As the General Manager, you are responsible for all regulatory and oversight obligations required by the Malta entity operating under a Category 2 Investment Services License, supporting employee share plan administration within license permissions (e.g., reception and transmission/arranging for execution; client money/assets safeguarding where applicable).

This position is essential to ensure compliance with MFSA rules and EU frameworks (MiFID II/MiFIR, AML/CFT and sanctions, GDPR, DORA), maintain robust operational and ICT controls, and meet prudential obligations under IFR/IFD where in scope.

In this role, you will act as primary local point of contact for regulators and external partners; internal partners , report regularly to the Board and Group leadership.

Key Responsibilities

Leadership & Strategy

• Act as the appointed General Manager and provide regular MI and formal quarterly reporting to the Board, and ad‑hoc updates as required.
• Maintain succession and contingency plans for Approved Persons/Key Function Holders and critical roles; oversee fitness and propriety processes and ongoing approvals/notifications.
• Drive a culture of accountability, client focus, strong conduct and controls, and continuous improvement.

Regulatory Compliance & Governance

• Ensure adherence to MiFID II/MiFIR conduct and organizational requirements, AML/CFT and sanctions (per FIAU guidance), GDPR, and DORA ICT risk obligations.
• In partner ship with the Trading Manager and Head of Client Assets oversee Category 2 activities: order handling and arranging for execution; best execution oversight for appointed brokers/venues; client money/asset safeguarding controls where applicable.
• Own regulatory engagement and reporting; make timely notifications of material changes, incidents, or breaches; manage audits and supervisory responses.
• Oversee AML/CFT and sanctions governance (MLRO effectiveness, BWRAs, screening, STR/SAR processes, training, FIAU engagement).
• Ensure GDPR accountability (records of processing, DPIAs, data subject rights, retention, cross‑border transfers) and liaison with the Information and Data Protection Commissioner.
• MiFIR transaction reporting oversight: allocate responsibility (internal or delegated), maintain assurance/reconciliations and exception management, and retain oversight attestations.
• Maintain current policies, procedures, and governance frameworks with periodic review and Board approval where required.

Operational Oversight

• Oversee end‑to‑end operations to meet SLAs and regulatory standards; monitor daily activity and promptly escalate, remediate, and learn from incidents.
• Ensure robust business continuity and disaster recovery arrangements. Under DORA, maintain ICT governance, change and access controls, resilience testing (including DR and scenario exercises), and incident classification and reporting within required timelines.

Risk Management

• Oversight of the entity risk register; identify, assess, monitor, and mitigate operational, ICT, compliance, conduct, and third‑party risks. Track issues, breaches, and remedial actions to closure.
• Ensure preventative and detective controls are designed, implemented, and effective; conduct periodic control testing and assurance activities, leveraging independent functions (Risk, Compliance, Internal Audit).
• Oversee conflicts of interest management, complaints handling, and whistleblowing/speak‑up mechanisms; ensure root‑cause analysis and thematic remediation.
• Embed DORA‑aligned ICT risk management, testing, and third‑party risk oversight, including concentration risk and resilience metrics.

Stakeholder Management

• Serve as the primary liaison for internal teams (e.g., share plan administration, operations, finance, risk, IT, compliance, legal) and external partners (executing brokers, custodians, banks, administrators, auditors, ICT providers).
• Maintain constructive relationships with the MFSA, FIAU, and the Office of the Information and Data Protection Commissioner; coordinate supervisory engagements and responses.
• Provide training, guidance, and clear communications to stakeholders involved in order handling, client asset/client money processes, data protection, and operational resilience.

Governance & Reporting

• Participate in local governance forums; present MI, KPIs, KRIs, incidents, audit and regulatory findings, and remediation status to senior management and the Board on an agreed cadence.
• Own the regulatory reporting calendar (e.g., prudential returns, client asset/client money reports, AML/CFT metrics, transaction reporting oversight attestations, DORA incident notifications) and ensure timely, accurate submissions.
• Ensure audit readiness and coordinate with Internal Audit, external auditors, and other independent assurance providers; track and close out findings within agreed timelines.
• Maintain an approvals and notifications framework for Approved Persons/Key Function Holders and material organizational changes.

People Leadership & Culture

• Promote a strong risk and control mindset, good governance, and an inclusive, high‑performance, speak‑up culture.
• Ensure role‑appropriate and periodic training in MiFID II/MiFIR, AML/CFT and sanctions, GDPR/data protection, and DORA/operational resilience; maintain training records and effectiveness assessments.

Key Deliverables

• Full compliance with MFSA and applicable EU obligations (MiFID II/MiFIR, GDPR, AML/CFT and sanctions, DORA); clean supervisory and audit outcomes; timely, accurate regulatory returns and notifications.
• Effective risk management evidenced by strong KPI/KRI performance, timely issue and incident remediation, and closure of audit and regulatory actions.
• Strong stakeholder satisfaction and effective third‑party/outsourcing oversight, including maintained outsourcing and ICT third‑party registers and tested exit strategies.

Skills & Experience Required

• Extensive leadership experience in financial services, ideally within brokerage, investment services, or share plan administration environments.
• Strong knowledge of MFSA and EU regulatory frameworks (MiFID II/MiFIR) and experience engaging with regulators; familiarity with Malta’s expectations for Approved Persons/Key Function Holders.
• Demonstrated oversight of AML/CFT and sanctions frameworks and engagement with the FIAU; understanding of STR/SAR governance and AML assurance/testing.
• Experience implementing GDPR and data governance (DPIAs, records of processing, retention, data subject rights, and cross‑border data transfers) and liaising with the Information and Data Protection Commissioner.
• Operational resilience and ICT risk management expertise aligned to DORA, including incident management, ICT third‑party/outsourcing risk oversight, and resilience testing.
• Proven track record in operational oversight, risk and control management, and governance, including interaction with Internal Audit and closure of findings.
• Experience overseeing order reception and transmission and/or client asset/client money processes and best execution oversight, consistent with Category 2 permissions.
• Familiarity with IFR/IFD prudential frameworks and K‑factor monitoring relevant to Category 2 activities; experience in capital/liquidity planning and prudential reporting.
• Demonstrated success in vendor/outsourcing oversight and SLA management, including identification and management of critical/important functions.
• Excellent communication and stakeholder management skills; ability to influence across functions and levels.
• People leadership experience with a focus on building capability, culture, and regulatory knowledge and competence.
• Strong analytical, decision‑making, and problem‑solving skills; disciplined approach to documentation and process improvement.