Head of Risk and Regulatory Compliance

Hi! We're Mercuryo, and we’re on a mission to redefine finance by blending the best of traditional banking with the power of decentralized finance (DeFi). We believe everyone deserves seamless access to Web3 and traditional financial services, so we're building the platform that makes it real: one that simplifies crypto and integrates it into the broader financial ecosystem.

Since launching in 2018, we've grown into a recognized force in the industry, named one of Europe's Fastest-Growing Startups 2025 by Sifted and awarded Best Crypto On-Ramp & Payments Solution 2025 by Cryptonomist. We've partnered with leading brands including Visa, Mastercard, MetaMask, Trust Wallet, Ledger, and Jupiter, powering over 200 products and collaborating directly with major ecosystems like Solana, Consensys, and BNB Chain.

Why Mercuryo?

Industry Impact

Join us in helping world-class Web3 projects onboard millions of new users into the next generation of finance.

Innovative Environment

Collaborate with more than 200 talented professionals from diverse backgrounds — including banking, SaaS, and Web3 — all united in delivering outstanding user experiences.

Growth and Learning

Our expanding network of 200+ B2B partnerships and a user base of over 7 million means there’s always room to grow your skills, tackle new challenges, and push boundaries.

Flexible Culture

We’re remote-first, celebrating diversity across 30 countries. At Mercuryo, you’ll be empowered to take ownership of your work, spark creativity, and shape how we move forward together.

About the Role:

We are seeking an experienced Head of Risk & Regulatory Compliance to lead the local risk management and regulatory compliance framework of our Croatian entity, which is applying for authorisation as a Crypto-Asset Service Provider (CASP) under the EU Markets in Crypto-Assets Regulation (MiCA). 

The role is responsible for
establishing and maintaining a robust risk management and compliance framework, ensuring that the company operates in full alignment with applicable European and Croatian regulatory requirements. 

Operating within a wider group of regulated financial institutions, the Head of Risk & Regulatory Compliance will ensure that the Croatian entity maintains strong governance, internal controls, and regulatory oversight, while aligning with group-wide risk and compliance standards. 

Your Role:

Establish and maintain the organisation’s risk management framework, aligned with group policies and EU regulatory expectations. 

Identify, assess, and monitor key risk categories including:
operational risk, regulatory risk, ICT and cybersecurity risk, third-party and outsourcing risk, financial crime risk. 

Develop and maintain the organisation’s risk appetite framework and risk monitoring processes. 

Prepare regular risk reports and dashboards for senior management and the Board. 

Ensure the organisation complies with all relevant regulatory requirements including:
MiCA, DORA, EU AML/CFT framework. 

Croatian financial services regulation. 

Monitor regulatory developments and ensure internal policies are updated accordingly. 

Maintain and oversee the organisation’s regulatory compliance programme. 

Provide guidance to management and internal teams on regulatory obligations. 

Support the organisation’s CASP authorisation and ongoing regulatory supervision. 

Maintaining compliance with MiCA governance, operational, and safeguarding requirements. 

Supporting regulatory reporting obligations. 

Ensuring operational procedures align with regulatory expectations for crypto-asset service providers. 

Preparing documentation and responding to regulatory enquiries. 

Support the implementation and oversight of the organisation’s Digital Operational Resilience (DORA) framework. 

Ensuring the organisation maintains a robust ICT risk management framework. 

Overseeing ICT third-party risk management and monitoring technology service providers. 

Supporting the maintenance of the register of ICT service providers required under DORA. 

Ensuring ICT incidents are properly classified, escalated, and reported. 

Supporting resilience testing and operational continuity planning. 

Maintain oversight of all outsourcing arrangements and third-party service providers. 

Ensure outsourcing arrangements comply with EBA outsourcing guidelines. 

Perform due diligence and risk assessments for new service providers. 

Maintain the organisation’s outsourcing register and documentation. 

Monitor service provider performance and risk exposure. 

Develop and maintain key internal governance documents including:
risk policies, compliance policies, internal control frameworks, outsourcing governance procedures. 

Ensure segregation of duties and internal control mechanisms are properly implemented. 

Provide risk and compliance input to new products, partnerships, and operational processes. 

With the Bord of Directors, act as the primary liaison with regulatory authorities in Croatia. 

Coordinate regulatory inspections and supervisory reviews. 

Support internal and external audits related to risk and compliance. 

Prepare regulatory reporting and documentation required by supervisory authorities. 

What We're Looking For:

Bachelor’s or Master’s degree in Law, Finance, Risk Management, Economics, or a related discipline. 

7+ years experience in risk management, compliance, or regulatory roles. 

Experience working in regulated financial institutions, fintech, or crypto-asset businesses. 

Familiarity with EU financial services regulation including MiFID, MiCA, DORA, and AML frameworks. 

Experience interacting with regulatory authorities. 

Relevant certifications are advantageous. 

Strong understanding of regulatory frameworks for financial institutions 

Expertise in enterprise risk management and compliance governance 

Experience managing outsourcing and third-party risk 

Strong analytical and problem-solving capabilities 

Excellent policy drafting and regulatory interpretation skills 

Strong communication and stakeholder management abilities. 

The successful candidate will be subject to a mandatory F&P pre-assessment. 

Must meet Annex II – Skills of the EBA/ESMA suitability guidelines
for members of the management body and
key function holders. 

Must meet ESMA Fit & Proper assessment guidelines for CASPs under MiCA. 

The ideal candidate has already previously obtained a F&P
approval. 

What We Offer:

Competitive market rate salary and performance-based incentives

22 days annual leave with an additional 6 company days, plus bank holidays

Comprehensive health insurance plans

Extensive Benefits program

Flexible work schedule and remote work options

Professional development and training opportunities

Opportunity to shape the initiatives you’re working on

Diverse and friendly team

We are open-minded to new ideas

Join Us

If you're driven to be a part of the web3 forefront and are keen to leave your mark on this rapidly evolving field, Mercuryo is an excellent choice. Discover our open positions and see how you can contribute to shaping the future!

Mercuryo is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed to providing employees with a work environment that is progressive and open-minded. Our employment philosophy is to hire the best people and empower them to do the best work of their lives. Employment decisions are based on business needs and individual merit, without regard to race, colour, religion, ethnicity, sexual orientation, nationality, marital status, gender, age, disability, veteran status, or any other characteristic protected by law. Mercuryo is also committed to providing reasonable accommodation during the application process for qualified individuals with disabilities. If you require assistance to complete your application, please contact our Talent Team.