About the company:

Our mission is that Any financial application can onboard any user, anywhere in the world, in 1 click.Transak provides onboarding to financial applications through authentication, KYC, risk checks, and fiat on/off ramps. This is a next generation of infrastructure for the next generation of financial applications that are built on blockchain and stablecoin rails. Our API and widget-based solutions are used by top partners like MetaMask, Coinbase, Ledger, and Trust Wallet to enable seamless onboarding of over 10 million users across over 450 active applications.We have raised over $37M from top-tier investors including Consensys, Tether, and Animoca Brands.

About the Role

The Risk Manager is the designated Risk Management Key Function Holder for a MiCA-authorised Crypto-Asset Service Provider (CASP) in the EU. This is a mandatory second-line control function responsible for ensuring that all material risks are identified, assessed, measured, controlled, monitored, and reported in accordance with MiCA, EBA governance standards, and national competent authority (NCA) expectations.

The role has enterprise-wide scope, covering business activities, crypto-asset services, ICT systems, outsourcing and third-party arrangements, safeguarding of client assets, liquidity and capital risks, and operational resilience.

The Risk Manager operates independently from the first line, has direct access to the management body, and provides effective challenge to senior management decisions that may exceed the firm’s approved risk appetite.

This role is required to demonstrate regulatory substance, credibility, and day-to-day effectiveness, not nominal appointment.

Key Responsibilities

1. Risk Governance & Key Function Holder Accountability (MiCA Article 68 / EBA Governance)

• Act as the formally designated Risk Management Key Function Holder under MiCA.
• Design, implement, and maintain the firm’s Risk Management Framework (RMF).
• Support the management body in defining and approving the Risk Appetite Statement.
• Ensure independence of the risk function from revenue-generating activities.
• Produce regular, structured risk reports to the management body.

2. Risk Identification & Classification (MiCA Article 67)

• Identify and classify all material risks relevant to a CASP, including:
  • Operational risk
  • ICT and cyber risk (aligned with DORA readiness)
  • Compliance and regulatory risk
  • Outsourcing and third-party risk
  • Safeguarding and custody risk
  • Liquidity and capital risk
  • Reputational risk
• Maintain a comprehensive Risk Register aligned with MiCA service permissions.
• Ensure new products and crypto-asset services undergo formal risk assessment prior to launch.

3. Risk Assessment, Measurement & KRIs (MiCA + EBA Risk Frameworks)

• Design and maintain risk assessment methodologies proportionate to the CASP’s scale and complexity.
• Perform periodic and ad-hoc enterprise risk assessments.
• Define and monitor Key Risk Indicators (KRIs) and escalation thresholds.
• Assess inherent risk, control effectiveness, and residual risk.
• Support stress testing and scenario analysis where required by the NCA.

4. Risk Monitoring, Control Oversight & Escalation

• Monitor ongoing risk exposure against approved risk appetite.
• Provide independent second-line oversight of first-line controls.
• Challenge inadequate control design or execution.
• Track remediation plans and verify closure.
• Escalate material risk breaches to senior management and the management body.

5. Outsourcing & Third-Party Risk (MiCA Article 68 + EBA Outsourcing Guidelines)

• Design and maintain the Outsourcing & Third-Party Risk Management Framework.
• Conduct risk assessments for critical and important outsourced functions.
• Maintain an outsourcing register compliant with EBA requirements.
• Review exit strategies, concentration risks, and subcontracting chains.
• Ensure outsourcing arrangements do not impair supervisory access.

6. Internal Control System & Three Lines of Defence

• Support the design and maintenance of the Internal Control System.
• Ensure clear mapping between risks, controls, and control owners.
• Coordinate with Compliance, Internal Audit, and external assurance providers.
• Ensure audit and supervisory findings are tracked and resolved.

7. Capital & Liquidity Risk (MiCA Prudential Requirements)

• Support prudential risk assessments required under MiCA.
• Monitor risks to own funds and liquidity adequacy.
• Contribute to internal capital adequacy-style assessments where applicable.
• Escalate risks that may threaten financial resilience.

8. Operational Risk & Incident Management

• Own the operational risk framework.
• Oversee incident identification, classification, and root cause analysis.
• Maintain loss event data and trend analysis.
• Ensure lessons learned are embedded into controls and processes.

9. Regulatory Readiness & Supervisory Engagement

• Support MiCA authorisation and ongoing supervisory engagement from a risk perspective.
• Provide structured, regulator-ready risk documentation.
• Demonstrate effective, independent risk oversight to NCAs.
• Monitor evolving EBA/ESMA guidance impacting CASP risk management.

10. Cross-Functional Risk Advisory (Risk by Design)

• Advise Product, Engineering, Compliance, Operations, and Finance on risk implications.
• Review new crypto-asset services, custody models, and partnerships.
• Embed risk considerations early in product and technology decisions.
• Act as a credible internal authority on enterprise risk.