Head of Risk and Compliance - Lux Region

Purpose of the job

To provide executive leadership of the Risk and Compliance function in support of executive management across the Region. To act as the Group Data Privacy Officer.

  • To ensure these Group functions are appropriately structured and resourced to deliver their core roles and have access to executive management when required.
  • To support and advise the CRO/COO in forming a view on the nature and level of risks across the Region.
  • To maintain an Enterprise Risk Management ("ERM") framework across the Region capable of supporting the developing needs of the business and maintaining the operating structure of risk monitoring and reporting throughout the Region.
  • To ensure that all key risks are measured and monitored appropriately, and are reported to Senior Management and Boards within the Region and its subsidiaries to meet all regulatory and commercial expectations.

Ultimately, to provide an ‘independent’ view from the owners of the risks across the organisation.

Key Result Areas

Provide executive leadership to the Risk and Compliance functions so that they are considered to be ‘Best in Class’ within the Industry.

  • Sponsor the development of ERM within the Group so that it meets the requirements of ExCo and Boards as well as regulators and stakeholders.
  • Ensure consistent and accurate reports are produced for the relevant operating Boards.
  • Identification of key areas of emerging and or developing risk and reporting this to the CRO and Boards as necessary.
  • Provide oversight of Compliance activities in the Region and ensure a framework is in place to ensure compliance with relevant regulatory requirements.
  • Alignment of key risk management objectives between divisions.
Main Responsibilities

Strategic Change

  • Advise and challenge senior executives on the risk factors associated with significant acquisitions and divestment activities. Provide output on the expenditure and return impact of the activity.
  • Advise on risks related to new initiatives/services, major changes of strategy and other major changes.
  • Advise on the potential impact on the group strategy of new and emerging risk.

Risk Governance

  • Maintain governance and reporting systems for Senior Management, and operational Boards on the status of risk compared to risk appetite, highlighting any material new risks, concerns or vulnerabilities.
  • Advise the CRO where work and insights suggest there is any doubt over the Group’s risk standards being upheld. Also, advise the CRO where any risk is not clearly “owned” by a Senior Executive.
  • Sponsor increasing the awareness and engagement with the ERM framework.
  • Ensure that risk appetite for the business is documented, understood and appropriately allocated within the division.
  • Ensure that risk policies are clearly communicated and understood by all relevant employees.
  • Contribute to the periodic review of the effectiveness of the Group’s risk management framework to ensure its remains appropriate to the changing needs of the Group.
  • Prepare and maintain analysis of status of compliance with risk policies and report status to Senior Management and Boards as appropriate. Advise the CRO and Senior Management where risks are in danger of exceeding tolerances or have done so.

 Risk Assessment

  • Ensure that risk assessment and measurement is conducted to assist the business to optimise returns and to provide comfort to Senior Management and relevant Boards.
  • Manage and report a set of key risk indicators “KRIs”.
  • Develop a range of risk assessment, measurement and monitoring processes to support the requirements of the Group in developing and embedding its risk management framework.
  • Assist with the development and monitoring of the Group Risk management database.

 Group Compliance

  • Ensure that all relevant areas are informed, in a timely manner, of changes to law which affects any regulatory requirements.
  • Ensure adequate arrangements are put in place to address any new regulatory requirements.
  • Be responsible for ensuring that the Regional offices are adequately reviewed and monitored so that their compliance with legal and regulatory requirements is confirmed.
  • Lead and manage a training and awareness programme to develop the culture towards agreed measures. Review whether adequate compliance training is available to employees across the Region.
  • Ensure that compliance breaches are reported to Senior Management and the relevant Boards in a timely manner and that remedial action is taken where necessary.
  • Ensure that the Region and Group is capable of satisfying regulatory information needs in a timely manner.
  • Ensure that specific regulatory issues are adequately tracked and followed up.
  • Ensure that the Compliance Monitoring Plan delivers insight into trend and root cause information.
  • Maintain policies and procedures to assist with the control environment. Encourage the Divisions to develop practical operating procedures.
  • Undertake adhoc investigations into client or staff situations.
  • Monitor the effectiveness of the CO and MLRO.

 Group Data Privacy Officer

  • to inform and advise the Group and our employees about our obligations to comply with the GDPR and other data protection laws;
  • to monitor compliance with the GDPR and other data protection laws, and with your data protection polices, including managing internal data protection activities; raising awareness of data protection issues, training staff and conducting internal audits;
  • to advise on, and to monitor, data protection impact assessments;  
  • to cooperate with the supervisory authority;
  • to be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc);
  • To train, educate and support the Data Privacy Champions; and
  • Review and maintain contracting terms with our clients and suppliers to ensure compliance with GDPR and other data protection laws.


  • People management skills
  • Communication all levels
  • Developing and retaining talent
  • Presentation skills
  • Strategic influencing
  • Prioritisation of resources
  • Decision making
  • Ability to drive change

Job Specific

  • Risk management experience and knowledge
  • Insurance knowledge
  • Regulatory compliance understanding and awareness
  • Deep insight into the Group’s business model
For more details please contact
Andres Moll
HR Associate Director
+352 26 25 88 88 - 27