Senior Risk Officer

Purpose of the Role:

The Risk Officer is responsible for establishing and leading the enterprise-wide Risk Management Function, ensuring a robust risk governance framework that proactively identifies, assesses, mitigates, and monitors risks.

The RO functions independently of the technology division and acts as the second line of defense, safeguarding the company's operational, financial, technological, legal, and reputational integrity.

Key Responsibilities:

- Develop, implement, and maintain the Risk Control Framework, aligned with strategic goals and regulatory requirements.

- Define and regularly review the Risk Appetite Statement (RAS) and ensure alignment across verticals.

- Lead the formulation, rollout, and monitoring of risk-related policies, procedures, and controls.

- Oversee Risk and Control Self-Assessments (RCSA) and ensure timely mitigation of residual risks.

- Conduct enterprise-wide risk audits and control reviews to validate adherence to framework and policies.

- Track regulatory circulars, policy changes, and licensing requirements (RBI, SEBI, FIU, etc.), ensuring company-wide compliance.

- Lead the incident management process for fraud, operational breakdowns, cyber threats, and compliance violations.

- Oversee third-party risk, including vendor onboarding, SLA adherence, and periodic risk reassessment.

- Coordinate with Legal & Compliance to assess and manage contractual and legal risks.

- Advise product, strategy, and operational teams on emerging risks and ensure risk-informed decision-making.

- Present risk dashboards, breach alerts, and KRI updates to the Risk Management Committee and the Board.

- Promote a risk-aware culture across all departments, embedding risk ownership into daily operations.

Required Qualifications & Experience:

- 7+ years of relevant experience in enterprise risk management, preferably in fintech, banking, or regulated financial services.

- Strong knowledge of RBI, SEBI, FIU-IND, and data protection regulations.

- Demonstrated experience in leading RCSA, fraud risk programs, regulatory compliance, and vendor risk assessments.

- Familiarity with frameworks such as ISO 277000, and control standards SOC 2, PCI-DSS.

- Prior experience interacting with senior regulatory officials or serving on Risk Committees is preferred.

- CA, MBA (Finance), FRM, or equivalent risk certifications are a plus.