Risk Manager

About Paxos

Today’s financial infrastructure is archaic, expensive, inefficient and risky — supporting a system that leaves out more people than it lets in. So we’re rebuilding it.

We’re on a mission to open the world’s financial system to everyone by enabling the instant movement of any asset, any time, in a trustworthy way. For over a decade, we’ve built blockchain infrastructure that tokenizes, custodies, trades and settles assets for the world’s leading financial institutions, like PayPal, Venmo, Mastercard and Interactive Brokers.

About the team 

The Compliance and Risk Management team at Paxos plays a key role in enabling the company to grow responsibly and securely. As the second line of defense, the team ensures we meet global regulatory standards and proactively manage enterprise-wide risk across Paxos. Our work helps Paxos build trust, scale with confidence, and lead in the evolving world of crypto and financial services.

About the role

We’re looking for a dynamic risk professional to drive our Third Party Risk Management (TPRM) program and provide oversight of technology and information security risk at Paxos. This role is central to managing risk across critical vendors and strategic partnerships, while ensuring alignment with evolving regulatory expectations. You’ll act as a second-line subject matter expert, delivering credible challenge and safeguarding compliance across technology and information security domains. In addition, you’ll support Enterprise Risk Management (ERM) efforts by partnering with to ensure continuity in risk reporting, analysis, and operational resilience. This role is central to strengthening our risk posture as we scale, and offers the opportunity to solve complex, cross-functional challenges that directly impact the security, scalability, and success of Paxos.

What you’ll do: 

• Lead and evolve Paxos’ Third Party Risk Management (TPRM) program, ensuring it scales effectively with the business and aligns with regulatory expectations.
• Own and conduct risk reviews for all business partnerships, helping shape the risk strategy behind Paxos’ most critical external relationships.
• Provide oversight and credible challenge for technology and information security risks, partnering with Engineering and InfoSec to assess control effectiveness, resilience, and regulatory alignment.
• Partner closely with the Enterprise Risk Management (ERM) lead to support risk reporting, analysis, and ensure business continuity during peak or absence periods.
• Develop and refine risk frameworks, processes, and metrics that enable scalable, data-driven decision making across Paxos.
• Gain exposure to enterprise-wide initiatives such as new product launches, cloud infrastructure expansion, and strategic partnerships—building expertise to become a trusted advisor on emerging risks.

About you:

• 5+ years of experience in risk management, compliance, or audit, with at least 2 years focused on third-party risk, technology risk, or vendor oversight.
• Strong understanding of regulatory frameworks and industry standards related to third-party risk, such as SOC 2, ISO 27001, NIST, and FFIEC.
• Demonstrated experience assessing vendor/product/service risk in areas such as cybersecurity, data privacy, business continuity, or operational resilience.
• Ability to analyze technical documentation (e.g., security reports, penetration tests, audit findings) and communicate risk implications to non-technical stakeholders.
• Hands-on experience with risk assessment methodologies, control testing, and maintaining risk registers or issue/action tracking.
• Proficiency with GRC tools is required.
• Familiarity with risk considerations in the crypto, fintech, or digital assets space is preferred; a willingness to learn quickly in this domain is required.

Important Notice for Paxos Applicants

We’ve become aware of fraudulent accounts posting as Paxos recruiters on LinkedIn and other platforms. These scammers attempt to deceive applicants into paying for job opportunities or providing personal financial information. 

To verify a legitimate Paxos recruiter: 

• We only use @paxos.com email addresses
• We never ask for payment or financial details to apply, interview, or work here
• For technical roles, we do not perform a coding interview without prior screening by our engineering team 

Pay and benefits