risk management into business processes and new product development.
- Provide risk guidance and training to employees to raise awareness of risk obligations and promote a strong risk-aware culture within the organization.
- Liaise with regulatory authorities and external auditors as needed.
Requirements:
- Bachelor's degree in Finance, Economics, Business, Risk Management, Law, or a related quantitative field or professional certifications (FRM, CFA, CAMS) are a significant plus.
- 3 years of proven experience in risk management, internal audit, or risk and controls, with a strong preference for experience within the cryptocurrency, FinTech, or financial services industry (e.g., investment banking, asset management).
- In-depth understanding of financial risk management frameworks (e.g., COSO, ISO 31000) and methodologies.
- Strong knowledge of cryptocurrency products, blockchain technology, and the associated risks and infrastructure.
- Familiarity with relevant regulatory frameworks and compliance requirements for virtual asset service providers (VASPs).
- Hands-on experience with risk programs such as KRIs, risk assessments, control testing, and business continuity planning.
- Excellent analytical, problem-solving, and decision-making skills with a keen eye for detail.
- Strong communication, presentation, and interpersonal skills, with the ability to effectively engage and influence stakeholders at all levels.
- Ability to work independently, manage multiple priorities, and thrive in a fast-paced, dynamic, and evolving environment.
- Proficiency in risk management tools and software applications; experience with GRC systems (e.g., Archer) is a plus.
- SQL and Python programming experience for data analysis and automation is highly desirable.
