Risk and internal Controls Analyst

What will I be doing?

• Reporting to the Malta Risk Manager, This professional will follow dlocal global Risk and Internal Controls standards to evolve the Malta internal control framework, embedding clear control objectives, risk/control matrices, control ownership, and design/operating effectiveness testing across financial, operational, compliance, and technology-related processes.
• Drive periodic risk and control assessment and entity/process-level scoping; maintain process documentation and narratives, RCMs, flowcharts, and risk-based control testing plans.
• Lead the annual control testing cycle (design/operating effectiveness), including walkthroughs, sample-based testing, deficiency evaluation, remediation plans, and control re‑testing; produce management reporting and attestations.
• Champion operational resilience and control reliability: business continuity planning, incident management, and third-party/outsourcing control expectations (in coordination with Risk, IT, Security, and Operations)
• Ensure the Malta entity’s internal controls and governance practices are consistent with MFSA expectations for internal control, governance, and board oversight; support local regulatory inquiries and inspections as needed.
• Partner with Technology/InfoSec to strengthen ICT and security risk control requirements (e.g., change management, logical access, backups, monitoring, cyber incident response), aligned to EU guidance for financial entities.
• Contribute to group initiatives on DORA-readiness where applicable (ICT risk management framework, incident classification/reporting, testing, third-party oversight, and register-of-information inputs), coordinating Malta-specific deliverables and evidence.
• Support external and internal audit engagements and any regulatory reviews (planning, PBC requests, walkthroughs, issue management and remediation).
• Where applicable to the Group, support Internal Controls initiatives, specially in regulated countries.
• Build control culture: develop training, control-owner playbooks, and pragmatic advisory to first/second-line teams; facilitate issue closure and sustainable remediation.
• Track and report KPIs/KRIs for control health (e.g., testing progress, exception rates, remediation timeliness, incident learnings, third‑party control posture); present to leadership/governance forums.

What skills do I need?

• Based in Malta (mandatory).
• Bachelor’s degree in Accounting, Finance, Business, Engineering, Information Systems, or related field.
• 4+ years in internal controls, internal audit, risk management, or related governance roles within financial services, payments/fintech, or regulated environments.
• Demonstrable expertise applying the COSO Internal Control–Integrated Framework in designing/testing controls across processes and systems.
• Working knowledge of operational resilience and operational risk practices aligned with BIS principles (governance, BCP/testing, third‑party/outsourcing, ICT/cyber resilience).
• Familiarity with MFSA expectations for governance/internal controls for authorised entities operating in/from Malta (proportionality, board oversight, internal control, compliance, and business continuity).
• Practical understanding of ICT and security risk controls lifecycle (access, change, backup/restore, monitoring, incident/problem) aligned to EBA guidance and, where applicable, DORA requirements for financial entities.
• Strong test execution and documentation skills (walkthroughs, sampling, testing, root cause analysis, deficiency aggregation/assessment, remediation tracking).
• Excellent stakeholder management, clear written/oral communication, and the ability to coach process/control owners.