Capital
Pick a job to read the details
Tap any role on the left — its description and apply link will open here.
Outsourcing & Third-Party Risk Manager
Share this job
The Outsourcing Manager is responsible for establishing and overseeing a robust, group-wide outsourcing and third-party risk management framework across all entities within the Capital Vault Group. The role ensures that outsourcing and third-party arrangements support operational resilience, sound governance, and regulatory compliance across all jurisdictions in which the Group operates.
Responsibilities:
Governance and Oversight
-
Own and maintain the Group Outsourcing and Third-Party Risk Management Framework, ensuring it remains aligned with regulatory expectations, market standards, and the Group’s risk appetite.
-
Provide strategic oversight for outsourcing activities across the Group, ensuring consistent application of policy and procedures.
-
Advise senior management and Boards on outsourcing risks, emerging trends, and regulatory developments.
-
Ensure all outsourcing and third-party arrangements are appropriately identified, assessed, approved, documented, monitored, and periodically reviewed.
-
Oversee the lifecycle of third-party engagements, from initial assessment and due diligence through contract oversight, performance monitoring, and exit.
-
Maintain appropriate registers and documentation that reflect the Group’s outsourcing landscape.
-
Ensure outsourcing arrangements do not compromise the Group’s operational resilience, risk management, data protection, or supervisory obligations.
-
Lead the identification and assessment of outsourcing risks, including criticality, concentration risk, and dependency risk.
-
Oversee contingency and exit strategies to ensure continuity of business operations in the event of provider disruption.
-
Work closely with Legal, Risk, Compliance, ICT, Information Security, Data Protection, and other functions to ensure that outsourcing and third-party arrangements meet internal and external requirements.
-
Provide guidance to first-line teams engaging in or managing outsourced or third-party relationships, ensuring adherence to the outsourcing framework.
-
Promote awareness and understanding of outsourcing requirements across the Group through training and stakeholder engagement.
-
Establish mechanisms to monitor provider performance, service delivery, and adherence to contractual and regulatory obligations.
-
Escalate material risks, breaches, and underperformance to senior management and relevant governance bodies.
-
Prepare regular reporting and management information (MI) to support Board and committee oversight of outsourcing and third-party risks.
-
Act as a key point of contact for regulatory matters relating to outsourcing and third-party risk.
-
Ensure the Group meets regulatory expectations for outsourcing notifications, approvals, inspections, and reporting across all jurisdictions.
-
Maintain awareness of evolving regulatory requirements and ensure the Group’s outsourcing framework adapts accordingly.
Oversight of Outsourced and Third-Party Arrangements
Risk Management & Operational Resilience
Cross-Functional Collaboration
Monitoring, Assurance & Reporting
Regulatory Engagement
Requirements:
-
+5 years of experience in outsourcing, third-party risk, operational risk, or compliance within a regulated financial services environment;
-
Proven experience designing or managing a group-wide outsourcing / third-party risk framework;
-
Strong knowledge of regulatory requirements (e.g., CySEC, FCA, CMA (formerly SCA));
-
Experience overseeing the full outsourcing lifecycle, including due diligence, risk assessment, ongoing monitoring, and exit strategies;
-
Ability to assess and manage critical outsourcing risks (concentration, dependency, operational resilience);
-
Experience working across multiple jurisdictions and advising senior stakeholders;
-
Strong stakeholder management across Legal, Risk, Compliance, and Technology functions;
-
Hands-on, build-oriented mindset with the ability to scale processes in a growing organization.
Ready to apply?
Apply to Capital
Responsibilities:
Requirements:
Ready to apply?
Apply to Capital
As the Compliance Manager - Deputy MLRO, you will serve as the operational backbone of Capital Vault UAE’s financial crime and compliance program, owning the day-to-day delivery of AML/CFT controls, compliance policies, and regulatory obligations and acting as the principal cover for the Head of Compliance and MLRO.
You will be responsible for translating the firm’s AML framework into operational rigour, from alert management through to suspicious activity reporting, while also maintaining the firm’s compliance framework, monitoring regulatory updates, and ensuring the firm remains audit-ready and aligned with CMA obligations at all times, which are core pillars of a regulated, client-centric financial business.
You will be responsible for leading the transaction monitoring function end-to-end, including rule design, alert triage, blockchain analytics, and SAR/STR filing, while acting as deputy for the Head Compliance and MLRO across all regulatory, governance and compliance matters.
The position offers broad cross-functional exposure across product, technology, and operations in a fast-scaling virtual assets environment, making it an ideal opportunity for professionals seeking to step into a named MLRO role as the firm grows.
Responsibilities:
-
Transaction Monitoring Ownership: Design, manage, and continuously tune CVUAE’s transaction monitoring programme including rule governance, alert prioritisation, threshold calibration, and blockchain analytics producing regular MI on alert volumes, closure rates, and SAR conversion ratios for the MLRO and board.
-
Suspicious Activity Reporting: Review and investigate escalated alerts, prepare well-reasoned SAR/STR narratives, and submit filings to the UAE Financial Intelligence Unit (UAEFIU) in a timely and accurate manner, maintaining a complete internal register of all cases filed.
-
Customer Risk & Due Diligence: Oversee day-to-day KYC/CDD operations including EDD reviews for high-risk clients such as PEPs, high-volume traders, and clients from higher-risk jurisdictions, providing guidance to onboarding teams on complex or borderline cases.
-
Sanctions Screening: Manage the firm’s sanctions screening process — reviewing and disposing of name-match alerts, maintaining documented screening decisions, and escalating confirmed matches to the MLRO with clear recommendations.
-
Deputy MLRO Coverage: Assume full MLRO responsibilities during the Head of Compliance & MLRO’s absence, including SAR authorisation, regulatory engagement with the CMA and the UAEFIU, and board-level reporting, maintaining continuity of financial crime oversight at all times.
-
Regulatory & Cross-Functional Engagement: Support the preparation of CMA submissions, inspection materials, and supervisory responses; represent the financial crime team in cross-functional forums to embed regulatory and AML requirements into new products, features, and client segments.
-
Training & AML Culture: Design and deliver role-specific AML/CFT training across the organisation, maintain training completion records, and act as a visible subject-matter expert on virtual assets financial crime typologies and evolving regulatory expectations.
-
Policy Governance: Draft, maintain, and enforce internal compliance policies aligned with CMA rules, FATF recommendations, and international best practices, ensuring the firm’s policy framework remains current and fit for purpose.
-
Regulatory Documentation: Maintain all compliance registers, regulatory calendars, and audit preparedness materials to ensure operational transparency and readiness for CMA inspections and supervisory reviews.
-
Regulatory Change Management: Monitor regulatory developments across UAE and relevant international frameworks, ensuring timely updates to internal policies, processes, and controls as obligations evolve.
-
Crypto Asset Safeguards: Support the implementation of operational and technical controls to protect client assets, including wallet security protocols and asset segregation requirements.
Requirements:
-
Education: Bachelor’s degree in Finance, Risk Management, Law or a related field; a postgraduate qualification (LLM, MBA, or equivalent) is an advantage.
-
Professional Certification: Holding CAMS, CFCS, ICA qualifications and CISI qualification as recognised by the CMA is advantageous.
-
Experience: Minimum 4–5 years of hands-on AML/financial crime and compliance experience within a regulated financial services or virtual asset service provider, including demonstrable ownership of a transaction monitoring programme.
-
Regulatory Knowledge: Deep familiarity with the UAE CMA regulations and AML/CFT legal framework including Cabinet Decision No. 134 of 2025, AML Law No. 10 of 2025, FATF recommendations, and CMA-specific obligations for virtual asset service providers.
-
Blockchain & Technology: Practical experience with blockchain analytics tools (Chainalysis, Crystal Intelligence, or equivalent);
-
SAR / STR Filing: Proven track record of preparing and submitting suspicious transaction reports to a financial intelligence unit; direct experience with the UAEFIU is strongly preferred.
-
Language: Professional proficiency in English is required; Arabic language proficiency (written and spoken) is a strong advantage.
Ready to apply?
Apply to Capital
Responsibilities
-
Design and continuously evolve the enterprise risk framework - risk appetite, taxonomy, governance, and the operating model across the three lines - for a business spanning six regulated entities and growing
-
Lead all risk domains: market, credit, liquidity, operational, conduct, technology, regulatory, and crypto risk
-
Oversee the 24-hour risk monitoring function that supports Capital.com's global trading platform
-
Own hedging strategy oversight and client exposure management in partnership with the Dealing function
-
Drive capital planning, ICAAP/ILAAP, stress testing, VaR back-testing, and scenario analysis across all entities
-
Ensure full DORA compliance across ICT risk management, digital operational resilience, and third-party ICT oversight
-
Own the MiCA and CASP risk obligations as Capital.com expands into spot crypto across the EU
-
Lead regulatory relationships proactively across the FCA, CySEC, ASIC, DFSA, and CMA - and build those relationships in new markets as licences are secured
-
Support new jurisdiction entry from day one - providing risk leadership on market expansion before launch
-
Build and develop the risk team - developing talent, managing inherited structures, and building the function the business needs for 2028, not just today
-
Report to ExCo and the Board on risk matters - translating complexity into clear business language and decisions that enable growth
Requirements
Experience and credentials
-
Significant senior risk leadership experience in a regulated financial services environment - trading, brokerage, CFD, or closely adjacent
-
Deep multi-jurisdictional regulatory knowledge - FCA and CySEC are essential; ASIC, DFSA, CMA, and MiCA/CASP experience are a strong advantage
-
Proven track record building or materially maturing a risk function - not just maintaining one that already works
-
Strong technical depth across market risk, operational risk, regulatory capital, and digital resilience (DORA)
-
CFA or FRM preferred - exceptional experience may substitute
-
You move without being directed. When you see a problem, you act on it - you do not wait to be asked.
-
You take end-to-end ownership. You drive outcomes. You do not pass the buck.
-
You bring fresh thinking. You do not default to how it was done in your last role.
-
You listen. You build trust across teams. You develop the people around you.
-
You are commercial. You understand that risk management exists to enable growth - not to obstruct it.
-
You are board-ready. You can hold your own in a regulator meeting, an ExCo debate, or a conversation with the founder.
How you operate
Ready to apply?
Apply to Capital
As the Head of Risk MENA (CFD), you will build and lead the independent second line risk function for Capital.com’s CFD business under CMA regulation. You will set the risk direction, define and maintain the risk appetite framework, and ensure the business operates within approved limits while scaling across the region.
This position carries regulatory responsibilities and is expected to be subject to CMA approval where applicable. You will be accountable for risk governance, effective oversight of market and trading risks, and ensuring growth is matched by strong controls, clear escalation, and Board level visibility.
Responsibilities:
Market and Trading Risk Oversight: Oversee exposure management, leverage and margin frameworks, client concentration limits, gap risk controls, and hedging effectiveness. Provide independent challenge on risk exposure and risk transfer decisions.
Counterparty and Credit Risk: Set and monitor risk limits for liquidity providers, prime brokers, banks, and key counterparties. Oversee counterparty due diligence, concentration risk, and contingency planning for counterparty disruption.
Liquidity and Capital Oversight: Oversee liquidity risk and capital adequacy monitoring in line with CMA requirements. Lead stress testing and scenario analysis covering market shocks, client behavior, liquidity withdrawal, and operational disruption.
Client and Conduct Risk: Provide second line oversight of product governance, disclosures, appropriateness controls, complaints root cause trends, and key conduct outcomes impacting clients.
Execution and Pricing Risk Oversight: Oversee risks related to pricing integrity, data feeds, execution quality, slippage controls, and best execution governance. Ensure clear controls over price spikes, outliers, and execution incidents.
Operational and Technology Risk: Oversee operational risk across trading operations, incident management, cybersecurity risk oversight, access controls, change management, and operational resilience testing.
Outsourcing and Third Party Risk: Set the third party risk framework covering technology vendors, market data providers, execution partners, payment partners, and outsourced operations. Ensure robust due diligence, ongoing monitoring, and exit plans.
Monitoring and Reporting: Maintain the risk register and KRIs. Deliver decision-ready reporting to Senior Management and the Board, including appetite breaches, emerging risks, incidents, and remediation progress.
Regulatory Alignment: Maintain close relationships with the CMA and support regulatory submissions, inspections, and remediation of findings. Ensure audit readiness and disciplined evidence management.
Global Coordination: Act as a liaison between global risk teams and regional operations to maintain alignment on standards, controls, and reporting.
Requirements:
Education & Experience: University degree and 8+ years of experience in risk management within regulated financial services. CFD, FX, OTC derivatives, brokerage, or trading platform experience is strongly preferred.
Regulatory Knowledge: Strong expertise in CMA regulatory requirements applicable to CFDs, including governance, risk management expectations, prudential oversight, reporting discipline, and conduct standards. Prior CMA approval is a strong advantage.
Governance: Proven experience engaging with Boards and committees, managing escalation processes, and supporting regulatory inspections and audits.
Technical Strength: Strong understanding of market risk, margining, hedging, stress testing, counterparty risk, execution and pricing risk, and trading platform controls.
Leadership: Proven ability to build and lead an independent risk function in a fast-paced environment, and to challenge senior stakeholders with clarity and discipline.
Integrity: High ethical standards, independence of judgment, and ability to meet fit and proper expectations. Professional risk qualifications (FRM, PRM, CFA) are an advantage.
Ready to apply?
Apply to Capital
Responsibilities:
Requirements:
Ready to apply?
Apply to Capital
Responsibilities:
Requirements:
Ready to apply?
Apply to Capital
Whoa — hold up
JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.
Come back later. If you're genuinely job hunting, we've got your back — just act like a human.