• Supports the Bank’s enterprise-wide BSA/AML/OFAC Program • Assists management in minimizing the Bank’s exposure to BSA/AML/OFAC risk by performing due diligence of complex commercial customers • Utilizes a variety of resources to assess customers for BSA/AML/OFAC risk • Recommends appropriate risk mitigation • Keeps abreast of BSA/AML/OFAC regulations and financial crime trends • Understands the Bank’s risk appetite to assist in managing and identifying higher risk accounts • Manages processes for identification, tracking, risk classification and review of high-risk accounts • Develops, implements and maintains written procedures to support Customer Risk functions • Provides Customer Risk metrics and data for committee and Board reporting • Assists with gap analysis and review of target bank customer base for impact of future acquisitions/mergers

• Maintain and operationalize the comprehensive Enterprise Risk Management (ERM) framework and policies. • Conduct regular risk assessments targeting financial, operational, cyber, and crypto-specific threats (e.g., custody risks, settlement risks, and blockchain-specific vulnerabilities). • Monitor and track daily Key Risk Indicators (KRIs), flagging emerging trends and vulnerabilities to the team before they impact operations. • Partner with internal business lines to ensure risk policies are actively embedded. • Assist in preparing documentation and evidence for the Banco de España, CNMV, and external auditors regarding risk management and compliance metrics. • Support the execution and rigorous testing of business continuity, crisis management, and ICT response plans to ensure full alignment with DORA requirements. • For entities managing tokenized frameworks or fiat components, monitor safeguarding regimes and capital requirements to maintain strict compliance with EU standards.

• Lead cybersecurity and data privacy risk scoping and planning for mergers, acquisitions, divestitures, joint ventures, and other strategic transactions • Coordinate MA&D cybersecurity and privacy readiness assessments with external providers • Review and synthesize provider assessment outputs, translating technical findings into clear, business-focused risk summaries • Develop and present structured recommendations to support deal decisions • Partner with Corporate Development, Cybersecurity, Privacy, Legal, IT, and business leaders to integrate cybersecurity and privacy risk considerations into deal evaluation • Coordinate Day 1 cyber readiness activities and support the design and implementation of future-state cyber operating models • Convert assessment findings into actionable remediation plans with clear owners, timelines, and tracking mechanisms • Contribute to the development and continuous improvement of MA&D risk management standards, procedures, and playbooks

• Lead the development and execution of go-to-market strategies across key industries and geographies, particularly in the tristate area. • Identify emerging client needs and align RAS offerings to meet them. • Serve as a trusted advisor to clients, delivering high-impact risk solutions. • Drive expansion within existing accounts and lead pursuits for new business opportunities. • Champion the evolution of RAS offerings, including Internal Audit, Risk Management, ESG, Regulatory Compliance, and Risk Analytics. • Partner with RAS leadership to align resources, develop talent, and ensure high-quality delivery.