Job Description, Responsibilities & Requirements
About the Position
KYV Specialist (3rd Party and Vendor Due Diligence)
Remote - European Region
Risk and Compliance – Fincrime Operations
Full-time
Hybrid
Responsibilities
1. Vendor Onboarding and KYV Operations
- Coordinate the onboarding workflow for new Third Parties, outsourcing arrangements, ICT providers, and other KYV-relevant vendors.
- Collect required vendor information, questionnaires, declarations, and supporting evidence.
- Ensure onboarding files are complete before submission for review, approval, or contracting.
- Track onboarding progress, pending actions, missing documents, and unresolved issues.
- Maintain an audit trail of onboarding decisions, evidence, approvals, and escalations.
2. Due Diligence Coordination
- Coordinate due diligence evidence collection before entering into a Third Party or outsourcing arrangement.
- Request, receive, and organize information related to: ownership and governance; financial standing; regulatory status; sanctions, adverse media, and enforcement history; subcontractors and service locations; data processing and confidentiality; certifications and assurance reports; business continuity and exit information.
- Identify incomplete, inconsistent, outdated, or adverse due diligence findings.
- Escalate material findings to the Arrangement Owner, Risk Management, Compliance, Legal, CISO, or DPO as applicable.
- Support enhanced due diligence for critical, important, ICT, high-risk, third-country, or subcontracted arrangements.
3. Risk Assessment Support
- Support Arrangement Owners in preparing third-party risk assessment inputs.
- Record risks identified through due diligence, monitoring, screening, incidents, subcontracting, or material changes.
- Support documentation of mitigating controls, residual risks, and required action plans.
- Perform first-line completeness and consistency checks before risk assessments are submitted for independent review.
- Trigger reassessment where there is a material change, including scope change, provider ownership change, new subcontracting, location change, certification expiry, incident, or deterioration in service performance.
4. Third-Party Inventory Administration
- Administer the Third-Party Inventory workflow.
- Coordinate creation, update, review, and closure of vendor records.
- Ensure records include required information on classification, criticality, outsourcing status, ICT status, CIF linkage where relevant, contract dates, service locations, subcontractors, and evidence references.
- Perform first-line data quality checks on completeness and consistency.
- Track stale records, missing attestations, expired evidence, and overdue updates.
- Support preparation of Outsourcing Register and DORA Register of Information extracts, where required.
5. Third-Party & Outsourcing Risk Register Administration
- Maintain entries in the Third-Party & Outsourcing Risk Register.
- Record risks, mitigations, action owners, due dates, status updates, evidence links, and closure information.
- Track action plans to closure and escalate overdue or blocked items.
- Support Arrangement Owners in preparing risk acceptance requests.
- Provide structured register information to Risk Management for independent oversight and challenge.
6. Ongoing Screening and Monitoring
- Perform ongoing vendor screening in line with the agreed cadence and risk profile.
- Monitor for sanctions, adverse media, enforcement actions, ownership changes, certification expiry, and other relevant risk indicators.
- Escalate potential positive hits or material findings to the appropriate control function.
- Support annual and periodic vendor reviews by coordinating refreshed evidence and monitoring results.
- Maintain screening evidence and monitoring records.
7. Conflict of Interest and Subcontracting Support
- Collect vendor-related conflict of interest information identified during due diligence or contracting.
- Submit relevant COI findings to Compliance for assessment and register entry.
- Track implementation of agreed COI mitigations linked to third-party arrangements.
- Collect subcontractor, fourth-party, service-chain, and location information from vendors.
- Escalate critical subcontracting, ICT-CIF subcontracting, or material subcontracting changes to Legal, CISO, Risk Management, and the Arrangement Owner.
8. Exit and Offboarding Support
- Support Arrangement Owners in collecting and maintaining exit-related information for critical, important, or ICT-CIF arrangements.
- Coordinate offboarding updates across the Third-Party Inventory, risk register, contract repository references, and monitoring records.
- Track evidence of termination, transition, data return, data deletion, or residual risks.
- Escalate incomplete exit evidence or unresolved offboarding actions.
9. Reporting and Escalation
- Prepare operational reporting inputs on: onboarding pipeline; overdue evidence; expired documents; stale records; open risk items; overdue actions; screening results; monitoring exceptions; register completeness.
- Escalate material vendor issues, unresolved risk items, missing critical evidence, or persistent non-response from Arrangement Owners.
- Maintain evidence that escalation steps were completed.
Requirements
- Experience in financial crime operations, vendor risk management, third-party risk, outsourcing governance, compliance operations, operational risk, or similar control environment.
- Experience coordinating due diligence, evidence collection, screening, or risk assessment workflows.
- Understanding of first-line and second-line responsibilities.
- Familiarity with third-party onboarding, vendor monitoring, risk registers, inventory management, and audit evidence.
- Experience working with cross-functional stakeholders such as Risk, Compliance, Legal, Information Security, DPO, Finance, and business owners.
- Experience in a regulated financial services, fintech, crypto, payments, or outsourcing environment is preferred.
Required Knowledge
- Understanding of third-party risk management and outsourcing lifecycle controls.
- Awareness of KYV / vendor due diligence principles.
- Awareness of sanctions, adverse media, regulatory enforcement, and ownership screening.
- Basic understanding of outsourcing, ICT third-party risk, DORA, MiCA, GDPR, and EBA outsourcing expectations.
- Understanding of evidence standards, audit trails, escalation processes, and risk documentation.
- Ability to distinguish operational coordination from risk ownership, legal ownership, ICT assurance, and independent review.
Practical Skills
- Strong documentation and evidence management.
- Ability to manage multiple onboarding, review, and monitoring cases at the same time.
- Ability to identify missing, inconsistent, expired, or risk-relevant information.
- Clear escalation and follow-up discipline.
- Good working knowledge of spreadsheets, workflow tools, registers, ticketing systems, and document repositories.
- Ability to prepare structured operational updates for Risk Management, senior stakeholders, and audit purposes.
- Ability to work with detailed regulatory and policy requirements without turning them into unnecessary bureaucracy.
Success Measures
- Vendor onboarding files are complete, traceable, and ready for review before approval.
- Third-Party Inventory records are accurate, current, and supported by evidence.
- Risk register entries are complete, action-oriented, and tracked to closure.
- Due diligence and monitoring exceptions are escalated promptly.
- Screening is performed according to agreed cadence.
- Arrangement Owners are prompted to update and attest records on time.
- Audit, Risk Management, Legal, Compliance, CISO, and DPO can rely on the evidence trail.
- Critical or high-risk vendor issues are not left unresolved or undocumented.
Why Join CryptoProcessing by Coinspaid
You’ll be joining a company that is actively shaping its space – with enough scale to matter and enough room to make an impact.
At Coinspaid, people are expected to think, contribute, and take ownership – and are supported in doing so.
We focus on flexibility, wellbeing, and long-term growth – without overcomplicating how benefits work.
Flexible Benefits
Benefit Bar – up to €230/month
A flexible monthly budget you can use for what matters most to you – from sports and mental health to coworking, home office, or medical-related expenses.
Work & Flexibility
- Fully remote work from almost anywhere
- Optional offices and relocation support
- Flexible, async-friendly environment
Growth & Learning
- Budget for courses, certifications, and professional development
- Language learning support
- Cross-team learning and knowledge sharing
Wellbeing & Support
- Medical insurance or reimbursement depending on location
- Access to mental health support
- Financial support for important life events
Extras
- Merch shop with rewards system
- Team offsites and company events
Sounds good? Well then, we can’t wait to see your resume!
To learn more please visit: CoinsPaid About Us & CoinsPaid Careers
Apply for this job
Jobs powered by