What is our mission?:

Orbital is on an exciting mission to revolutionise global cross-border payments by innovatively combining traditional fiat banking rails with stablecoins over blockchain rails for a variety of use cases. Our class leading B2B payments platform offers multi-currency e-money accounts (corporate IBANs) combined with a suite of digital assets services. Our company sits at the frontier of payments & fintech, by intersecting blockchain and traditional (fiat) financial services, and is leading the way to bridging those two worlds for corporate enterprises globally.

We believe blockchain technology is firmly here to stay, and we want to be the first to bring a combined offering of fiat & crypto payment services under one exciting platform. Learn more about our team and company story here.

What is the purpose of this role in the delivery of our mission?

The Head of Risk and Management Board Member owns the day-to-day risk function for Pay Perform OÜ (our Estonian entity) as we prepare for MiCA CASP and EMI authorisation with the EFSA. The role combines ownership of the enterprise risk framework with second-line oversight of operational, outsourcing and crypto-asset custody risk, a formal seat on the PPOÜ Management Board (juhatus), and collective responsibility under Estonian law. While PPOÜ is your primary accountability, you will also contribute to group-wide risk framework alignment across Orbital’s UK, Gibraltar and Estonia entities.

This is a dual-hat role by design. At function level, you are the senior Tallinn-based risk leader for Pay Perform OÜ and the operational owner of the second line of defence. At board level, you share collective responsibility with other Management Board members for the company’s strategic direction, governance, and regulatory relationships - with a natural leading voice on risk matters. The role works alongside the Group Chief Compliance Officer & Head of Risk, the existing group risk personnel, the EFSA, and the wider Orbital leadership team.

What are the key responsibilities / activities of the role?
Enterprise Risk Framework

• Own the enterprise risk management framework for Pay Perform OÜ: risk appetite, risk register, key risk indicators, control testing, and risk reporting.

• Operate the second line of defence: independent challenge of first-line controls, regular control testing, and remediation tracking.

• Lead ICAAP/ILAAP-equivalent processes for MiCA prudential requirements and any EMD2-equivalent capital work.

• Produce regulatory risk reporting to the EFSA and board-level risk papers for the Management Board and Supervisory Board.

Prudential & Conduct Risk

• Lead prudential and conduct risk assessment across CASP services authorised under MiCA Title III / Title V (reception and transmission, execution, custody, exchange, portfolio management, advice).

• Monitor regulatory developments in Estonia and the EU (MiCA, DORA, EMD2, investment firm prudential frameworks) and translate them into concrete control changes.

• Work alongside the MLRO with a clear, documented division of responsibilities between enterprise risk and AML/CFT functions.

Operational Risk Oversight (2LoD)

• Provide second-line oversight and independent challenge of operational risk managed by the first line (Operations, Technology, CISO): business continuity, incident management, cyber and IT risk, and change risk.

• Review and challenge the firm’s DORA and operational resilience framework owned by first line; design and run independent 2LoD testing, scenario analysis, and severe-but-plausible stress exercises.

• Provide second-line oversight of third-party and outsourcing risk: review vendor tiering methodology, challenge first-line due diligence assessments, and sign off material outsourcing notifications to the EFSA before submission.

• Independently review and challenge exit plans and continuity arrangements for material outsourced services owned by first line.

• Own the risk-based 2LoD control testing plan; report testing outcomes and remediation status to the Management Board and Supervisory Board.

Crypto-Asset Custody Risk Oversight (2LoD)

• Provide second-line oversight of crypto-asset custody arrangements in line with MiCA Title IV: independently challenge first-line design and operation of wallet infrastructure, key-management and signing controls, on-chain settlement processes, and transaction screening.

• Review and challenge the adequacy of technical risk controls around node operations, smart-contract interactions, and bridge / cross-chain exposure where applicable, working alongside Technology and Security (CISO) functions.

• Maintain the risk-based assessment of transaction monitoring and blockchain analytics tooling, in coordination with the MLRO on AML touchpoints.

Board-Level Accountabilities (Management Board Member)

• Serve as a Management Board member (juhatuse liige) of Pay Perform OÜ with collective responsibility under the Estonian Commercial Code for lawful, prudent and compliant operation of the company; contribute to board oversight of strategy, finance, operational resilience and regulatory relationships - not only risk.

• Uphold fit & proper standards on an ongoing basis (EFSA, ESMA and Commercial Code requirements); represent Pay Perform OÜ to the EFSA, external auditors, the Supervisory Board and other external stakeholders on risk matters.

What is the scope of accountability for the role?

• Enterprise risk framework and second line of defence for Pay Perform OÜ, with contribution to group-wide risk alignment

• Operational resilience, outsourcing, and crypto-asset custody risk

• Prudential and conduct risk assessment across CASP and EMI services

• Board-level accountability as a Management Board member of Pay Perform OÜ
  

What are the essential skills, qualifications and experience required for the role?

• Based in Tallinn with full right to work in Estonia - this is a regulatory-substance hire and the role cannot be performed remotely or from elsewhere.

• University degree in finance, economics, law, mathematics, engineering or a comparable quantitative / business discipline, with 6+ years in risk management roles in financial services (including 3+ years at senior / manager level).

• Minimum 3 years inside an Estonia-regulated financial institution (EMI, credit institution, VASP/CASP, or investment firm); direct experience interacting with the EFSA is strongly preferred.

• Solid working knowledge of at least two of: MiCA Titles III–VI, EMD2/PSD2, CRR/CRD, DORA, investment firm prudential frameworks; demonstrable experience running a credible second line of defence.

• Clean fit & proper profile as required under the Estonian Commercial Code and the EFSA’s fit & proper assessment: no unspent convictions for economic, official or property offences; no regulatory sanctions; no pending proceedings; good repute.

• Fluent English (group working language); professional-level Estonian strongly preferred.
  

What are the desirable skills, qualifications and experience that would be beneficial for the role?

• Risk certification (FRM, PRM, CFA, or comparable).

• Prior experience inside a crypto-asset service provider (VASP or CASP) with direct exposure to custody risk, wallet architecture, or on-chain settlement.

• Experience on a live licence application, variation of permission, or material regulatory change, particularly with the EFSA.

• Prior service on a regulated-entity management board (juhatus) or comparable governance body.

• Hands-on experience with DORA implementation, recovery planning, or wind-down planning for a regulated firm.

• Board-level breadth beyond your core specialism: demonstrable exposure at a regulated firm to adjacent domains the Management Board is collectively responsible for — such as finance, risk, operations, compliance, or technology and product governance — sufficient to contribute meaningfully to collective board oversight across areas outside your primary accountability.

Salary: Base salary of €50,000 – €65,000 per annum depending on experience, plus additional compensation for Board Management responsibilities.