Own the risk framework for our Cyprus regulated entity. You will set risk appetite, make risks visible and manageable, and ensure controls, metrics and evidence are robust—so the business can move fast, safely. This role suits a hands‑on risk leader who turns regulation into practical, testable controls and clear management information.

Job responsibilities

• Establish and maintain the enterprise risk management (ERM) framework: risk taxonomy, appetite/limits, governance and reporting cadence
• Run the risk assessment cycle (RCSA): identify, assess and prioritise operational/ICT, conduct, outsourcing, model, liquidity/treasury (with CFO) and strategic risks
• Define KRIs/early‑warning indicators with thresholds; build MI/dashboards and report to senior management and the Board
• Lead operational resilience and ICT risk oversight aligned to DORA‑style expectations: critical/important functions mapping, impact tolerances, testing and lessons learned
• Oversee incident and loss‑event capture; ensure root‑cause analysis and durable remediation with the first line
• Strengthen third‑party/outsourcing risk oversight: due diligence criteria, register accuracy, ongoing monitoring and exit plans
• Provide change and product‑governance risk input: significant change assessments, control design, evidence requirements and go/no‑go criteria
• Coordinate stress/scenario analysis with CFO/COO; challenge assumptions and document outcomes
• Review model/methodology risk (where applicable); ensure validation and documentation standards
• Partner with Compliance Officer and MLRO on conduct/AML‑related risks and training; keep roles clear across the three lines of defence
• Maintain policy suite and risk procedures; run awareness sessions; ensure records are audit‑ready
• Prepare concise, actionable risk reports and Board packs; track remediation to closure

Key frameworks and topics

• ERM and ISO 31000 concepts, RCSA and control testing
• Operational resilience and ICT risk (DORA‑style), incident classification and reporting
• Third‑party/outsourcing risk management
• Conduct risk and product governance oversight (fair, clear and not misleading)
• Stress/scenario analysis and early‑warning indicators
• Risk data, MI design and evidence management

Qualifications

• 7+ years’ risk management experience in regulated financial services or closely related environments
• Proven track record building and operating ERM/RCSA, KRIs and Board‑level reporting
• Strong grasp of operational/ICT risk and resilience; comfortable engaging engineers on controls and evidence
• Excellent written English and documentation discipline; crisp communication with senior stakeholders
• Advanced Excel/Sheets; familiarity with SQL/BI dashboards is a plus
• Professional qualifications preferred: IRM Diploma/CMIRM, FRM/PRM, ISO 31000, CRISC/CISM (or equivalent). CySEC Advanced Certification is an advantage
• Ability to work on‑site in Limassol; collaborative style with clear independence of judgement

We encourage applications from all qualified candidates and provide reasonable accommodations on request (email [email protected]).

Other skills

• Structured, evidence‑driven thinker with calm, practical judgement
• Able to challenge constructively and negotiate clear, time‑bound remediation
• Habit of turning findings into simpler processes, sharper metrics and better documentation