Governance and Oversight

• Own and maintain the Group Outsourcing and Third-Party Risk Management Framework, ensuring it remains aligned with regulatory expectations, market standards, and the Group’s risk appetite.

• Provide strategic oversight for outsourcing activities across the Group, ensuring consistent application of policy and procedures.

• Advise senior management and Boards on outsourcing risks, emerging trends, and regulatory developments.

Oversight of Outsourced and Third-Party Arrangements

• Ensure all outsourcing and third-party arrangements are appropriately identified, assessed, approved, documented, monitored, and periodically reviewed.

• Oversee the lifecycle of third-party engagements, from initial assessment and due diligence through contract oversight, performance monitoring, and exit.

• Maintain appropriate registers and documentation that reflect the Group’s outsourcing landscape.

Risk Management & Operational Resilience

• Ensure outsourcing arrangements do not compromise the Group’s operational resilience, risk management, data protection, or supervisory obligations.

• Lead the identification and assessment of outsourcing risks, including criticality, concentration risk, and dependency risk.

• Oversee contingency and exit strategies to ensure continuity of business operations in the event of provider disruption.

Cross-Functional Collaboration

• Work closely with Legal, Risk, Compliance, ICT, Information Security, Data Protection, and other functions to ensure that outsourcing and third-party arrangements meet internal and external requirements.

• Provide guidance to first-line teams engaging in or managing outsourced or third-party relationships, ensuring adherence to the outsourcing framework.

• Promote awareness and understanding of outsourcing requirements across the Group through training and stakeholder engagement. 

Monitoring, Assurance & Reporting 

• Establish mechanisms to monitor provider performance, service delivery, and adherence to contractual and regulatory obligations.

• Escalate material risks, breaches, and underperformance to senior management and relevant governance bodies.

• Prepare regular reporting and management information (MI) to support Board and committee oversight of outsourcing and third-party risks.

Regulatory Engagement 

• Act as a key point of contact for regulatory matters relating to outsourcing and third-party risk.

• Ensure the Group meets regulatory expectations for outsourcing notifications, approvals, inspections, and reporting across all jurisdictions.

• Maintain awareness of evolving regulatory requirements and ensure the Group’s outsourcing framework adapts accordingly.

• +5 years of experience in outsourcing, third-party risk, operational risk, or compliance within a regulated financial services environment;

• Proven experience designing or managing a group-wide outsourcing / third-party risk framework;

• Strong knowledge of regulatory requirements (e.g., CySEC, FCA, CMA (formerly SCA));

• Experience overseeing the full outsourcing lifecycle, including due diligence, risk assessment, ongoing monitoring, and exit strategies;

• Ability to assess and manage critical outsourcing risks (concentration, dependency, operational resilience);

• Experience working across multiple jurisdictions and advising senior stakeholders;

• Strong stakeholder management across Legal, Risk, Compliance, and Technology functions;

• Hands-on, build-oriented mindset with the ability to scale processes in a growing organization.

Compliance Requirements Definition & Oversight

• Define, document, and maintain compliance business requirements for financial crime technology systems, including customer risk assessment tooling, KYC and periodic review workflows, sanctions and PEP screening, and transaction monitoring.

• Provide second-line oversight and independent challenge of technology solutions proposed or delivered by the first-line Product and Engineering teams, assessing whether they meet compliance obligations.

• Review and formally sign off on system design documentation, functional specifications, and configuration decisions from a compliance perspective, escalating concerns where requirements are not met.

• Ensure compliance requirements are captured accurately at the outset of any technology project or change, preventing regulatory risk from being introduced through inadequate system design.

• Monitor the performance of deployed compliance systems against defined regulatory and operational standards, raising issues where system outputs fall short of expectations.

Technology Change — Compliance Representation

• Represent the second-line compliance function in technology change programmes, system migrations, and vendor selection processes affecting financial crime controls.

• Review vendor and system proposals from a compliance and regulatory perspective, providing structured assessments and recommendations to senior compliance leadership.

• Define acceptance criteria for system changes and new deployments, and provide compliance sign-off following satisfactory user acceptance testing.

• Participate in UAT cycles from a compliance assurance standpoint — validating that systems behave in accordance with regulatory requirements and agreed compliance logic, rather than performing technical testing.

• Maintain awareness of the Group's compliance technology landscape to identify gaps, overlaps, or single points of failure that may present regulatory risk.

Compliance–Engineering Interface & Stakeholder Management

• Act as the primary relationship holder between the GFCC function and the Product and Engineering teams, facilitating constructive working relationships whilst maintaining the independence appropriate to a second-line function.

• Translate regulatory obligations and compliance policy requirements into structured, unambiguous technical briefs that engineering teams can act upon.

• Challenge first-line technical decisions where they conflict with compliance requirements, escalating unresolved issues through appropriate governance channels.

• Provide compliance input and review at key project milestones, design reviews, and sprint ceremonies as a subject matter expert rather than a delivery participant.

• Maintain clear records of compliance decisions, requirements sign-offs, and outstanding issues to support audit and regulatory examination.

Data Quality Oversight & Compliance Analytics

• Commission, review, and where necessary produce compliance management information, dashboards, and analytical outputs to support senior management oversight and regulatory reporting.

• Assess the quality and completeness of data feeding into financial crime detection models and screening systems, escalating deficiencies that could impair their effectiveness.

Governance, Policy & Regulatory Awareness

• Contribute to the development and maintenance of compliance policies, procedures, and standards relating to financial crime technology and data governance.

• Proactively monitor regulatory developments and industry guidance relevant to financial crime technology, assessing their implications for the Group's compliance infrastructure.

• Maintain a current understanding of the regulatory expectations for key financial crime controls, including customer risk assessment, ongoing monitoring, screening, and transaction monitoring.

Continuous Improvement

• Identify weaknesses or inefficiencies in existing compliance controls and processes, recommending technology-enabled enhancements to senior compliance leadership.

• Contribute to the Group's compliance technology strategy by providing informed, evidence-based input on priorities, risks, and opportunities.

• Stay current with developments in RegTech, financial crime typologies, and regulatory expectations to ensure the Group's compliance technology remains fit for purpose.

• Promote a culture of regulatory accountability and data-driven risk management within the compliance function.

1. AI Automation & Process Optimisation
Identify, design, and implement AI-driven solutions to automate compliance and operational workflows.
Analyse existing processes across Compliance and Operations to identify inefficiencies and automation opportunities.
Build and maintain tools (scripts, workflows, agents) to reduce manual workload and improve scalability.
Support integration of AI tools into existing systems (e.g. CRM, case management, onboarding/KYC flows).
Continuously evaluate new AI technologies and assess their applicability to business needs.

2. Data, Reporting & Analytics
Design and maintain dashboards to provide visibility on key compliance and operational metrics.
Automate recurring reporting (regulatory, internal MI, operational KPIs).
Work with structured and unstructured data to generate actionable insights.
Improve data quality, accessibility, and consistency across teams.
Support ad hoc data analysis requests from Compliance, Operations, and senior management.

3. Cross-Functional Collaboration
Partner with Compliance, Operations, Product, and Engineering teams to implement scalable solutions.
Translate business problems into technical requirements and AI-driven solutions.
Act as a bridge between non-technical stakeholders and technical implementation.
Support business initiatives where automation or data-driven decision-making is required.

4. Governance & Risk Awareness
Ensure all AI and automation solutions align with regulatory requirements and internal policies.
Maintain clear documentation of tools, processes, and decision logic.
Support auditability and transparency of automated processes.
Monitor performance and risks of deployed solutions and implement improvements where needed.

5. Continuous Improvement & Innovation
Proactively identify new use cases for AI across the business.
Drive a culture of efficiency, automation, and data-driven thinking.
Stay up to date with developments in AI, automation, and data tooling.
Contribute to long-term strategy on how AI can enhance compliance and operations functions.

Front of House & Visitor Experience: Be the first point of contact for all visitors, creating a friendly and welcoming first impression. Greet visitors on arrival, register them with building management, arrange access cards where needed and guide them to the right meeting rooms or teams. Keep the reception area clean, organised and presentable throughout the day so it always feels welcoming.

Workplace & Office Support: Work closely with the Workplace Experience Coordinator to keep a consistent and welcoming front-of-house presence. Make sure office and kitchen supplies are stocked and organised, doing regular checks and reordering before anything runs out. Arrange couriers when needed and help manage incoming and outgoing deliveries. Sort and distribute post and packages, including picking up larger deliveries from the loading bay where required.

Administrative & Finance Support: Support the Finance team by uploading, tracking and reconciling company card transactions. Keep files and records for reception and office documentation organised and up to date. Help with general admin tasks as and when needed.

Travel and Hotel Bookings: Work with reception teams across other offices to support business travel, including helping with flight and hotel bookings.

Flexibility & General Duties: Be flexible and help out with additional tasks as needed to support the business. Step in to support other teams or take on related duties when required.

Market Analysis & Research

Content Creation (Marketing Channels)

Media & PR Engagement

Internal Collaboration

Market Analysis & Research

Content Creation (Marketing Channels)

Media & PR Engagement

Internal Collaboration

• Education: Bachelor’s degree in Finance, Risk Management, Law or a related field; a postgraduate qualification (LLM, MBA, or equivalent) is an advantage.

• Professional Certification: Holding CAMS, CFCS, ICA qualifications and CISI qualification as recognised by the CMA is advantageous.

• Experience: Minimum 4–5 years of hands-on AML/financial crime and compliance experience within a regulated financial services or virtual asset service provider, including demonstrable ownership of a transaction monitoring programme.

• Regulatory Knowledge: Deep familiarity with the UAE CMA regulations and AML/CFT legal framework including Cabinet Decision No. 134 of 2025, AML Law No. 10 of 2025, FATF recommendations, and CMA-specific obligations for virtual asset service providers.

• Blockchain & Technology: Practical experience with blockchain analytics tools (Chainalysis, Crystal Intelligence, or equivalent);  

• SAR / STR Filing: Proven track record of preparing and submitting suspicious transaction reports to a financial intelligence unit; direct experience with the UAEFIU is strongly preferred.

• Language: Professional proficiency in English is required; Arabic language proficiency (written and spoken) is a strong advantage.

• Proven track record leading a compliance and AML function at Head, AMLCO, or equivalent level within a CBC regulated entity - EMI, payment institution.

• Deep knowledge of the Electronic Money Laws of 2012 and 2018, the CBC's AML/CTF Directive including the 2025 update, applicable EU AML Directives, and FATF recommendations.

• Direct experience owning the CBC supervisory relationship - leading responses to thematic reviews, managing on-site visits, and handling sensitive regulatory correspondence.

• Ability to operate at Board level: presenting clearly, challenging constructively, and translating complex regulatory requirements into decisions management can act on.

• Strong grasp of EMI prudential requirements - PIEMI RR reporting, capital adequacy frameworks, and client fund safeguarding obligations.

• Experience designing and improving transaction monitoring and sanctions screening programmes, including managing system performance and reducing false positive rates.

• Demonstrated ability to build compliance frameworks from the ground up or restructure existing ones as a business evolves.

• Holds or is working towards a relevant professional AML qualification - such as ICA, ACAMS, or equivalent - accepted as evidence of competence for the AMLCO role; prior CBC approval as AMLCO is a strong advantage.

• Degree in Law, Finance, Economics, or a related field; postgraduate qualification is an advantage.

• Fluency in English.

Strategy & Business Leadership

• Lead the company in executing its strategic plan, ensuring alignment with shareholder objectives, the company's values, and CBC regulatory obligations, reporting to the Board on performance, strategy, and governance matters.

• Drive the company's development through new business opportunities, ensuring all growth is aligned with the regulatory framework and the company's risk appetite.

• Establish the company's risk appetite together with the Board and relevant stakeholders, ensuring adequate systems and controls are in place in line with Board-approved policies.

• Actively engage with key stakeholders - including regulators, counterparties, and clients - to maintain productive relationships and provide transparent updates on the company's direction and performance.

• Represent the company in regulatory, legal, and stakeholder engagements, acting as the primary external face of the business.

Operations & Financial Management

• Provide oversight and direction across all areas of day-to-day operations, including finance, compliance, risk management, AML/CTF, client servicing, technology, and human resources.

• Oversee financial performance, ensuring operational efficiency and growth while meeting financial targets, manage the preparation of financial reports and management accounts for review by the Board and shareholders.

• Ensure the company maintains adequate capital at all times to meet CBC prudential requirements, including the minimum own funds requirement under the Electronic Money Laws of 2012 and 2018 and the CBC's Electronic Money Institutions Directive of 2025.

• Oversee the company's technology infrastructure, ensuring it supports operational needs, meets cybersecurity standards, and that the company's digital operational resilience framework is managed in line with DORA obligations.

• Manage the company's passporting rights across the EEA, ensuring host state notifications, conduct-of-business rules, and local regulatory expectations are met in each market served.

• Oversee the New Product Approval Process (NPAP), ensuring material changes to products, customer segments, geographies, or delivery channels are assessed for regulatory, financial crime, and operational risk before launch, and notified to the CBC where required.

Regulatory & Compliance Oversight

• Ensure the company operates in full compliance with all applicable CBC regulations, EU legislation, and AML/CTF obligations, including the Electronic Money Laws of 2012 and 2018 and the CBC's EMI Directive of 2025.

• Maintain a transparent and constructive relationship with the CBC, ensuring timely and accurate responses to all supervisory requests and correspondence.

• Keep the Board informed of all material regulatory developments, control failures, and compliance matters on a timely basis.

• Respect and protect the independence of the risk management, compliance, and internal audit functions, ensuring key function holders have sufficient authority and resources to perform their duties effectively.

• Oversee the company's Outsourcing Policy and the governance of intragroup service arrangements with Capital.com Group entities, ensuring compliance with EBA Outsourcing Guidelines, clear SLAs, exit plans for critical or important functions, and robust conflict-of-interest controls.

Governance & Internal Controls

• Ensure the company has adequate internal control functions in place - compliance, risk management, and internal audit - and that each is appropriately resourced and independent.

• Set the governance tone across the organisation, ensuring that policies, controls, and decision-making frameworks are respected at every level.

• Oversee and govern the company's safeguarding framework end-to-end, including the choice of safeguarding method, selection and oversight of safeguarding credit institutions, and the policy governing segregation of client funds.

• Ensure daily reconciliation of safeguarded funds against customer liabilities, with clear escalation paths for any shortfall or breach.

• Coordinate with group entities to ensure, where applicable, intercompany service arrangements operate effectively, in compliance with applicable requirements, and with appropriate conflict of interest controls in place.

• Work closely with the Head of Compliance & AMLCO to sponsor a culture of compliance across the business, where regulatory obligations are understood and taken seriously at all levels.

People & Culture

• Provide leadership to the executive team, set clear performance expectations, and build a high-performance culture that supports the long-term success of the company.

• Ensure staff collectively possess the skills and experience needed to manage the company's affairs soundly, and that employees meet any training and competency requirements specified by the CBC.

• As the business grows, assess organisational capacity and make timely appointments to key functions.

• Minimum of 10 years in financial services - payments, electronic money, fintech, or a related regulated environment - with proven experience at senior management level, including direct responsibility for regulatory compliance, financial oversight, and team leadership.

• Direct experience operating within a CBC or EBA-regulated entity, with a solid understanding of the EMI or payment institution regulatory framework in Cyprus or the EU.

• Demonstrated ability to lead an organisation or business unit with significant financial, operational, and regulatory responsibilities.

• Strong grasp of EMI prudential requirements - capital adequacy, client fund safeguarding, PIEMI RR regulatory returns, and CBC reporting obligations.

• Track record of building and maintaining productive relationships with regulators, including managing supervisory correspondence, inspections, and thematic reviews.

• Ability to operate effectively at Board level - presenting clearly, making sound decisions under uncertainty, and balancing commercial objectives with regulatory obligations.

• High-level understanding of AML/CTF frameworks, risk management practices, and corporate governance requirements for CBC-regulated entities.

• Familiarity with DORA requirements and ICT risk governance obligations as they apply to EMIs.

• Working knowledge of PSD2 and the upcoming PSD3/PSR framework, and practical experience managing EEA passporting obligations is an advantage.

• Academic degree at bachelor's level or above; MBA or postgraduate qualification is an advantage.

• Must satisfy the CBC's fit and proper requirements, including competence, integrity, and financial soundness.

• Must be based in Cyprus and able to devote full working hours to the role - any external non-executive positions must be disclosed and assessed for compatibility with this commitment.

• Fluency in English.

Market Analysis & Research

Content Creation (Marketing Channels)

Media & PR Engagement

Internal Collaboration

Regulatory & Governance

Operational

AI Threat Detection & Mitigation

Secure Development & DevSecOps

Data Protection & Compliance

Governance & Policy

• Design and continuously evolve the enterprise risk framework - risk appetite, taxonomy, governance, and the operating model across the three lines - for a business spanning six regulated entities and growing

• Lead all risk domains: market, credit, liquidity, operational, conduct, technology, regulatory, and crypto risk

• Oversee the 24-hour risk monitoring function that supports Capital.com's global trading platform

• Own hedging strategy oversight and client exposure management in partnership with the Dealing function

• Drive capital planning, ICAAP/ILAAP, stress testing, VaR back-testing, and scenario analysis across all entities

• Ensure full DORA compliance across ICT risk management, digital operational resilience, and third-party ICT oversight

• Own the MiCA and CASP risk obligations as Capital.com expands into spot crypto across the EU

• Lead regulatory relationships proactively across the FCA, CySEC, ASIC, DFSA, and CMA - and build those relationships in new markets as licences are secured

• Support new jurisdiction entry from day one - providing risk leadership on market expansion before launch

• Build and develop the risk team - developing talent, managing inherited structures, and building the function the business needs for 2028, not just today

• Report to ExCo and the Board on risk matters - translating complexity into clear business language and decisions that enable growth

Experience and credentials

• Significant senior risk leadership experience in a regulated financial services environment - trading, brokerage, CFD, or closely adjacent

• Deep multi-jurisdictional regulatory knowledge - FCA and CySEC are essential; ASIC, DFSA, CMA, and MiCA/CASP experience are a strong advantage

• Proven track record building or materially maturing a risk function - not just maintaining one that already works

• Strong technical depth across market risk, operational risk, regulatory capital, and digital resilience (DORA)

• CFA or FRM preferred - exceptional experience may substitute

How you operate

• You move without being directed. When you see a problem, you act on it - you do not wait to be asked.

• You take end-to-end ownership. You drive outcomes. You do not pass the buck.

• You bring fresh thinking. You do not default to how it was done in your last role.

• You listen. You build trust across teams. You develop the people around you.

• You are commercial. You understand that risk management exists to enable growth - not to obstruct it.

• You are board-ready. You can hold your own in a regulator meeting, an ExCo debate, or a conversation with the founder.

• Lead and manage full licensing projects for Payment Service Providers (PSPs), Electronic Money Institutions (EMIs), and related payment frameworks across multiple jurisdictions.
• Own preparation and submission of licence applications, regulatory filings, and related documentation end-to-end.
• Draft, review, and approve business plans, policies, manuals, governance documents, and internal procedures required for payment regulatory submissions.
• Maintain structured documentation, trackers, and version control for all assigned projects.
• Ensure payment-specific regulatory requirements are comprehensively mapped and consistently reflected in all application materials.
• Conduct complex legal and regulatory analysis across payment services frameworks, including PSD2/PSD3, EMD2, and equivalent regimes in non-EU jurisdictions.
• Identify regulatory risks, propose mitigation strategies, and escalate material issues to the Head of Licensing where required.
• Interact with payment regulators where appropriate, subject to prior approval from Head of Licensing and/or CLO.
• Provide strategic regulatory and compliance advice to internal stakeholders on payment-related matters, including scheme rules, agent/distributor arrangements, and passporting.
• Review commercial agreements with payment regulatory implications, including acquiring agreements, payment processing contracts, and banking/settlement arrangements.
• Assess new payment products and business model changes for licensing and regulatory impact, providing commercially grounded legal guidance.
• Collaborate closely with Finance, Treasury, Product, and Operations teams to align payment licensing strategy with commercial and operational objectives.
• Oversee and support work allocated to Legal Counsel(s), providing guidance, quality control, and mentorship.
• Use AI tools responsibly to enhance drafting, research, and regulatory analysis, and promote adoption of structured AI workflows within the team.
• Drive continuous improvement of licensing templates, trackers, and submission methodologies specific to the payments function.

• Minimum 5 years PQE as a qualified lawyer; prior law firm or in-house experience in payments or fintech is strongly preferred.
• Significant experience in payment services regulation, including PSP and/or EMI licensing across European or other major jurisdictions.
• Deep knowledge of PSD2/PSD3, EMD2, and/or equivalent payment regulatory frameworks; familiarity with MENA, APAC, or other non-EU payment regimes is an advantage.
• Demonstrated experience leading full licence applications across multiple jurisdictions independently.
• Experience coordinating with external legal and compliance consultants and payment scheme representatives.
• Strong drafting, regulatory interpretation, and analytical skills.
• Commercially oriented, with a solid understanding of payment business models, settlement flows, and scheme obligations.
• Proven ability to manage complex projects independently, including multi-workstream oversight.
• Ability to delegate effectively and support junior team members.
• Business-level English proficiency (B2/CEFR or above).
• Intermediate to advanced AI literacy, with structured integration into daily workflows.