Risk Manager

We are looking for a Risk Manager to identify, assess, and mitigate risks associated with our virtual asset operations, including cryptocurrency trading, custody, and wallet services. The role will be responsible for implementing and maintaining a robust enterprise risk management framework in alignment with regulatory requirements set by the Virtual Assets Regulatory Authority (VARA) and other applicable authorities. The ideal candidate will work closely with cross-functional teams to monitor financial, operational, and technological risks, strengthen internal controls, and support a proactive risk culture across the organization.

Key Responsibilities:

1. Risk Framework & Governance

• Design and maintain a comprehensive Enterprise Risk Management (ERM) framework tailored to VASP operations.
• Develop and own risk policies, internal controls, risk appetite statements, and tolerance thresholds.
• Ensure the framework is continuously aligned with VARA's Rulebook, SCA regulations, and applicable FATF guidance.

2. Transaction Monitoring & Financial Crime

• Oversee on-chain and off-chain transaction monitoring to detect suspicious or anomalous activity.
• Maintain robust AML/CTF controls and ensure timely escalation of potential financial crime incidents.
• Collaborate with Compliance on STR/SAR filings, investigations, and regulatory correspondence.

3. Operational & Cybersecurity Risk

• Identify and assess vulnerabilities across IT infrastructure, blockchain protocols, smart contracts, and custody/wallet systems.
• Partner with the Technology team to define and enforce security controls, penetration testing schedules, and risk remediation plans.
• Maintain a live risk register and ensure operational incidents are documented, reviewed, and closed within agreed SLAs.

4. Regulatory Compliance & Engagement

• Serve as the primary risk interface for VARA inspections, regulatory audits, and supervisory reporting.
• Proactively monitor regulatory developments (VARA, SCA, CBUAE) and translate changes into internal policy updates.
• Draft and maintain key regulatory submissions including risk management policies, compliance attestations, and periodic reporting.

5. Risk Monitoring, Reporting & Escalation

• Define, track, and report Key Risk Indicators (KRIs) and Key Control Indicators (KCIs) on a regular cadence.
• Prepare clear, concise risk reports for the Board, senior management, and regulators.
• Escalate emerging risks with actionable mitigation recommendations and appropriate urgency.

6. Resilience & Continuity Planning

• Develop and maintain incident response plans, business continuity plans (BCP), and disaster recovery protocols.
• Design and execute risk scenarios and stress tests relevant to cryptocurrency market volatility, cyber incidents, and operational failures.
• Lead post-incident reviews and drive implementation of lessons learned.

7. Cross-Functional Leadership

• Act as a trusted risk advisor to Compliance, Finance, Legal, and Technology teams.
• Facilitate risk training, awareness campaigns, and promote a risk-aware culture across all functions.

Support product and business development teams in assessing risk implications of new services and market expansions.

Required Qualifications:

• Deep understanding of blockchain technology, tokenomics, and digital asset risk vectors, including smart contract risk, oracle manipulation, and protocol vulnerabilities.
• Strong grasp of AML/KYC/CTF frameworks, FATF Recommendations, and Travel Rule compliance.
• Familiarity with on-chain analytics tools (e.g., Chainalysis, TRM Labs, Elliptic) is a plus.
• Understanding of cybersecurity risk principles including ISO 27001, SOC 2, and NIST frameworks.

Core Competencies:

• Bachelor's degree in Finance, Risk Management, Business Administration, Law, or a related field. A Master's degree or MBA is an advantage.
• Professional certifications are highly valued: FRM (GARP), CAMS, CRISC, CISSP, or equivalent.
• 5–7 years of progressive experience in Risk Management, Compliance, or Internal Audit within financial services or regulated technology environments.
• Demonstrable experience in a Virtual Assets, FinTech, Crypto, or DeFi context, either at a VASP, exchange, custody provider, or digital asset fund.
• Prior exposure to VARA, ADGM/FSRA, SCA, or CBUAE regulatory frameworks is strongly preferred.

Track record of designing or overhauling risk frameworks from the ground up.

Compensations and Benefits:

· Working Hours: Mondays to Fridays from 9AM to 5PM

· Airticket: Per Annum

· Medical Insurance: Comprehensive Insurance

· Annual Leave: after completion of 1 year in service

Salary: To be discussed

Job Type: Full-time

Pay: From AED12,000.00 per month

Application Question(s):

• Application Question(s):

In a single paragraph, can you please state your understanding about blockchain technology, tokenomics, and digital asset risk vectors, including smart contract risk, oracle manipulation, and protocol vulnerabilities.
What is the level of your understanding of cybersecurity risk principles including ISO 27001, SOC 2, and NIST frameworks.
This is an urgent role, what is your earliest availability?
Do you have any experience on any of the following regulatories: VARA, ADGM/FSRA, SCA, or CBUAE? if yes, how many years?

Work Location: In person