Director, Enterprise Risk Management

 Posted 5 hours ago
     
5-10 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Design and implement a comprehensive Enterprise Risk Management framework and risk taxonomy specifically for digital assets and regulated financial services. Act as an individual contributor managing the entire risk lifecycle, from identifying emerging threats to validating remediation actions and reporting to the Board.


Role Summary

We are looking for an absolute doer, not a delegator. Reporting to the Head of Risk, this is an individual contributor role where you will operate essentially as a one-person ERM team. If you are looking to sit in a Second Line ivory tower, review other people’s work, and write high-level policy memos, this is not the role for you.


In our lean, fast-scaling environment, you must have the willingness and capability to completely roll up your sleeves and own the entire risk lifecycle from A to Z. You are the Stage 1 triager who drops everything to dive into messy data, investigate real-time incidents, and cut through noise to diagnose what is broken. Simultaneously, you are the Stage 2 builder who executes the actual grunt work required to fix it—writing the risk registers, configuring the tracking tools, co-designing automated controls with engineers, and building your own executive slide decks.


We want a gritty, highly technical creator who treats risk as an operational engineering problem and leverages AI and automation to scale themselves, ensuring that a lean infrastructure can punch way above its weight.


Key Responsibilities

ERM Framework & Governance

  • Design, implement, and continuously improve the Enterprise Risk Management framework, risk taxonomy, risk registers, and risk appetite statements specific to digital assets and regulated financial services.
  • Provide strategic direction for risk mitigation and operational improvement initiatives, guiding them from conception through completion in partnership with First Line business owners.
  • Validate the design and implementation of sustainable controls established by the First Line to address identified risks, audit findings, and compliance gaps.
  • Maintain and evolve risk policies, standards, and procedures aligned with regulatory expectations (including NYDFS) and industry best practices.

Business Risk Support (Counterparty, Market & Operational)

  • Oversee and drive risk mitigation efforts related to counterparty exposure, including the assessment and ongoing monitoring of institutional partners, custodians, market makers, and liquidity providers.
  • Support business-centric risk initiatives across market risk, liquidity risk, and operational risk — providing Second Line challenge and guidance to First Line owners.
  • Partner with business and product teams on the risk-clearing process for new product launches, token listings, and partner integrations, providing independent Second Line review.

Risk Assessment & Monitoring

  • Conduct enterprise-wide risk assessments across financial, operational, strategic, and technological domains — including crypto-specific risks such as custody, stablecoin peg stability, and on-chain exposure — to evaluate enterprise risk levels.
  • Monitor emerging risks (regulatory, market, technology, and cyber) and provide early warning and recommended actions to the Head of Risk and executive team.

Remediation Oversight

  • Oversee and drive risk mitigation tied to audit findings, regulatory exam observations, and self-identified issues, holding First Line owners accountable for execution and sustainability.
  • Validate the design and implementation of remediation actions, track progress to closure, and report status to leadership and the Risk Committee of the Board.

Change Management & Cross-Functional Influence

  • Lead change management associated with ERM transformations, supporting smooth adoption of new risk policies, frameworks, and systems across the enterprise.
  • Partner with department heads, Legal, Compliance, Internal Audit, Finance, and Technology/Product teams to coordinate effective risk strategies — driving execution through cross-functional influence rather than direct ownership of First Line controls.

AI, Tooling & Continuous Improvement

  • Embrace AI and agentic workflows to increase the speed, accuracy, and scalability of Second Line activities — including risk assessments, control validation, issue tracking, and reporting.
  • Maintain a hard focus on continuous improvement in how risks are identified, escalated, tracked, validated, and remediated — challenging legacy approaches and removing manual friction wherever possible.
  • Identify, evaluate, and help operationalize new tools, automations, and data-driven approaches to risk monitoring; partner with Technology, Data, and First Line teams to bring them to life.
  • Operate as a builder and creator — designing better ways of working, prototyping improvements, and measurably raising the bar over time — rather than administering existing processes for their own sake.

Reporting & Communication

  • Prepare risk reporting, analysis, and materials in support of the Head of Risk, who serves as the primary interface to executive leadership, the Risk Committee of the Board, and regulators (including NYDFS).
  • Translate complex risk scenarios into clear, actionable insights for technical and non-technical audiences.

Qualifications and Skills

  • Education: Bachelor’s degree in Business Administration, Finance, Economics, Law, or a related field. Relevant certifications (e.g., FRM, PRM, CRISC, or CRMA) are a plus.
  • Experience: 7–10 years of progressive, hands-on experience in enterprise risk management, internal audit, or compliance — including direct experience designing risk frameworks, performing risk assessments, and executing Second Line monitoring and challenge activities.
  • Execution & Influence: Ability to drive execution through cross-functional influence, operating effectively as an individual contributor in the Second Line — overseeing rather than performing First Line activities.
  • Industry Knowledge: Solid understanding of the crypto and blockchain ecosystem, digital assets, and their unique risk profiles (e.g., custody models, Layer 1/Layer 2 architectures, DeFi primitives, stablecoin dynamics).
  • Regulated Environment Experience: Track record working within a regulated financial, banking, or digital asset environment; familiarity with NYDFS, SEC, MiCA, or comparable regulatory regimes preferred.
  • Counterparty & Market Risk Acumen: Working knowledge of counterparty risk assessment, market and liquidity risk concepts, and operational risk frameworks.
  • Builder Mindset: A builder/creator orientation — energized by designing and improving processes rather than administering them. Curious, resourceful, and willing to prototype, automate, and iterate.
  • AI & Agentic Workflow Fluency: Demonstrated interest in (and ideally hands-on use of) AI tools, agentic workflows, and automation to make risk and control work faster, sharper, and more data-driven.
  • Continuous Improvement Bias: A hard focus on continuous improvement in how risks are tracked, validated, and remediated — challenges status quo, identifies friction, and proposes better approaches.
  • Change Management: Proven ability to support strategic change initiatives, navigate resistance, and drive cultural alignment around risk management principles.
  • Communication Skills: Strong stakeholder management and executive presence, with the ability to articulate complex risk scenarios to non-technical audiences, the Head of Risk, the Board, and regulators.


Bakkt is devoted to having diversity in its workforce and is proud to be an equal opportunity employer. Bakkt does not make any employment decisions based on race, color, religion, sex, national origin, veteran status, disability, age, sexual orientation, gender identity or any other characteristic protected by law. Must successfully pass a post-offer background check and drug screen. 


California Candidate Privacy Notice
Before submitting your application, please review Bakkt's California Candidate Privacy Notice and Notice at Collection, which explains how Bakkt collects, uses, retains, and discloses applicant and candidate personal information during the recruiting process. The notice is available here: https://bakkt.com/candidate-privacy/

Similar Jobs

See all Remote Others jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Others

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified