ERM Director

Responsibilities

ERM Framework & Governance

• Lead the establishment and ongoing enhancement of the group-wide ERM framework, acting as the second-line owner of ERM.
• Design and enhance risk governance structures, policies, and standards in alignment with COSO ERM, ISO 31000, and relevant regulatory requirements.
• Develop and maintain risk taxonomy, risk classification standards, and risk appetite statements to ensure consistency across regions and business units.

Enterprise Risk Identification & Monitoring

• Coordinate the identification and assessment of enterprise-wide risks across regions and BUs, covering both financial and non-financial risk domains.
• Work collaboratively with first-line and second-line functions (e.g. Finance, Security, Legal and Compliance, and group-level risk teams) to ensure appropriate and sufficient risk mitigation and monitoring measures are in place.
• Ensure risk identification, assessment, and monitoring approaches are consistent, proportionate, and aligned with Bybit’s approved risk appetite, strategic objectives, and regulatory expectations.
• Maintain the enterprise Risk Register, and associated risk and control logs covering all material financial and non-financial risks across the business.

Risk Advisory, Monitoring & Reporting

• Act as a central risk advisory function on specific risk topics (e.g. third-party and outsourcing risks, liquidity risk, operational and technology risks), working collaboratively with relevant teams to support effective risk mitigation and monitoring.
• Design and coordinate Risk and Control Self-Assessments (RCSAs) to assess the adequacy of key controls and to identify emerging risk trends across the business.
• Develop and maintain Key Risk Indicators (KRIs) to enable ongoing monitoring of material risks and early identification of risk deterioration.
• Maintain enterprise-level risk dashboards, heatmaps, and reporting, providing clear visibility of risk trends, incidents, and control effectiveness to senior management and the board.
• Ensure risk incidents, material risk events, and remediation actions are appropriately captured, analyzed, and reflected in enterprise risk reporting

Business Continuity Management (BCM)

• Support the development and periodic review of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).
• Participate in business impact analyses and risk scenario planning, and ensure resilience measures are well-documented and effective.

Group & Regulatory Coordination

• Act as the primary liaison with group-level risk and compliance teams, ensuring local ERM implementation aligns with broader group strategy and expectations.
• Implement group-wide risk policies, standards, and procedures, tailoring them to local regulatory and operational contexts.
• Coordinate and support group risk reporting requirements, contributing to consolidated dashboards, reviews, regulatory engagements, and audits.

Requirements

Qualifications & Experience

• Bachelor’s degree in Risk Management, Finance, Accounting, Business, Engineering, or a related discipline.
• 12–15+ years of experience in enterprise risk management, second-line risk, or regulatory risk roles within a cryptocurrency exchange, financial institution, regulator or fintech.
• Proven experience designing, implementing, and operating ERM frameworks in multi-jurisdictional and regulated environments.
• Demonstrated experience engaging with regulators and senior management on enterprise risk matters.
• Candidates with less extensive experience may be considered for a Senior Manager role, subject to demonstrated depth in ERM expertise, regulatory engagement capability, and overall role fit. Appointment at Director level will be reserved for candidates with proven ability to lead ERM frameworks, engage regulators independently, and operate at a strategic level.

Technical Expertise

• Strong knowledge of ERM frameworks, including COSO ERM and ISO 31000.
• Solid understanding of financial and non-financial risks, including financial and treasury, market integrity and trading, operational, technology, cybersecurity, and third-party risks.
• Experience in risk appetite implementation, KRI design, scenario analysis, and stress testing.
• Familiarity with crypto exchange operating models, technology infrastructure, and regulatory expectations is highly desirable.

Leadership & Soft Skills

• Strong stakeholder management and influencing skills, with the ability to provide effective second-line challenge.
• Excellent analytical, structuring, and documentation skills.
• Clear and confident communicator, capable of engaging senior leadership, boards, and regulators.

Certifications

• Professional certifications such as FRM, PRM, CRM or equivalent ERM-related certifications are strongly preferred.

Other Requirements

• Ability to operate effectively in a fast-paced, evolving regulatory environment.
• Experience working across regions and cultures.
• Proficiency in English and Chinese.
• Location: Hong Kong / Malaysia / Abu Dhabi