Director – Regulatory Compliance & MLRO
Nium
Risk Officer
Maintenance of Way Equipment Services
full-time
Posted on:
Origin: • 🇧🇷 Brazil
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
TFS
About the role
- Establish and maintain a proportionate, risk-based framework aligned to Salvadoran regulators (SSF/CNAD/BCR) and international standards (ISO 31000/COSO).
- Define the risk taxonomy, Risk Appetite Statement, limits, and governance (Board/Risk Committee reporting).
- Serve as the primary contact on risk topics with SSF/CNAD/BCR and support exams and information requests in coordination with Compliance/Legal.
- Independently challenge the MLRO/Compliance on AML/CFT, sanctions (TFS), KYC/KYB, monitoring quality, SAR/STR escalation pathways, screening coverage, and control effectiveness.
- Run RCSA and control testing, capture incidents/loss events, maintain risk registers, monitor KRIs, and track issues/remediation to closure.
- Map important business services and third-party dependencies; set impact tolerances; oversee BCP/DR and outsourcing/TPRM (due diligence, SLAs, audit rights, exit/contingency plans).
- Lead product/change risk assessments across payments/crypto, custody/flow, market/price/FX, liquidity/settlement, technology/cyber and data protection, including scenario testing.
- Maintain clear escalation routes to the CEO/Board for material risk events or limit breaches and table action plans with owners and verification.
- Deliver targeted training on risk appetite, incident reporting, outsourcing, and operational resilience; promote a speak-up, risk-aware culture.
- Draft, review, and update Risk Management Framework, Operational Risk Policy, Outsourcing/TPRM Policy, Incident & Issues Management, and BCP/DR standards.
- Produce timely decision-ready risk dashboards/heatmaps and quarterly Board packs; maintain audit-ready evidence of assessments, reviews, and decisions.
Requirements
- Based in El Salvador or willing to relocate; able to travel regionally as needed.
- 3+ years in risk management/operational risk within payments/fintech/crypto or a supervised entity.
- Close collaboration experience with Compliance/MLRO functions.
- Direct experience engaging with SSF (Superintendencia del Sistema Financiero), CNAD (Comisión Nacional de Activos Digitales), and where relevant BCR and the UIF.
- Ability to coordinate timely regulatory escalations/notifications on risk matters.
- Hands-on experience with RCSA, KRI dashboards, incident/loss event capture, issues/remediation tracking, stress/scenario testing, outsourcing/TPRM, and operational resilience (BCP/DR, impact tolerances).
- Strong grasp of AML/CFT, sanctions (TFS), KYC/KYB, screening and STR/SAR escalation; capable of independent challenge to first line while partnering with MLRO.
- Working knowledge of El Salvador AML/CFT law, CNAD/SSF rules for digital-asset/crypto services, and international standards (FATF, ISO 31000/COSO).
- Understanding of payments and crypto flows (on/off-ramp, custody, liquidity/settlement, market/FX/price risk).
- Exposure to information-security/data protection risks.
- Proven track record owning risk outcomes, setting risk appetite/limits, and making evidence-based recommendations to senior management/Board.
- Familiarity with risk/compliance processes in multi-jurisdiction groups and cross-border operations.
- Degree in business/finance/law/risk (or equivalent).
- Preferred: ACAMS/ICA, ISO 31000, FRM/PRM or similar; crypto-specific credentials a plus.
- Spanish and English (professional fluency) and strong written reporting skills.
