Director, Enterprise Risk Management

Powering the next generation of global finance About us Founded in 2018, Bakkt, Inc. is a regulated financial technology company building infrastructure for the future of finance. Bakkt's platform serves financial institutions, fintechs, and consumer finance products - providing the compliance, security, and scale required to deliver trusted financial services at a global level. Through its core business pillars, Bakkt powers institutional-grade trading capabilities, AI-enabled programmable finance, and cross-border payment infrastructure. Role Summary We are looking for an absolute doer, not a delegator. Reporting to the Head of Risk, this is an individual contributor role where you will operate essentially as a one-person ERM team. If you are looking to sit in a Second Line ivory tower, review other people s work, and write high-level policy memos, this is not the role for you. In our lean, fast-scaling environment, you must have the willingness and capability to completely roll up your sleeves and own the entire risk lifecycle from A to Z. You are the Stage 1 triager who drops everything to dive into messy data, investigate real-time incidents, and cut through noise to diagnose what is broken. Simultaneously, you are the Stage 2 builder who executes the actual grunt work required to fix it-writing the risk registers, configuring the tracking tools, co-designing automated controls with engineers, and building your own executive slide decks. We want a gritty, highly technical creator who treats risk as an operational engineering problem and leverages AI and automation to scale themselves, ensuring that a lean infrastructure can punch way above its weight. Key Responsibilities ERM Framework & Governance • Design, implement, and continuously improve the Enterprise Risk Management framework, risk taxonomy, risk registers, and risk appetite statements specific to digital assets and regulated financial services. • Provide strategic direction for risk mitigation and operational improvement initiatives, guiding them from conception through completion in partnership with First Line business owners. • Validate the design and implementation of sustainable controls established by the First Line to address identified risks, audit findings, and compliance gaps. • Maintain and evolve risk policies, standards, and procedures aligned with regulatory expectations (including NYDFS) and industry best practices. Business Risk Support (Counterparty, Market & Operational) • Oversee and drive risk mitigation efforts related to counterparty exposure, including the assessment and ongoing monitoring of institutional partners, custodians, market makers, and liquidity providers. • Support business-centric risk initiatives across market risk, liquidity risk, and operational risk - providing Second Line challenge and guidance to First Line owners. • Partner with business and product teams on the risk-clearing process for new product launches, token listings, and partner integrations, providing independent Second Line review. Risk Assessment & Monitoring • Conduct enterprise-wide risk assessments across financial, operational, strategic, and technological domains - including crypto-specific risks such as custody, stablecoin peg stability, and on-chain exposure - to evaluate enterprise risk levels. • Monitor emerging risks (regulatory, market, technology, and cyber) and provide early warning and recommended actions to the Head of Risk and executive team. Remediation Oversight • Oversee and drive risk mitigation tied to audit findings, regulatory exam observations, and self-identified issues, holding First Line owners accountable for execution and sustainability. • Validate the design and implementation of remediation actions, track progress to closure, and report status to leadership and the Risk Committee of the Board. Change Management & Cross-Functional Influence • Lead change management associated with ERM transformations, supporting smooth adoption of new risk policies, frameworks, and systems across the enterprise. • Partner with department heads, Legal, Compliance, Internal Audit, Finance, and Technology/Product teams to coordinate effective risk strategies - driving execution through cross-functional influence rather than direct ownership of First Line controls. AI, Tooling & Continuous Improvement • Embrace AI and agentic workflows to increase the speed, accuracy, and scalability of Second Line activities - including risk assessments, control validation, issue tracking, and reporting. • Maintain a hard focus on continuous improvement in how risks are identified, escalated, tracked, validated, and remediated - challenging legacy approaches and removing manual friction wherever possible. • Identify, evaluate, and help operationalize new tools, automations, and data-driven approaches to risk monitoring; partner with Technology, Data, and First Line teams to bring them to life. • Operate as a builder an...