Head of Enterprise Risk Management, Malta

Job Responsibilities:

• Enterprise Risk Management (ERM)
• Develop, maintain, and enhance the Enterprise Risk Matrix, Risk Register, and Control Logs in line with the company’s risk appetite and regulatory obligations.
• Identify, assess, and monitor risks across all departments, ensuring appropriate risk treatment and mitigation strategies are in place.
• Track and report on risk incidents and events, maintaining logs with thorough documentation of root cause analysis, remediation, and control enhancements.
• Ensure full alignment with MiCA and EMI regulatory requirements as well as internal governance frameworks.


• Business Continuity Management (BCM)
• Support the development and periodic review of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).
• Participate in business impact analyses, risk scenario planning, and annual testing exercises.
• Work with operational and technical teams to ensure resilience measures are well-documented and effective.


• Information Security Risk Management
• Assist in our security compliance programs, including but not limited to DORA, ISO27001, ISO27701, PCI-DSS and SOC 2.
• Participate in internal security and privacy assessments, internal and external audits.
• Provide complete and accurate responses to internal and third-party enquiries on information security compliance.


• Group Risk Coordination
• Act as the primary liaison with group-level risk and compliance teams, ensuring local risk management aligns with broader group strategy and expectations.
• Implement group-wide policies, standards, and procedures, tailoring them to the local regulatory and operational context.
• Coordinate and support group risk reporting requirements, contributing to consolidated risk dashboards, reviews, and audits.

Job Requirements:

• Bachelor’s or Master’s degree in Risk Management, Finance, Law, or a related field.
• 5+ years of experience in enterprise or operational risk management within regulated financial services, fintech, or crypto-asset environments.
• Strong working knowledge of MiCA, EMI frameworks, and relevant EU financial regulations.
• Proven experience maintaining ERM tools, registers, and governance documentation.
• Prior involvement in BCM/DRP planning and implementation.
• Holders of security-related certifications/qualifications will be an advantage: CISSP, CRISC, CISM, CISA, ISO27001 LA, CIPT, CIPP/E.
• Experience in a Cybersecurity or Information Security role will be an advantage.
• Familiarity with group or multinational operating models is an advantage.
• Strong organizational and documentation skills with attention to detail.
• Excellent stakeholder management and interdepartmental coordination.
• Analytical mindset with proactive problem-solving ability.
• Strong communication skills, both written and verbal.
• High integrity and professionalism in handling sensitive risk information.