Jobs · Finance

Senior Risk Management & Controls Manager

National Digital Trust Company (In Organization) · New York, United States · 1 wk ago
FinanceFull-time

About the role

The Senior Risk Management & Controls Manager is a senior first line of defense leader within Operations, reporting to the Chief Control Officer. The role owns the design, build-out, and ongoing execution of the first line's risk and control framework.

Responsibilities

  • Build, maintain, and continuously improve the first line's control framework — the operational expression of enterprise risk methodology — including the inventory of key controls, control narratives, control owners, evidence standards, and testing cadence.
  • Translate second-line policies, frameworks, and standards (risk taxonomy, risk appetite, control objectives, RCSA methodology) into first-line procedures, work instructions, and operational control designs the business can execute.
  • Lead first-line control testing, control quality assurance (QA), and self-identified issue management; differentiate clearly from independent assurance performed by 2LoD monitoring & testing and 3LoD internal audit.
  • Own the first-line side of the Risk and Control Self-Assessment (RCSA): drive first-line participation, calibrate ratings within the operations group, and ensure RCSA outputs reflect operational reality.
  • Maintain traceability between processes, risks, controls, issues, key risk indicators (KRIs), and remediation plans within the bank's GRC platform.
  • Perform senior-level analysis of operational losses, near-misses, control breakdowns, customer complaints, and emerging risk events; lead root-cause analysis and ensure lessons learned are codified into updated controls and procedures.
  • Develop and refine first-line KRIs, control health dashboards, and composite risk views that quantify inherent risk, control effectiveness, and residual risk at the process, product, and business-unit level.
  • Conduct deep-dive risk reviews on new products, new markets, material process changes, third-party relationships, and technology releases prior to launch.
  • Serve as the Operations group's senior subject-matter expert on digital asset and cryptocurrency controls, including custody models, key management and HSM controls, on-chain/off-chain settlement, stablecoin operations, blockchain analytics, smart-contract operational risk, and counterparty exposure to digital-asset intermediaries.
  • Design and operate first-line controls addressing FinCEN, OFAC, SEC, CFTC, OCC, FRB, FDIC, NYDFS, and state-level expectations applicable to digital-asset banking — including the Travel Rule, sanctions screening on virtual asset service providers (VASPs) and counterparty wallets, wallet whitelisting/blacklisting, deposit address attribution, and crypto-specific BSA/AML typologies.
  • Operationalize controls aligned to evolving guidance such as SR 26-2, FFIEC bulletins on digital assets, Basel BCBS prudential treatment of crypto exposures, OCC Interpretive Letters on bank custody of digital assets, and emerging federal market-structure legislation.
  • Partner with Treasury, Operations, Technology, and Compliance on key control points across the digital-asset trade lifecycle: client onboarding, transaction monitoring, reconciliation between sub-ledger and on-chain balances, custody attestations, key ceremonies, and incident response.
  • Serve as the Chief Control Officer's principal delegate in interactions with the Chief Risk Officer, Chief Compliance Officer, General Counsel, and Chief Auditor, and with their respective second- and third-line teams.
  • Prepare and present first-line risk and control reporting to the Chief Operating Officer, executive committees, and the Risk Committee of the Board — including residual risk views, control effectiveness summaries, issue aging, and remediation status.
  • Coordinate first-line responses to second-line monitoring & testing reviews, internal audit engagements, and regulatory examinations — including evidence production, walkthrough facilitation, and management responses.
  • Track 2LoD challenges, audit findings, and regulatory observations through closure; validate remediation evidence before submission for independent validation.
  • Advise fellow first-line leaders — business unit heads, product owners, technology leaders, vendor managers, and operations managers — on risk identification, control design alternatives, control rationalization, and remediation strategies, balancing risk reduction with operational efficiency.
  • Embed risk-aware design into new products, new markets, third-party relationships, and technology changes, with particular focus on digital-asset custody, payments, and settlement workflows.
  • Deliver targeted training, office hours, and enablement content to first-line control owners, process owners, and risk champions; build a community of practice across the operations group.
  • Drive continuous improvement of the first line's GRC tooling and workflows (e.g., ServiceNow IRM, RSA Archer, OneTrust, MetricStream, LogicGate) to strengthen automation, evidence capture, control testing throughput, and reporting precision.
  • Champion the use of analytics, automation, and AI-enabled tools to scale first-line control execution while maintaining auditability.

Qualifications

  • Education: Bachelor's degree in Finance, Accounting, Economics, Risk Management, Computer Science, Business, or a related discipline.
  • Experience: Minimum 8–12 years of progressive experience in operational risk, business controls, internal controls, internal audit, or regulatory compliance within a bank, broker-dealer, fintech, or digital-asset firm; at least 3 years in a senior or lead role within a first-line control function (CCO/COO organization).
  • Program Ownership: Demonstrated ownership of a first-line control program — including procedure drafting, control testing/QA, RCSA execution, and issue management.
  • Digital Assets: Working knowledge of digital asset / cryptocurrency operational risk: custody models, key management, on-chain analytics, stablecoins, DeFi exposure pathways, smart-contract risk, and Travel Rule compliance.
  • Regulatory: Strong command of COSO Internal Control – Integrated Framework, COSO ERM, ISO 31000, FFIEC IT and BSA/AML examination handbooks, OCC Heightened Standards, SR 11-7 / SR 26-2, and SOX (where applicable).
  • Executive Presence: Demonstrated success briefing C-suite, board committees, examiners, and internal/external auditors with clarity, candor, and credibility.

Preferred Qualifications

  • Advanced Education: Master's degree (MBA, MS Finance, MS Risk Management, MS Financial Mathematics) or equivalent advanced training.
  • Certifications: Professional certifications: CRISC, CISA, CIA, CRCM, CAMS, CFE, CRM, FRM, CCRO, or PRM. Crypto-focused credentials (CCAS – Certified Cryptocurrency Auditor Specialist, CCFC, CDAA) strongly preferred.
  • Examination Experience: Direct experience supporting OCC, FRB, FDIC, NYDFS, SEC, FINRA, or state-banking examinations and consent-order remediation as a first-line owner.
  • De Novo Experience: Direct experience standing up the operational control environment of a de novo bank, trust company, or digital-asset-licensed entity (BitLicense, state trust charter, OCC trust charter, or comparable).
  • Tooling: Hands-on use of GRC platforms (ServiceNow IRM, RSA Archer, MetricStream, LogicGate, OneTrust) and blockchain analytics tooling (Chainalysis, TRM Labs, Elliptic).

Technical Requirements

  • Advanced Microsoft Excel (modeling, dashboards), Word, PowerPoint, and Visio.
  • Working proficiency with SQL, Python, or PowerBI/Tableau for control analytics.
  • Familiarity with model risk management (SR 11-7), AI/ML governance, and emerging guidance on AI-enabled controls and monitoring.

Core Competencies

  • Senior judgment and operational pragmatism — the ability to design controls that are effective, efficient, and executable within real business processes.
  • Exceptional written and verbal communication, including the ability to translate technical findings into board-level narratives.
  • Ownership mindset, regulatory poise, and discretion in handling sensitive information.
  • Prowess in leading cross-functional initiatives without direct authority.

Similar jobs

Senior Risk Manager

Spartan Advisory PartnersGreater Syracuse-Auburn Area· 3 wk ago
Financeapply on spartan-advisory.com

Senior Risk Manager

Sotheby's Institute of ArtNew York, United States· 4 wk ago
Finance$90k–$120k/yr

Senior Risk Manager

PolymarketNew York, United States· 1 mo ago
RemoteFinance$21/hrapply on jobs.ashbyhq.com

Senior Risk Manager

A Igreja de Jesus Cristo dos Santos dos Últimos DiasSalt Lake City, UT· 1 mo ago
Financeapply on careers.churchofjesuschrist.org

Senior Risk Manager

Sotheby'sNew York, United States· 3 wk ago
Finance$90k–$120k/yrapply on job-boards.greenhouse.io