Job Description

At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.

The Head of Non-Financial Risk Control (NFRC) Europe is responsible for leading the oversight of non-financial risks across all European entities and ensuring full alignment with Group frameworks and regulatory expectations, including the Digital Operational Resilience Act (DORA). The role simultaneously acts as Head NFRC Luxembourg.
The position ensures that risks related to operational processes, including the internal control framework, technology, cyber security, data, third parties, and resilience are identified, assessed, managed, monitored, and reported in a consistent and forward-looking manner. The Head NFRC Europe drives the shift toward a harmonised NFRC operating model and guarantees that risk appetite, control discipline, and early escalation are applied across all jurisdictions in Europe.
The role requires close coordination with local first-line functions, including COO units, IT, Business Continuity, as well as with Compliance, Legal, Tax, Data Protection, Third Party Risk in Luxembourg, and CRO teams across the European context. The Head NFRC promotes a strong risk culture and ensures that European entities maintain operational resilience, technology and cyber readiness, and documented compliance with DORA requirements for ICT risk, incident management, testing, reporting, and third-party oversight.

YOUR CHALLENGE

ROLES & RESPONSIBILITIES

• Serve as Head of Non-Financial Risk Control for Europe and locally for Luxembourg, exercising full managerial responsibility for all NFRC staff in Luxembourg and European branches, and acting as coordinator for NFRC activities in other European locations where a full SLA arrangement is not in place, in close coordination with local and regional Chief Risk Officers (CROs) and global NFRC leadership.
• Lead the European implementation of global frameworks including the Internal Control Framework (ICF), Operational Risk Framework, Third Party Risk Management (TPRM) Framework, Technology Risk Framework, and Resilience requirements, including Policy Desk responsibilities for the relevant framework policies.
• Act as a trusted adviser to Local Risk Owners and senior stakeholders, ensuring risks are consistently identified, assessed, monitored, and managed in line with Group risk policy and defined risk appetite.
• Guarantee compliance with Group policies and relevant European regulatory expectations, ensuring efficient and transparent cooperation with supervisory authorities.
• Provide clear and timely escalation for exposures outside risk appetite and ensure remediation plans are credible, sustainable, and aligned with Group standards.
• Coordinate with Group Internal Audit and serve as a trusted partner, ensuring timely remediation of audit findings.
• Assist with and lead the completion of the annual Risk and Control Self-Assessment (RCSA), ensuring effective identification of key risks, control gaps, and remediation actions across all European entities.
• Manage related action identification, creation, and remediation, and maintain the European Control Plan using a risk-based approach to reflect the current operational risk environment, business activities, and risk appetite.
• Coordinate quarterly internal controls assessments and reporting, providing independent challenge and oversight to ensure the adequacy and effectiveness of the control environment for Luxembourg and coordinating execution across Europe.
• Maintain oversight of Global Key Controls (GKC) application; perform key control reviews and ensure timely updates to reflect regulatory changes, new products, business initiatives, and updated policies and procedures.
• Oversee the monitoring, assessment, coordination, and periodic reporting of operational incidents and near misses, performing periodic look-back reviews to identify systemic trends and drive sustainable improvements.
• Drive early risk identification through scenario analysis, thematic reviews, forward-looking indicators, and structured escalation routines.
• Ensure that European controls and risk assessments are reliable, consistently applied, and aligned with Group risk appetite and tolerance.

Operational Responsibilities

• Oversee European execution of Business Continuity, Resilience, Third Party Risk Management (TPRM) oversight, Technology and Cyber oversight, Process Risk Assessments, Control Validation, and Incident Management.
• Ensure effective monitoring of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) and provide transparent reporting to governance bodies.
• Develop pragmatic and proportionate risk mitigation recommendations for identified issues, working closely with European CROs and business stakeholders to ensure remediation actions are delivered effectively and within agreed timelines.
• Manage the network of Risk Subject Matter Expert (SME) touchpoints across European business units, collating and sharing relevant risk intelligence and emerging topics.

People Management

• Build and maintain a competent NFRC workforce with harmonised skills and consistent expectations across European locations.
• Ensure succession planning and strategic workforce management, including appropriate use of the NFRC Service Centre in India for scalable and repeatable tasks.
• Promote a culture of accountability, risk awareness, and transparent challenge across all NFRC teams.
• Guarantee adherence to the Group Code of Ethics and Business Conduct and role-model the values of the CRO Division.

YOUR PROFILE

PROFILE REQUIREMENTS

• Bachelor’s or Master’s degree in Finance, Risk Management, Business, or related field.
• 10+ years of experience in risk management, with significant exposure to non-financial risk.
• Proven leadership experience in a senior risk role.
• Experience interacting with regulators and senior stakeholders.
• Leadership background in operational risk, technology risk, cyber security oversight, or non-financial risk within a regulated financial institution.
• Strong knowledge and understanding of European regulatory environments and supervisory expectations for non-financial risk, including DORA, EBA guidelines, and applicable local regulations.
• Proven experience implementing and operationalising global frameworks in multi-jurisdiction environments.
• Strong working knowledge of RCSA methodologies, control testing, incident management, and third-party risk oversight.
• Familiarity with risk management platforms (e.g. ServiceNow GRC, BaerGRC or equivalent) and appetite for continuous process improvement.
• Relevant industry qualifications in Compliance and/or Risk Management preferred (e.g. IRM, FRM, CRISC).

KEY SKILLS & COMPETENCIES

• Strategic thinking and decision-making
• Strong leadership and influencing skills
• Deep understanding of operational and non-financial risks
• Analytical and problem-solving capabilities
• Excellent communication and presentation skills
• Crisis management and resilience mindset
• Ability to challenge and provide independent oversight

We are looking forward to receiving your full job application through our online application tool. Further interesting job opportunities can be found on our Career site

Is this not quite what you are looking for? Set up a job alert by creating a candidate account here