Skip to content

Head of Risk

  • On-site
    • Birkirkara, Birkirkara, Malta
  • Risk

Job description

Calamatta Cuschieri Moneybase is one of Malta’s largest financial services firms that pioneered the Maltese financial services industry as early as 1971. With a philosophy to consistently service clients in an honest and personalised manner, we have moved from strength to strength gaining an excellent reputation along the way. 

Moneybase a multi-award-winning finance platform that allows individuals and businesses to easily manage all their financial needs, from daily payments to and investments to treasury and wealth management. 

 

Role Overview:

The Head of Enterprise Risk Management is a senior leadership role and an MFSA Approved Person, responsible for designing, implementing, and maintaining a robust, proportionate, and forward-looking enterprise risk management framework for Calamatta Cuschieri Investment Services Ltd (the MiFID investment firm) and Moneybase Ltd (the financial institution holding an EMI licence). The role enables proactive risk identification and strategic decision-making across both licensed entities.

The role sits within the second line of defence and reports directly to the Chief Risk, Compliance and Financial Crime Officer.

The postholder will own the Internal Capital Adequacy and Risk Assessment (ICARA) process under IFR/IFD, lead the firm’s approach to operational resilience and DORA compliance, and provide independent risk oversight and challenge across all material risk categories. They will be the primary risk management interface with the MFSA, the Board Risk Committee, and senior management.

The wider Calamatta Cuschieri Moneybase group also holds a CSP Class C licence and a fund administrator licence, each with its own risk manager. This role includes a group-level coordination responsibility to ensure consolidated risk reporting and coherence across all licensed entities, without owning the risk frameworks of those separate entities.


Duties & Responsibilities:

  • Own and maintain the firm’s Enterprise Risk Management (ERM) framework, ensuring it is appropriate for a dual-licence financial institution (EMI) and MiFID investment firm operating in a digital environment.

  • Develop and maintain the Risk Appetite Statement (RAS), ensuring it is Board-approved, operationally meaningful, and actively used by management in decision-making. The RAS must cover both investment services and payment/e-money activities with defined thresholds and escalation triggers.

  • Maintain the firm’s risk register across all material risk categories, ensuring risks are properly identified, assessed, owned, and mitigated.

  • Design and oversee the Key Risk Indicator (KRI) framework, ensuring indicators are leading where possible, that escalation thresholds are clearly defined, and that KRIs cover prudential, operational, ICT, and payment/e-money risk categories.

  • Support the Risk Management Committee and present to the Board Risk Committee on a regular basis.

  • Ensure the three lines of defence model operates effectively, with clear delineation between first-line risk ownership and second-line risk oversight

  • Embed a risk-aware culture across the organisation through training, communication, and consistent challenge of first-line risk decisions.

  • Own end-to-end responsibility for the Internal Capital Adequacy and Risk Assessment (ICARA) process under IFR Article 24 and IFD Article 29, including annual completion, stress testing, and Board approval.

  • Calculate and monitor K-factor requirements (risk-to-client, risk-to-market, risk-to-firm) in collaboration with Finance, ensuring the firm maintains adequate own funds and liquid assets at all times.

  • Identify, assess, and monitor financial risks relevant to the firm’s activities, including liquidity risk, counterparty risk, concentration risk, settlement risk, and FX risk.

  • Ensure financial risk metrics are integrated into the KRI framework and reported to the Board Risk Committee in a timely and meaningful way.

  • Own the operational risk framework, including the operational risk taxonomy, loss event database, risk and control self-assessments (RCSAs), and scenario analysis.

  • Oversee the firm’s Digital Operational Resilience Act (DORA) implementation and ongoing compliance, including ICT risk management, ICT-related incident classification and reporting, and the ICT third-party risk register and testing mandated by DORA.

  • Oversee business continuity management (BCM) and disaster recovery (DR) frameworks, ensuring they are tested regularly and meet regulatory expectations.

    Payment and E-Money Risk

  • Oversee operational and risk management obligations specific to the payment institution and e-money institution licences under PSD2/EMD2.

  • Monitor PSD3 legislative progress and assess implications for the firm’s payment institution risk framework.

    Regulatory Engagement and Horizon Scanning

  • Act as the firm’s primary point of contact with MFSA on risk and prudential supervisory matters.

  • Follow developments relevant to the risk function — including IFR/IFD updates, DORA RTS/ITS, EBA guidelines, and ESMA guidance and assess their impact on the firm’s risk framework.

  • Prepare for and manage MFSA on-site inspections, supervisory review visits, and risk mitigation programme responses as required.

  • Act as the senior risk point of contact across the Calamatta Cuschieri Moneybase group for purposes of consolidated risk reporting to the Board Risk Committee, ensuring a coherent group-level view of material risks.

  • Coordinate with the CSP and investment management company risk managers to ensure consistency in risk taxonomy, escalation protocols, and risk appetite alignment across the group.

  • Identify and escalate group-level concentration risks or correlated risks that may not be visible at individual entity level.

  • Ensure that group-wide regulatory developments (e.g., DORA, MFSA thematic reviews) are communicated and addressed consistently across all licensed entities.

Job requirements

  • Degree-level education in finance, economics, law, risk management, or a related discipline.

  • No adverse regulatory history; ability to satisfy MFSA Fit and Proper requirements as an Approved Person.Minimum 3-5 years of experience in risk management within a regulated financial services environment, with at least 2 years at a senior / head of function level

  • Demonstrable experience owning and producing an ICARA (or ICAAP in a banking context)

  • Direct experience with MiFID II investment firm prudential requirements

  • Hands-on experience with enterprise risk frameworks risk appetite, risk registers, KRIs, RCSAs, and stress testing

  • Strong working knowledge of DORA and practical experience implementing or overseeing ICT risk and operational resilience frameworks

  • Experience preparing and presenting risk reports to Boards and Board Risk Committees

  • Experience engaging directly with financial services regulators

  • Experience in a dual-license or multi-regulated environment spanning both investment services and payment/e-money activities

  • Familiarity with PSD2 operational risk and incident reporting requirements

  • Experience with MiCA or crypto-asset risk (relevant given potential business expansion)

  • Prior exposure to DORA testing programme management or oversight

  • Deep knowledge of IFR/IFD, DORA

  • Sound understanding of operational risk

  • Ability to read and interpret primary EU regulation and EBA/ESMA technical standards

Desirable Experience:

  • Experience in a dual-licence or multi-regulated environment spanning both investment services and payment/e-money activities.

  • Familiarity with PSD2 operational risk and incident reporting requirements.

  • Experience with MiCA or crypto-asset risk

  • Prior exposure to DORA testing programme management or oversight.

  • Experience coordinating risk oversight across a group structure with multiple licensed entities and separate risk functions.

  • Familiarity with fund administration risk concepts (NAV calculation risk, valuation risk) sufficient to engage meaningfully at group level.

  • Experience with MFSA supervisory engagement, including on-site inspections and supervisory review and evaluation processes.

  • Professional risk management qualification.

  • Essential Technical Knowledge

  • Deep knowledge of IFR/IFD, including K-factor requirements, own funds obligations, and the ICARA process.

  • Deep knowledge of DORA, including ICT risk management, incident classification, third-party risk management, and testing requirements.

  • Sound understanding of operational risk management frameworks.

  • Understanding of PSD2/EMD2 risk and operational requirements.

  • Ability to read and interpret primary EU regulation and EBA/ESMA technical standards.

Remuneration

We are committed to attracting and selecting top people to join our team. We are also committed to creating a workplace that encourages individual growth; we value our people and their well-being.

What we offer:

- Health Insurance and fitness allowances
- Study Leave

- Fully paid sponsorship schemes for further studies

- Exposure to the very latest technologies

- Opportunities for career growth
- Variable bonus linked to KPI

Visit our home page to see more about our company

All Applications will be acknowledged and treated with maximum confidentiality

“The enduring goal of Calamatta Cuschieri is that the composition of our workforce should reflect that of the communities in which we work.”

Reference: CCMT00326

or