Get AI-powered advice on this job and more exclusive features.
As Senior Compliance & Risk Manager (f/m/d), you will lead KuCoin EU’s key operational resilience pillars, including Third-Party Risk Management (TPRM) and ICT risk management. You will ensure that our governance, processes, and controls comply with MiCAR, DORA, EU GDPR, and Austrian regulatory expectations while supporting strong cross-functional collaboration. In this role, you will manage due diligence and oversight of external service providers, maintain the ICT risk framework and central risk register, support incident and vendor monitoring, and prepare clear reporting for the Head of Risk, Management Board and relevant committees.
* Work at the heart of it. Our modern Vienna office is located directly at the historic Trabrennbahn in the Prater - a vibrant and accessible location.
* Team culture matters. We believe in strong collaboration and organize regular team events to foster a positive and connected work environment.
* We take care of the details. A daily selection of snacks, beverages, and weekly Friday breakfasts help keep our team energized.
* An international mindset. Join a diverse, forward-thinking team that thrives on innovation and cross-border collaboration.
* Invest in your development. We offer clear career progression, supported by learning and development opportunities tailored to your professional growth.
* Rewarding performance. Benefit from a competitive salary, performance-based bonuses, and a comprehensive benefits package on top.
* Shape the industry. Make a direct contribution to one of Europe’s most ambitious crypto platforms as we scale our regulatory capabilities.
What makes you special
* You hold a university degree in Law, Economics, Finance, Business, IT Risk, or a related field
* You have 4+ years of experience in compliance, risk management, audit, or internal control (financial services/fintech/crypto experience is a strong plus)
* You bring practical expertise in TPRM, ICT risk governance, or EU GDPR-related compliance work
* You can interpret system diagrams, vulnerability reports, penetration tests, and security certifications
* You understand European and Austrian regulatory frameworks, including DORA, MiCAR, NIS2, and relevant ISO standards
* You can translate regulatory requirements into clear, actionable, and scalable processes
* You communicate well and collaborate effectively with cross-functional teams and external partners
* You are proactive, detail-oriented, and comfortable working in a fast-evolving regulatory environment
* You are fluent in English; German proficiency is a strong advantage
At KuCoin EU, you will be part of a team committed to innovation, integrity, and regulatory excellence. If you’re ready to contribute to the future of finance in a fast-moving, global environment - we look forward to hearing from you.
KuCoin EU is an equal opportunity employer. We are committed to building a diverse and inclusive workplace. All qualified applicants will be considered for employment without regard to race, religion, gender, sexual orientation, gender identity, national origin, disability, or age. We welcome applications from people of all backgrounds and experiences.
Detailed Job Description
Your Mission
As a Senior Compliance & Risk Manager, you will play a key role in strengthening our compliance and risk management framework, including Third-Party Risk Management (TPRM) and ICT Risk Management. Working across Risk Management, IT Security and Compliance, you will ensure the company meets its regulatory obligations under MiCAR, DORA, MiFID II, PSD II and related frameworks, while building a robust governance environment and effectively mitigating risks arising from external service providers. You are also expected to prepare regular risk and continuity reports for the Head of Risk, Management Board and relevant committees.
What You Will Do
Third-Party Risk Management
* Lead and further develop the company’s Third-Party Risk Management (TPRM) framework, ensuring alignment with DORA, MiCAR, EU GDPR, and ICT risk expectations
* Conduct pre-contract due diligence, risk classification, and criticality assessments—including EU GDPR data protection impact assessments where relevant
* Maintain and enhance the DORA-compliant ICT Third-Party Register, ensuring complete, accurate, and up-to-date documentation
* Ensure that ICT outsourcing and third-party contracts include mandatory clauses required by DORA and EU GDPR (including audit/access rights, data protection terms, breach notification, subcontractor conditions, termination, and exit rights)
* Lead the ongoing monitoring of third-party service providers, including performance reviews, compliance checks, EU GDPR adherence, and ICT risk assessments
* Drive the oversight of critical ICT service providers, coordinating with ICT Security, Risk Management, and Legal to ensure enhanced governance
* Support the development and maintenance of exit strategies, contingency plans, business continuity, and data protection mitigation plans for outsourced ICT services
* Support the ICT Incident Manager by coordinating third-party activities related to ICT incident monitoring and reporting
* Support broader enterprise risk management processes by identifying, assessing, and mitigating operational, ICT, compliance, and data protection risks related to third parties
* Prepare compliance and risk reports for senior management, risk committees, and the Board
* Collaborate with auditors and regulators during examinations, audits, and information requests
* Provide subject-matter guidance to internal stakeholders on regulatory expectations relating to compliance, outsourcing, ICT risk, and EU GDPR requirements
* Own and maintain the ICT risk management framework within the enterprise risk management system.
* Define ICT risk taxonomy, categories, and mapping to enterprise-wide risk.
* Develop and maintain ICT risk assessment methodologies, templates, and guidelines (systems, applications, vendors, projects, changes).
* Define ICT-related KRIs and thresholds aligned to risk appetite, in coordination with the Head of Risk and CISO.
* Maintain the central ICT risk register and ensure accurate risk documentation and classification.
* Ensure every ICT risk has a designated 1st line risk owner, clear action plan, timelines, and remediation status.
* Monitor the progress of remediation activities; follow up and elevate overdue items as per defined procedures.
* Regularly review the register for completeness, consistency, and timeliness.
* Develop and maintain an annual ICT risk assessment plan (systems, infrastructure, applications, vendors, critical projects).
* Plan, coordinate, and facilitate risk assessment workshops and interviews with system owners, business stakeholders, CISO, and IT teams.
* Analyze system architectures, process documentation, vendor materials, and security reports to identify risk scenarios.
* Document ICT risks, inherent/residual ratings, and recommended treatments using approved methodology.
* Ensure consistent application of risk scales, criteria, and risk appetite across all reviews.
What Makes You Special
* You hold a university degree in Law, Economics, Finance, Business, IT Risk, or a related field
* You bring 4+ years of experience in compliance, risk management, internal control, or audit—experience in financial services, fintech, or crypto is a strong advantage
* You have demonstrable expertise in Third-Party Risk Management, ICT/outsourcing governance, or risk/compliance work involving EU GDPR
* Ability to understand and interpret:
* - High-level system and data flow diagrams
* - Security reports (vulnerability scans, penetration test reports, SOC 2 / ISO 27001 reports)
* You possess an excellent understanding of European and Austrian regulatory frameworks, especially knowledge of regulatory frameworks: DORA, NIS2, EBA/ESMA guidelines, ISO 27001, ISO 22301 (preferred).
* You are able to translate regulatory expectations into practical, actionable processes
* You are fluent in English; German proficiency is a strong plus
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Legal
Industries
Technology, Information and Internet
#J-18808-Ljbffr