SeniorFull TimeEN
Calamatta Cuschieri Moneybase is one of Malta’s largest financial services firms that pioneered the Maltese financial services industry as early as 1971. With a philosophy to consistently service clients in an honest and personalised manner, we have moved from strength to strength gaining an excellent reputation along the way.
Moneybase a multi-award-winning finance platform that allows individuals and businesses to easily manage all their financial needs, from daily payments to and investments to treasury and wealth management.
Role Overview:
The Head of Enterprise Risk Management is a senior leadership role and an MFSA Approved Person, responsible for designing, implementing, and maintaining a robust, proportionate, and forward-looking enterprise risk management framework for Calamatta Cuschieri Investment Services and Moneybase which enables proactive risk identification and strategic decision-making.
The role sits within the second line of defence and reports directly to the Chief Compliance Officer (CCO). The postholder will own the Internal Capital Adequacy and Risk Assessment (ICARA) process under IFR/IFD, lead the firm's approach to operational resilience and DORA compliance, and provide independent risk oversight and challenge across all material risk categories. They will be the primary risk management interface with the MFSA, the Board Risk Committee, and senior management.
Duties & Responsibilities:
Own and maintain the firm's Enterprise Risk Management (ERM) framework, ensuring it is appropriate for a dual-licence financial institution and MiFID investment firm operating in a digital environment
Develop and maintain the Risk Appetite Statement (RAS), ensuring it is Board-approved, operationally meaningful, and actively used by management in decision-making
Maintain the firm's risk register across all material risk categories, ensuring risks are properly identified, assessed, owned, and mitigated
Design and oversee the Key Risk Indicator (KRI) framework, ensuring indicators are leading where possible and that escalation thresholds are clearly defined
Chair or support the Risk Management Committee and present to the Board Risk Committee on a regular basis
Ensure the three lines of defence model operates effectively, with clear delineation between first-line risk ownership and second-line risk oversight
Embed a risk-aware culture across the organisation through training, communication, and consistent challenge of first-line risk decisions
Own ICARA end-to-end responsibility for the Internal Capital Adequacy and Risk Assessment (ICARA) process under IFR Article 24 and IFD Article 29, including annual completion, stress testing, and Board approval. Calculate and monitor K-factor requirements in collaboration with Finance
Own the operational risk framework, including the operational risk taxonomy, loss event database, risk and control self-assessments (RCSAs), and scenario analysis
Oversee the firm's Digital Operational Resilience Act (DORA) implementation and ongoing compliance, including ICT risk management, ICT-related incident classification, reporting, and the ICT third-party risk register and testing mandated by DORA
Oversee business continuity management (BCM) and disaster recovery (DR) frameworks, ensuring they are tested regularly and meet regulatory expectations
Identify, assess, and monitor financial risks relevant to the firm's activities, including liquidity risk, counterparty risk, concentration risk etc
Ensure financial risk metrics are integrated into the KRI framework and reported to the Board Risk Committee in a timely and meaningful way
Oversee operational and risk management obligations specific to the payment institution and e-money institution licenses
Act as the firm's primary point of contact with MFSA on risk and prudential supervisory matters
Follow developments relevant to the risk function including IFR/IFD updates, DORA RTS/ITS, EBA guidelines, and ESMA guidance and assess their impact on the firm's risk framework
Monitor PSD3 legislative progress and assess implications for the firm's payment institution risk framework
Minimum 3-5 years of experience in risk management within a regulated financial services environment, with at least 2 years at a senior / head of function level
Demonstrable experience owning and producing an ICARA (or ICAAP in a banking context)
Direct experience with MiFID II investment firm prudential requirements
Hands-on experience with enterprise risk frameworks risk appetite, risk registers, KRIs, RCSAs, and stress testing
Strong working knowledge of DORA and practical experience implementing or overseeing ICT risk and operational resilience frameworks
Experience preparing and presenting risk reports to Boards and Board Risk Committees
Experience engaging directly with financial services regulators
Experience in a dual-license or multi-regulated environment spanning both investment services and payment/e-money activities
Familiarity with PSD2 operational risk and incident reporting requirements
Experience with MiCA or crypto-asset risk (relevant given potential business expansion)
Prior exposure to DORA testing programme management or oversight
Deep knowledge of IFR/IFD, DORA
Sound understanding of operational risk
Ability to read and interpret primary EU regulation and EBA/ESMA technical standards
Remuneration
We are committed to attracting and selecting top people to join our team. We are also committed to creating a workplace that encourages individual growth; we value our people and their well-being.
What we offer:
- Health Insurance and fitness allowances
- Study Leave
- Fully paid sponsorship schemes for further studies
- Exposure to the very latest technologies
- Opportunities for career growth
- Variable bonus linked to KPI
Visit our home page to see more about our company
All Applications will be acknowledged and treated with maximum confidentiality
“The enduring goal of Calamatta Cuschieri is that the composition of our workforce should reflect that of the communities in which we work.”
Reference: CCMT00326
