Senior Risk Management & Controls Manager

About The Position

Requirements

• Bachelor's degree in Finance, Accounting, Economics, Risk Management, Computer Science, Business, or a related discipline.
• Minimum 8–12 years of progressive experience in operational risk, business controls, internal controls, internal audit, or regulatory compliance within a bank, broker-dealer, fintech, or digital-asset firm; at least 3 years in a senior or lead role within a first-line control function (CCO/COO organization).
• Demonstrated ownership of a first-line control program — including procedure drafting, control testing/QA, RCSA execution, and issue management.
• Working knowledge of digital asset / cryptocurrency operational risk: custody models, key management, on-chain analytics, stablecoins, DeFi exposure pathways, smart-contract risk, and Travel Rule compliance.
• Strong command of COSO Internal Control – Integrated Framework, COSO ERM, ISO 31000, FFIEC IT and BSA/AML examination handbooks, OCC Heightened Standards, SR 11-7 / SR 26-2, and SOX (where applicable).
• Demonstrated success briefing C-suite, board committees, examiners, and internal/external auditors with clarity, candor, and credibility.
• Advanced Microsoft Excel (modeling, dashboards), Word, PowerPoint, and Visio.
• Working proficiency with SQL, Python, or PowerBI/Tableau for control analytics.
• Familiarity with model risk management (SR 11-7), AI/ML governance, and emerging guidance on AI-enabled controls and monitoring.
• Senior judgment and operational pragmatism — the ability to design controls that are effective, efficient, and executable within real business processes.
• Exceptional written and verbal communication, including the ability to translate technical findings into board-level narratives.
• Ownership mindset, regulatory poise, and discretion in handling sensitive information.
• Proven ability to lead cross-functional initiatives without direct authority.

Nice To Haves

• Master's degree (MBA, MS Finance, MS Risk Management, MS Financial Mathematics) or equivalent advanced training.
• Professional certifications: CRISC, CISA, CIA, CRCM, CAMS, CFE, CRM, FRM, CCRO, or PRM.
• Crypto-focused credentials (CCAS – Certified Cryptocurrency Auditor Specialist, CCFC, CDAA) strongly preferred.
• Direct experience supporting OCC, FRB, FDIC, NYDFS, SEC, FINRA, or state-banking examinations and consent-order remediation as a first-line owner.
• Direct experience standing up the operational control environment of a de novo bank, trust company, or digital-asset-licensed entity (BitLicense, state trust charter, OCC trust charter, or comparable).
• Hands-on use of GRC platforms (ServiceNow IRM, RSA Archer, MetricStream, LogicGate, OneTrust) and blockchain analytics tooling (Chainalysis, TRM Labs, Elliptic).

Responsibilities

• Build, maintain, and continuously improve the first line's control framework — including the inventory of key controls, control narratives, control owners, evidence standards, and testing cadence.
• Translate second-line policies, frameworks, and standards into first-line procedures, work instructions, and operational control designs.
• Lead first-line control testing, control quality assurance (QA), and self-identified issue management.
• Own the first-line side of the Risk and Control Self-Assessment (RCSA): drive first-line participation, calibrate ratings within the operations group, and ensure RCSA outputs reflect operational reality.
• Maintain traceability between processes, risks, controls, issues, key risk indicators (KRIs), and remediation plans within the bank's GRC platform.
• Perform senior-level analysis of operational losses, near-misses, control breakdowns, customer complaints, and emerging risk events; lead root-cause analysis and ensure lessons learned are codified into updated controls and procedures.
• Develop and refine first-line KRIs, control health dashboards, and composite risk views that quantify inherent risk, control effectiveness, and residual risk at the process, product, and business-unit level.
• Conduct deep-dive risk reviews on new products, new markets, material process changes, third-party relationships, and technology releases prior to launch.
• Serve as the Operations group's senior subject-matter expert on digital asset and cryptocurrency controls, including custody models, hot/warm/cold wallet architecture, key management and HSM controls, on-chain/off-chain settlement, stablecoin operations, blockchain analytics, smart-contract operational risk, and counterparty exposure to digital-asset intermediaries.
• Design and operate first-line controls addressing FinCEN, OFAC, SEC, CFTC, OCC, FRB, FDIC, NYDFS, and state-level expectations applicable to digital-asset banking.
• Operationalize controls aligned to evolving guidance such as SR 26-2, FFIEC bulletins on digital assets, Basel BCBS prudential treatment of crypto exposures, OCC Interpretive Letters on bank custody of digital assets, and emerging federal market-structure legislation.
• Partner with Treasury, Operations, Technology, and Compliance on key control points across the digital-asset trade lifecycle.
• Serve as the Chief Control Officer's principal delegate in interactions with the Chief Risk Officer, Chief Compliance Officer, General Counsel, and Chief Auditor, and with their respective second- and third-line teams.
• Prepare and present first-line risk and control reporting to the Chief Operating Officer, executive committees, and the Risk Committee of the Board.
• Coordinate first-line responses to second-line monitoring & testing reviews, internal audit engagements, and regulatory examinations.
• Track 2LoD challenges, audit findings, and regulatory observations through closure; validate remediation evidence before submission for independent validation.
• Advise fellow first-line leaders on risk identification, control design alternatives, control rationalization, and remediation strategies, balancing risk reduction with operational efficiency.
• Embed risk-aware design into new products, new markets, third-party relationships, and technology changes, with particular focus on digital-asset custody, payments, and settlement workflows.
• Deliver targeted training, office hours, and enablement content to first-line control owners, process owners, and risk champions; build a community of practice across the operations group.
• Drive continuous improvement of the first line's GRC tooling and workflows to strengthen automation, evidence capture, control testing throughput, and reporting precision.
• Champion the use of analytics, automation, and AI-enabled tools to scale first-line control execution while maintaining auditability.

Benefits

• Medical, Dental, and Vision insurance
• 401(k)
• Life and disability insurance