California Candidate Privacy Notice: Before submitting your application, please review Bakkt's California Candidate Privacy Notice and Notice at Collection, which explains how Bakkt collects, uses, retains, and discloses applicant and candidate personal information during the recruiting process.
Director, Enterprise Risk Management
Location
United States
Posted
3 days ago
Salary
0
Seniority
Lead
No structured requirement data.
Job Description
Director, Enterprise Risk Management
Bakkt
Role Description We are looking for an absolute doer, not a delegator. Reporting to the Head of Risk, this is an individual contributor role where you will operate essentially as a one-person ERM team. If you are looking to sit in a Second Line ivory tower, review other people’s work, and write high-level policy memos, this is not the role for you. In our lean, fast-scaling environment, you must have the willingness and capability to completely roll up your sleeves and own the entire risk lifecycle from A to Z. You are the Stage 1 triager who drops everything to dive into messy data, investigate real-time incidents, and cut through noise to diagnose what is broken. Simultaneously, you are the Stage 2 builder who executes the actual grunt work required to fix it—writing the risk registers, configuring the tracking tools, co-designing automated controls with engineers, and building your own executive slide decks. We want a gritty, highly technical creator who treats risk as an operational engineering problem and leverages AI and automation to scale themselves, ensuring that a lean infrastructure can punch way above its weight. Qualifications - Bachelor’s degree in Business Administration, Finance, Economics, Law, or a related field. Relevant certifications (e.g., FRM, PRM, CRISC, or CRMA) are a plus. - 7–10 years of progressive, hands-on experience in enterprise risk management, internal audit, or compliance — including direct experience designing risk frameworks, performing risk assessments, and executing Second Line monitoring and challenge activities. - Ability to drive execution through cross-functional influence, operating effectively as an individual contributor in the Second Line — overseeing rather than performing First Line activities. - Solid understanding of the crypto and blockchain ecosystem, digital assets, and their unique risk profiles (e.g., custody models, Layer 1/Layer 2 architectures, DeFi primitives, stablecoin dynamics). - Track record working within a regulated financial, banking, or digital asset environment; familiarity with NYDFS, SEC, MiCA, or comparable regulatory regimes preferred. - Working knowledge of counterparty risk assessment, market and liquidity risk concepts, and operational risk frameworks. - A builder/creator orientation — energized by designing and improving processes rather than administering them. Curious, resourceful, and willing to prototype, automate, and iterate. - Demonstrated interest in (and ideally hands-on use of) AI tools, agentic workflows, and automation to make risk and control work faster, sharper, and more data-driven. - A hard focus on continuous improvement in how risks are tracked, validated, and remediated — challenges status quo, identifies friction, and proposes better approaches. - Proven ability to support strategic change initiatives, navigate resistance, and drive cultural alignment around risk management principles. - Strong stakeholder management and executive presence, with the ability to articulate complex risk scenarios to non-technical audiences, the Head of Risk, the Board, and regulators. Requirements - Design, implement, and continuously improve the Enterprise Risk Management framework, risk taxonomy, risk registers, and risk appetite statements specific to digital assets and regulated financial services. - Provide strategic direction for risk mitigation and operational improvement initiatives, guiding them from conception through completion in partnership with First Line business owners. - Validate the design and implementation of sustainable controls established by the First Line to address identified risks, audit findings, and compliance gaps. - Maintain and evolve risk policies, standards, and procedures aligned with regulatory expectations (including NYDFS) and industry best practices. - Oversee and drive risk mitigation efforts related to counterparty exposure, including the assessment and ongoing monitoring of institutional partners, custodians, market makers, and liquidity providers. - Support business-centric risk initiatives across market risk, liquidity risk, and operational risk — providing Second Line challenge and guidance to First Line owners. - Partner with business and product teams on the risk-clearing process for new product launches, token listings, and partner integrations, providing independent Second Line review. - Conduct enterprise-wide risk assessments across financial, operational, strategic, and technological domains — including crypto-specific risks such as custody, stablecoin peg stability, and on-chain exposure — to evaluate enterprise risk levels. - Monitor emerging risks (regulatory, market, technology, and cyber) and provide early warning and recommended actions to the Head of Risk and executive team. - Oversee and drive risk mitigation tied to audit findings, regulatory exam observations, and self-identified issues, holding First Line owners accountable for execution and sustainability. - Validate the design and implementation of remediation actions, track progress to closure, and report status to leadership and the Risk Committee of the Board. - Lead change management associated with ERM transformations, supporting smooth adoption of new risk policies, frameworks, and systems across the enterprise. - Partner with department heads, Legal, Compliance, Internal Audit, Finance, and Technology/Product teams to coordinate effective risk strategies — driving execution through cross-functional influence rather than direct ownership of First Line controls. - Embrace AI and agentic workflows to increase the speed, accuracy, and scalability of Second Line activities — including risk assessments, control validation, issue tracking, and reporting. - Maintain a hard focus on continuous improvement in how risks are identified, escalated, tracked, validated, and remediated — challenging legacy approaches and removing manual friction wherever possible. - Identify, evaluate, and help operationalize new tools, automations, and data-driven approaches to risk monitoring; partner with Technology, Data, and First Line teams to bring them to life. - Operate as a builder and creator — designing better ways of working, prototyping improvements, and measurably raising the bar over time — rather than administering existing processes for their own sake. - Prepare risk reporting, analysis, and materials in support of the Head of Risk, who serves as the primary interface to executive leadership, the Risk Committee of the Board, and regulators (including NYDFS). - Translate complex risk scenarios into clear, actionable insights for technical and non-technical audiences. Benefits - Equal opportunity employer committed to diversity in the workforce. - Must successfully pass a post-offer background check and drug screen.
Related Guides
Related Categories
Related Job Pages
More Risk Jobs
Role Description The position will be primarily responsible for assessing the information security posture of key clients’ third parties and coordinating the overall execution and delivery of assessments. The position will work within a Crowe team at a client or third party site and be responsible for leading the effort to identify key risks and information security gaps. Specific projects may include: - Conducting Third Party Risk Assessments by evaluating third party questionnaire responses, performing control validation, and assessment of documentation per established procedures and standards - Performing site visits to third-party facilities - Evaluating the effectiveness of security controls for compliance with applicable policies, security laws, and regulations - Assessing cloud technologies such as Software as a Service (SaaS) hosted applications, Platform as a Service (PaaS), and Infrastructure as a Service deployments (IaaS) - Documenting information security risk and compliance findings and recommendations for remediation - Performing quality assurance and review of assessments performed by other team members - Delivering high quality, thorough reports - Coordinating the schedules and assessments for key third party clients and overseeing all key deliverables Qualifications - Bachelor's Degree - Information Technology and/or Cybersecurity background and/or experience, including 2-4 years IT experience with network, platform, and/or application technology - Willingness to obtain the Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Third Party Risk Assessor (CTPRA) designations - Knowledge of security areas such as auditing, policy, database security, firewall design and implementation, risk analysis, identity management, access management, or web - Working knowledge of at least one compliance framework, such as SOC2, ISO 27001, NIST, HIPAA - Experience managing multiple projects, in a fast-paced environment - Proven ability to learn new technologies and systems, especially through independent research and self-study - Ability to communicate technical information verbally and through written documentation - Ability to manage project schedules and client expectations - Ability to travel domestically an average of 20%-50% per year Requirements - Bachelors and/or advanced degree with a concentration in: Cybersecurity, Risk Management, Computer Science, or Management Information Systems - Any experience working with or assessing third party vendors is preferred but not required - IT experience at a leading industry public company. This might include either IT auditing or being a member of an IT or Cybersecurity team - Experience with Archer, Process Unity, ServiceNow or other GRC/VRM tools - Experience with security ratings platforms - Bilingual - Open to remote Benefits - Your exceptional people experience starts here. At Crowe, we know that great people are what makes a great firm. We care about our people and offer employees a comprehensive total rewards package. - We will nurture your talent in an inclusive culture that values diversity. You will have the chance to meet on a consistent basis with your Career Coach that will guide you in your career goals and aspirations.
• Conduct comprehensive quality audits of UM activities to ensure adherence to regulatory standards (CMS, NCQA) and organizational policies • Evaluate clinical decision-making and appropriate application of criteria across inpatient, outpatient, home health, and post-acute services • Leverage Power BI to develop, maintain, and interpret dashboards reporting audit outcomes, performance trends, and risk areas • Utilize Power Apps to support audit workflows, tracking, and data collection processes • Analyze audit results to identify risks, trends, and patterns, and clearly communicate findings to leadership • Perform root cause analysis to determine drivers of opportunities, inconsistencies, and compliance gaps • Collaborate with clinical, operational, and compliance teams to drive quality improvement initiatives based on audit findings
• Oversee site-, regional-, and study-level centralized monitoring and risk-based monitoring activities. • Review and identify risks, trends, protocol deviations, and safety concerns, ensuring timely escalation and resolution. • Partner with Clinical Trial Leads, CRAs, Project Managers, and sponsors to support effective study oversight. • Drive study risk assessments, monitoring plans, analytics, dashboards, and data-driven monitoring strategies. • Serve as a key customer contact for assigned studies and contribute to proposals, bid defenses, and sponsor presentations. • Ensure compliance with ICH-GCP, regulatory requirements, and Fortrea SOPs while supporting continuous process improvement initiatives.
Senior Associate – Commercial Banking, Lending Risk and Controls
Flagstar BankFlagstar Bank N.A. was acquired by New York Community Bancorp, Inc., the holding company for Flagstar Bank N.A.
• Supports the Commercial Banking & Lending Business Risk & Controls Officer in the buildout, implementation, and consistent execution of a Risk Management framework within the 1st LOD. • Provides guidance in risk framework responsibilities with Business Process Owners (BPOs) in support of enterprise risk assessments, change management initiatives, customer complaint management, compliance testing, issue management, operational risk events, key risk indicators, control Identification and design, process taxonomy documentation, and quality assurance programs. • Leads risk management assessment of new products and services, including enterprise change management programs. • Provides risk advisory and guidance to the BPOs including process and control design, early risk identification, control environment operating effectiveness, and policies and procedures. • Provides guidance on assurance activities to help ensure that risk management frameworks and controls are effective to manage risks associated with the strategic plan of Commercial & Private Bank. • Directly engages with BPOs on identified operations risk incidents and issues in root-cause analysis, action plans, supporting documentation and testing of implemented controls to effectively remediate findings or issues. • Provides BPOs with risk advisory and guidance on project initiatives, risk assessments, and risk remediation efforts impacting the Business Units. • Supports activities to help ensure compliance with all enterprise compliance policies and standards, and management of compliance risks within the Bank’s risk appetite.


