Risk Management Director

ZEN.COM is a smart financial app designed for your everyday life – at home and on the go. We make payments, online shopping, and personal finance management fast, secure, and effortless. With ZEN.COM, you can enjoy cashback on purchases, full control over your spending, and peace of mind thanks to purchase protection. A built-in multi-currency account lets you spend abroad or shop internationally with great exchange rates and no hidden fees.

Currently we are seeking a professional to join us as Risk Management Director.

Requirements:

• Minimum 8 years of experience in risk management within regulated financial services.

• Proven senior-level experience in Electronic Money Institutions (EMIs) and/or Payment Institutions / Payment Service Providers (PSPs). 

• Demonstrable experience in a multi-jurisdictional environment, ideally covering EU/EEA markets with exposure to passporting regimes.

• Track record of direct interaction with financial regulators and Boards of Directors on risk matters. 

• Experience building or significantly developing a risk function, including hiring and structuring a team.

• Payment Services Regulation: Comprehensive understanding of PSD2 (and PSD3 developments), EMI licensing requirements, own funds calculations, and safeguarding.

• Risk Governance: Practical experience implementing EBA Guidelines on Internal Governance, Outsourcing Arrangements, and ICT Risk Management (DORA).

• Acquiring and Card Scheme Risk: Strong understanding of acquiring risk models, merchant risk management, chargeback frameworks, and Visa/Mastercard scheme requirements.

• Operational Risk: Experience with operational risk event management, BCP/DR, and incident management frameworks.

• Third-Party Risk: Expertise in outsourcing risk assessment, vendor due diligence, and ongoing monitoring of critical service providers. 

• Independence and Integrity: Ability to operate as an independent second-line function, providing constructive challenge to senior management and the Board without compromise.

• Commercial Awareness: Ability to balance risk management rigour with commercial pragmatism, supporting the business in achieving its objectives within an acceptable risk profile.

• Communication: Excellent written and verbal communication skills, with the ability to produce board-ready reports, regulatory submissions, and policy documentation. Capacity to distil complex risk topics into clear, actionable insights.

• Strategic Thinking: Ability to anticipate regulatory trends and emerging risks, positioning the institution proactively rather than reactively.

• Stakeholder Management: Experience managing relationships across the business, with regulators, auditors, card schemes, and external partners.

• Team Building: Proven ability to recruit, develop, and retain talent in a lean, high-performing team.

• Technology Mindset: Openness to leveraging technology for risk management processes, including automation, data analytics, and modern tooling.

Responsibilities:

• Enterprise Risk Management Framework.

• Operate and enhance the Enterprise Risk Management (ERM) framework, including the Risk Management Policy, Risk Appetite Statement, and supporting methodologies.

• Oversee the enterprise-wide risk register, ensuring all material risks are identified, assessed, monitored, and reported.

• Provide inputs and scenarios to the annual Internal Capital Adequacy Assessment Process (ICAAP) or equivalent own funds adequacy assessment required under EMI regulations.

• Ensure the risk management framework is aligned with Bank of Lithuania guidelines, EBA guidelines (including EBA Guidelines on Internal Governance), and PSD2 requirements as well as other applicable regulations.

• Develop and maintain risk appetite metrics and key risk indicators (KRIs) with appropriate thresholds, triggers, and escalation procedures. 

• Serve as the primary point of contact with the regulators and strategic stakeholders (i.e. VISA, Mastercard) on all risk management, including supervisory inspections, thematic reviews, and ad-hoc information requests.

• Prepare and present regulatory submissions, including responses to supervisory findings, remediation plans, and cost-benefit analyses supporting risk methodology decisions.

• Track and assess the impact of regulatory developments across relevant jurisdictions and proactively adapt internal risk management frameworks.

• Prepare and deliver the Board-level Risk Reports on a periodic basis, covering the institution’s risk profile, key incidents, and risk appetite posture, risk maps.

• Participate in and report to relevant Board committees and internal governance bodies.

• Ensure risk reporting is decision-oriented, with clear escalation of material issues, consistent reporting periods, and appropriate granularity for Board consumption.

• Advise Boards and C-level on risk implications of strategic decisions, including product launches, market expansions, partnerships, and M&A activity.

• Oversee the operational risk management framework, including incident management, business continuity planning, and operational risk event reporting.

• Oversee ICT risk management framework, third-party ICT risk management, and operational resilience program.

• Ensure appropriate ICT risk governance, including DORA Article 13-compliant ICT risk assessment and reporting.

• Manage the institution’s incident management and escalation process, including regulatory notification requirements under PSD2 and DORA.

• Own the third-party and outsourcing risk management framework, consistent with EBA Guidelines on Outsourcing Arrangements.

• Ensure appropriate due diligence, ongoing monitoring, and risk assessment of material outsourcing arrangements, including critical or important functions.

• Manage the register of outsourcing arrangements and ensure timely notification as required.

• Oversee vendor assessments and counterparty risk evaluations for key service providers and partners.

• Oversee risk management for card acquiring activities, including merchant risk assessment, chargeback and fraud monitoring, and card scheme compliance (Visa, Mastercard).

• Manage payment operations risk, including transaction limit frameworks for different customer segments (e.g., sole traders, SMEs, corporates).

• Ensure appropriate controls for agent and distributor networks, in line with PSD2 requirements and regulatory expectations. 

• Provide second-line challenge and oversight to first-line business functions on risk-related matters.

• Ensure the three-lines-of-defence model is operationally effective and well understood across the organisation.

• Own the risk-related policy suite, ensuring policies are current, Board-approved, and periodically reviewed.

• Build, lead, and develop the Risk team, including hiring, performance management, and professional development.

• Foster a strong risk culture across the organisation through training, awareness, and engagement.

• Manage the Risk function’s budget and resource allocation.

What we offer:

• Real influence on shaping the ZEN.COM.

• Work in an environment where innovation and effectiveness truly matter.

• Competitive salary and flexible working conditions. #LI-Remote #LI-Hybrid

• Private medical healthcare.

• Internal and external training opportunities.

If you want to have a real impact on the experience of thousands of users and work with committed teams in an environment that values ownership, transparency, and pace – apply today!