Senior Risk Management & Controls Manager
National Digital Trust Company (In Organization) · New York, United States · 1 wk ago
FinanceFull-time
About the role
The Senior Risk Management & Controls Manager is a senior first line of defense leader within Operations, reporting to the Chief Control Officer. The role owns the design, build-out, and ongoing execution of the first line's risk and control framework.
Responsibilities
- Build, maintain, and continuously improve the first line's control framework — the operational expression of enterprise risk methodology — including the inventory of key controls, control narratives, control owners, evidence standards, and testing cadence.
- Translate second-line policies, frameworks, and standards (risk taxonomy, risk appetite, control objectives, RCSA methodology) into first-line procedures, work instructions, and operational control designs the business can execute.
- Lead first-line control testing, control quality assurance (QA), and self-identified issue management; differentiate clearly from independent assurance performed by 2LoD monitoring & testing and 3LoD internal audit.
- Own the first-line side of the Risk and Control Self-Assessment (RCSA): drive first-line participation, calibrate ratings within the operations group, and ensure RCSA outputs reflect operational reality.
- Maintain traceability between processes, risks, controls, issues, key risk indicators (KRIs), and remediation plans within the bank's GRC platform.
- Perform senior-level analysis of operational losses, near-misses, control breakdowns, customer complaints, and emerging risk events; lead root-cause analysis and ensure lessons learned are codified into updated controls and procedures.
- Develop and refine first-line KRIs, control health dashboards, and composite risk views that quantify inherent risk, control effectiveness, and residual risk at the process, product, and business-unit level.
- Conduct deep-dive risk reviews on new products, new markets, material process changes, third-party relationships, and technology releases prior to launch.
- Serve as the Operations group's senior subject-matter expert on digital asset and cryptocurrency controls, including custody models, key management and HSM controls, on-chain/off-chain settlement, stablecoin operations, blockchain analytics, smart-contract operational risk, and counterparty exposure to digital-asset intermediaries.
- Design and operate first-line controls addressing FinCEN, OFAC, SEC, CFTC, OCC, FRB, FDIC, NYDFS, and state-level expectations applicable to digital-asset banking — including the Travel Rule, sanctions screening on virtual asset service providers (VASPs) and counterparty wallets, wallet whitelisting/blacklisting, deposit address attribution, and crypto-specific BSA/AML typologies.
- Operationalize controls aligned to evolving guidance such as SR 26-2, FFIEC bulletins on digital assets, Basel BCBS prudential treatment of crypto exposures, OCC Interpretive Letters on bank custody of digital assets, and emerging federal market-structure legislation.
- Partner with Treasury, Operations, Technology, and Compliance on key control points across the digital-asset trade lifecycle: client onboarding, transaction monitoring, reconciliation between sub-ledger and on-chain balances, custody attestations, key ceremonies, and incident response.
- Serve as the Chief Control Officer's principal delegate in interactions with the Chief Risk Officer, Chief Compliance Officer, General Counsel, and Chief Auditor, and with their respective second- and third-line teams.
- Prepare and present first-line risk and control reporting to the Chief Operating Officer, executive committees, and the Risk Committee of the Board — including residual risk views, control effectiveness summaries, issue aging, and remediation status.
- Coordinate first-line responses to second-line monitoring & testing reviews, internal audit engagements, and regulatory examinations — including evidence production, walkthrough facilitation, and management responses.
- Track 2LoD challenges, audit findings, and regulatory observations through closure; validate remediation evidence before submission for independent validation.
- Advise fellow first-line leaders — business unit heads, product owners, technology leaders, vendor managers, and operations managers — on risk identification, control design alternatives, control rationalization, and remediation strategies, balancing risk reduction with operational efficiency.
- Embed risk-aware design into new products, new markets, third-party relationships, and technology changes, with particular focus on digital-asset custody, payments, and settlement workflows.
- Deliver targeted training, office hours, and enablement content to first-line control owners, process owners, and risk champions; build a community of practice across the operations group.
- Drive continuous improvement of the first line's GRC tooling and workflows (e.g., ServiceNow IRM, RSA Archer, OneTrust, MetricStream, LogicGate) to strengthen automation, evidence capture, control testing throughput, and reporting precision.
- Champion the use of analytics, automation, and AI-enabled tools to scale first-line control execution while maintaining auditability.
Qualifications
- Education: Bachelor's degree in Finance, Accounting, Economics, Risk Management, Computer Science, Business, or a related discipline.
- Experience: Minimum 8–12 years of progressive experience in operational risk, business controls, internal controls, internal audit, or regulatory compliance within a bank, broker-dealer, fintech, or digital-asset firm; at least 3 years in a senior or lead role within a first-line control function (CCO/COO organization).
- Program Ownership: Demonstrated ownership of a first-line control program — including procedure drafting, control testing/QA, RCSA execution, and issue management.
- Digital Assets: Working knowledge of digital asset / cryptocurrency operational risk: custody models, key management, on-chain analytics, stablecoins, DeFi exposure pathways, smart-contract risk, and Travel Rule compliance.
- Regulatory: Strong command of COSO Internal Control – Integrated Framework, COSO ERM, ISO 31000, FFIEC IT and BSA/AML examination handbooks, OCC Heightened Standards, SR 11-7 / SR 26-2, and SOX (where applicable).
- Executive Presence: Demonstrated success briefing C-suite, board committees, examiners, and internal/external auditors with clarity, candor, and credibility.
Preferred Qualifications
- Advanced Education: Master's degree (MBA, MS Finance, MS Risk Management, MS Financial Mathematics) or equivalent advanced training.
- Certifications: Professional certifications: CRISC, CISA, CIA, CRCM, CAMS, CFE, CRM, FRM, CCRO, or PRM. Crypto-focused credentials (CCAS – Certified Cryptocurrency Auditor Specialist, CCFC, CDAA) strongly preferred.
- Examination Experience: Direct experience supporting OCC, FRB, FDIC, NYDFS, SEC, FINRA, or state-banking examinations and consent-order remediation as a first-line owner.
- De Novo Experience: Direct experience standing up the operational control environment of a de novo bank, trust company, or digital-asset-licensed entity (BitLicense, state trust charter, OCC trust charter, or comparable).
- Tooling: Hands-on use of GRC platforms (ServiceNow IRM, RSA Archer, MetricStream, LogicGate, OneTrust) and blockchain analytics tooling (Chainalysis, TRM Labs, Elliptic).
Technical Requirements
- Advanced Microsoft Excel (modeling, dashboards), Word, PowerPoint, and Visio.
- Working proficiency with SQL, Python, or PowerBI/Tableau for control analytics.
- Familiarity with model risk management (SR 11-7), AI/ML governance, and emerging guidance on AI-enabled controls and monitoring.
Core Competencies
- Senior judgment and operational pragmatism — the ability to design controls that are effective, efficient, and executable within real business processes.
- Exceptional written and verbal communication, including the ability to translate technical findings into board-level narratives.
- Ownership mindset, regulatory poise, and discretion in handling sensitive information.
- Prowess in leading cross-functional initiatives without direct authority.