Chief Risk Officer and Head of Information Security - Crypto (Luxembourg based)

Chief Risk Officer and Head of Information Security - Crypto About Our Client Our client is a leading, regulated cryptocurrency exchange operating across Asia, Europe and the United States. The firm is licensed in multiple major jurisdictions and is a financial institution authorised by the Luxembourg Ministry of Finance and regulated by the CSSF in Luxembourg.

As a Luxembourg-based entity registered as a Virtual Asset Service Provider (VASP), the company operates at the forefront of digital asset regulation and innovation. The organisation combines strong governance standards with a dynamic, international culture and a deep commitment to blockchain and digital asset technology.

About the Role Our client is seeking an Authorised Manager primarily responsible for Risk Management, Internal Control and Information Security. The role is based in Luxembourg and forms part of the firm’s senior management.

The Authorised Manager will be accountable for the design, implementation, oversight and effectiveness of the firm’s risk management framework, internal control system and ICT / information security governance, in line with MiCA/MiFID requirements and applicable EU regulations, including DORA.

This is a hands‑on role with no dedicated Risk or Information Security team. In addition to functional responsibilities, the successful candidate will serve as one of the firm’s Authorised Managers, sharing overall managerial responsibility for the entity alongside the other Authorised Manager. The position requires senior management oversight and coordination across all functions, including Risk and Compliance, while fully respecting the functional independence of the Compliance function.

Key Responsibilities Authorised Manager Responsibilities

Act as Authorised Manager vis‑à‑vis the CSSF for Risk, Internal Control and Information Security matters

Ensure the sound, prudent and compliant operation of the firm in coordination with the other Authorised Manager(s)

Contribute to defining the firm’s strategy and development plan

Represent the firm in internal and external meetings, including with regulators, auditors and other stakeholders

Liaise with regulatory authorities, external auditors, service providers and vendors as required

Coordinate with global group functions to ensure alignment and consistency of approach

Functional Oversight

Risk Management and Internal Control

Compliance

IT and Information Security

HR and Administration

Ensure these functions operate effectively and in alignment with the firm’s governance framework, strategy and regulatory obligations.

With respect to Compliance, provide senior management oversight and coordination while fully respecting its functional and operational independence, and act as a senior management escalation point for the Head of Compliance.

Develop, maintain and enhance the risk management framework, policies and procedures, including:

Risk identification and risk universe

Risk assessment and monitoring

Risk reporting and Key Risk Indicators (KRIs)

Cover the full risk universe, including but not limited to:

Operational risk

ICT and information security risk

Credit risk

Market and FX risk

Liquidity risk

Reputational risk

Identify, assess and monitor material risks and ensure appropriate mitigating controls are in place

Review, document and evaluate the internal control framework, including automated and manual controls

Identify gaps or weaknesses in the risk and control framework and ensure remediation aligned with regulatory expectations and industry standards

Prepare and present risk and internal control reporting to senior management and the Board

Oversee outsourcing and third‑party risk, including methodology and ongoing monitoring

Act as senior accountable person for ICT risk management and information security governance

Define, maintain and review:

Information security policy

ICT‑related policies and procedures

Incident management and escalation frameworks

Ensure compliance with DORA and other applicable ICT / information security regulatory requirements

Perform and coordinate ICT and information security risk assessments

Oversee ICT controls across the full system lifecycle

Monitor security vulnerabilities, incidents and emerging threats, ensuring appropriate mitigation

Oversee third‑party IT service providers, including SLAs and security requirements

Coordinate ICT‑related regulatory reporting and audits in collaboration with Compliance

Qualifications

University degree in risk management, finance, accounting, law, IT or a related field

Professional risk or control qualification (e.g. FRM) or equivalent professional experience is an asset

Required Experience

Minimum 5 years’ experience in a senior Risk, Internal Control, Compliance or related function within a regulated financial institution

Strong experience in risk management within a MiCA/MiFID‑regulated firm

Solid and practical knowledge of:

Information security and ICT risk

DORA regulatory framework

Good understanding of finance and accounting, including:

Capital and prudential considerations

Financial and operational controls

Experience interacting with regulators, auditors and senior management

Ability to operate effectively in a hands‑on role without a dedicated team

Experience in multicultural and international environments

Exposure to digital assets or blockchain is an advantage, though not essential

Strong judgment and decision‑making capability at senior management level

Ability to combine strategic oversight with operational execution

Clear communication and stakeholder management skills

Independence of mind and ability to challenge constructively

High level of integrity and regulatory awareness

#J-18808-Ljbffr