Senior Risk Management & Controls Manager

Job Description: 

Senior Risk Management & Controls Manager

(Remote Candidates will be considered)  

Our Story and Our Purpose  

National Digital Trust Company (In Organization) has received conditional approval from the Office of the Comptroller of the Currency to open as a federally chartered trust bank to provide a broad range of digital asset services.

We are building a specialized financial institution addressing the growing demand for digital asset services. Our primary business will focus on digital asset custody, providing secure, efficient custodial and fiduciary services for a variety of digital assets.

You will work with foundational systems and processes to help shape our operating model and influence how a new category of financial infrastructure comes to market.

We are looking for builders who handle complexity with confidence and tackle ambitious opportunities while keeping pace with this rapidly evolving industry. 

Our Principles 

Greatness is a mindset, not an accomplishment. Mediocrity is unacceptable. Excellence is contagious. We hire people because we believe in their greatness. Now is the time to prove us right.

Responsibility comes with the territory. Everyone is an owner, which means we share a common vision and mutual accountability. We act in line with our strategic objectives and the trust our customers place in us. We believe there is no such thing as "not my problem." Taking this level of ownership not only drives our collective success but also offers the potential for significant reward.

Innovation and adaptation are in our DNA. We are in a period of the most dramatic and rapid period of technological change in the history of humankind. Those that stay ahead will thrive, those that don't, won't. We innovate intelligently and thrive on overcoming challenges, to get (at least) a little better every day and ensure our continued growth and success.

Team first. We are reliable teammates working together toward extraordinary success through honesty and accountability. We believe collaboration knows no hierarchy, and we focus on what matters.  We work toward consensus, but when necessary, we disagree and commit. We know that winners win.

Job Overview 

The Senior Risk Management & Controls Manager is a senior first line of defense leader within Operations, reporting to the Chief Control Officer. The role owns the design, build-out, and ongoing execution of the first line's risk and control framework — translating enterprise risk methodology and regulatory expectations set by the second line of defense into operational controls, control testing, and remediation activity that the business actually runs.

This individual performs senior-level risk and control analysis across operational, technology, regulatory, financial-crime, and digital-asset risk domains. They serve as the principal liaison between Operations and (a) the Chief Risk Officer / Chief Compliance Officer organizations (second line of defense), (b) Internal Audit (third line of defense), and (c) executive leadership, while guiding fellow first-line teams — business units, product, technology, vendor management, and operations — on risk identification, control design, and remediation execution.

Objectives 

First-Line Control Framework Execution

• Build, maintain, and continuously improve the first line's control framework — the operational expression of enterprise risk methodology — including the inventory of key controls, control narratives, control owners, evidence standards, and testing cadence.

• Translate second-line policies, frameworks, and standards (risk taxonomy, risk appetite, control objectives, RCSA methodology) into first-line procedures, work instructions, and operational control designs the business can execute.

• Lead first-line control testing, control quality assurance (QA), and self-identified issue management; differentiate clearly from independent assurance performed by 2LoD monitoring & testing and 3LoD internal audit.

• Own the first-line side of the Risk and Control Self-Assessment (RCSA): drive first-line participation, calibrate ratings within the operations group, and ensure RCSA outputs reflect operational reality.

• Maintain traceability between processes, risks, controls, issues, key risk indicators (KRIs), and remediation plans within the bank's GRC platform.

Senior Risk & Controls Analysis

• Perform senior-level analysis of operational losses, near-misses, control breakdowns, customer complaints, and emerging risk events; lead root-cause analysis and ensure lessons learned are codified into updated controls and procedures.

• Develop and refine first-line KRIs, control health dashboards, and composite risk views that quantify inherent risk, control effectiveness, and residual risk at the process, product, and business-unit level.

• Conduct deep-dive risk reviews on new products, new markets, material process changes, third-party relationships, and technology releases prior to launch.

Digital Assets & Cryptocurrency Controls

• Serve as the Operations group's senior subject-matter expert on digital asset and cryptocurrency controls, including custody models (omnibus, segregated, qualified custodian), hot/warm/cold wallet architecture, key management and HSM controls, on-chain/off-chain settlement, stablecoin operations, blockchain analytics, smart-contract operational risk, and counterparty exposure to digital-asset intermediaries.

• Design and operate first-line controls addressing FinCEN, OFAC, SEC, CFTC, OCC, FRB, FDIC, NYDFS, and state-level expectations applicable to digital-asset banking — including the Travel Rule, sanctions screening on virtual asset service providers (VASPs) and counterparty wallets, wallet whitelisting/blacklisting, deposit address attribution, and crypto-specific BSA/AML typologies.

• Operationalize controls aligned to evolving guidance such as SR 26-2, FFIEC bulletins on digital assets, Basel BCBS prudential treatment of crypto exposures, OCC Interpretive Letters on bank custody of digital assets, and emerging federal market-structure legislation.

• Partner with Treasury, Operations, Technology, and Compliance on key control points across the digital-asset trade lifecycle: client onboarding, transaction monitoring, reconciliation between sub-ledger and on-chain balances, custody attestations, key ceremonies, and incident response.

Liaison with Executive Leadership, 2LoD & 3LoD

• Serve as the Chief Control Officer's principal delegate in interactions with the Chief Risk Officer, Chief Compliance Officer, General Counsel, and Chief Auditor, and with their respective second- and third-line teams.

• Prepare and present first-line risk and control reporting to the Chief Operating Officer, executive committees, and the Risk Committee of the Board — including residual risk views, control effectiveness summaries, issue aging, and remediation status.

• Coordinate first-line responses to second-line monitoring & testing reviews, internal audit engagements, and regulatory examinations — including evidence production, walkthrough facilitation, and management responses.

• Track 2LoD challenges, audit findings, and regulatory observations through closure; validate remediation evidence before submission for independent validation.

Guidance Across the First Line

• Advise fellow first-line leaders — business unit heads, product owners, technology leaders, vendor managers, and operations managers — on risk identification, control design alternatives, control rationalization, and remediation strategies, balancing risk reduction with operational efficiency.

• Embed risk-aware design into new products, new markets, third-party relationships, and technology changes, with particular focus on digital-asset custody, payments, and settlement workflows.

• Deliver targeted training, office hours, and enablement content to first-line control owners, process owners, and risk champions; build a community of practice across the operations group.

Continuous Improvement & GRC Tooling

• Drive continuous improvement of the first line's GRC tooling and workflows (e.g., ServiceNow IRM, RSA Archer, OneTrust, MetricStream, LogicGate) to strengthen automation, evidence capture, control testing throughput, and reporting precision.

• Champion the use of analytics, automation, and AI-enabled tools to scale first-line control execution while maintaining auditability.

What you bring to NDTC

Required Qualifications

• Education: Bachelor's degree in Finance, Accounting, Economics, Risk Management, Computer Science, Business, or a related discipline.
• Experience: Minimum 8–12 years of progressive experience in operational risk, business controls, internal controls, internal audit, or regulatory compliance within a bank, broker-dealer, fintech, or digital-asset firm; at least 3 years in a senior or lead role within a first-line control function (CCO/COO organization).
• Program Ownership: Demonstrated ownership of a first-line control program — including procedure drafting, control testing/QA, RCSA execution, and issue management.
• Digital Assets: Working knowledge of digital asset / cryptocurrency operational risk: custody models, key management, on-chain analytics, stablecoins, DeFi exposure pathways, smart-contract risk, and Travel Rule compliance.
• Regulatory: Strong command of COSO Internal Control – Integrated Framework, COSO ERM, ISO 31000, FFIEC IT and BSA/AML examination handbooks, OCC Heightened Standards, SR 11-7 / SR 26-2, and SOX (where applicable).
• Executive Presence: Demonstrated success briefing C-suite, board committees, examiners, and internal/external auditors with clarity, candor, and credibility.

Preferred Qualifications

• Advanced Education: Master's degree (MBA, MS Finance, MS Risk Management, MS Financial Mathematics) or equivalent advanced training.
• Certifications: Professional certifications: CRISC, CISA, CIA, CRCM, CAMS, CFE, CRM, FRM, CCRO, or PRM. Crypto-focused credentials (CCAS – Certified Cryptocurrency Auditor Specialist, CCFC, CDAA) strongly preferred.
• Examination Experience: Direct experience supporting OCC, FRB, FDIC, NYDFS, SEC, FINRA, or state-banking examinations and consent-order remediation as a first-line owner.
• De Novo Experience: Direct experience standing up the operational control environment of a de novo bank, trust company, or digital-asset-licensed entity (BitLicense, state trust charter, OCC trust charter, or comparable).
• Tooling: Hands-on use of GRC platforms (ServiceNow IRM, RSA Archer, MetricStream, LogicGate, OneTrust) and blockchain analytics tooling (Chainalysis, TRM Labs, Elliptic).

Technical Requirements

• Advanced Microsoft Excel (modeling, dashboards), Word, PowerPoint, and Visio.
• Working proficiency with SQL, Python, or PowerBI/Tableau for control analytics.
• Familiarity with model risk management (SR 11-7), AI/ML governance, and emerging guidance on AI-enabled controls and monitoring.

Core Competencies

• Senior judgment and operational pragmatism — the ability to design controls that are effective, efficient, and executable within real business processes.
• Exceptional written and verbal communication, including the ability to translate technical findings into board-level narratives.
• Ownership mindset, regulatory poise, and discretion in handling sensitive information.
• Proven ability to lead cross-functional initiatives without direct authority.

We promote diversity of thought, culture, background, and experience. We are an equal opportunity employer, and employment at our company is based solely on one's merit and qualifications directly related to professional competence. We do not discriminate based on race, creed, color, ancestry, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, military or veteran status, or any other characteristics protected by law. 

 Featured benefits 

• Employer-provided: Medical, Dental, and Vision insurance, 401(k), life and disability insurance.