Chief Risk Officer, Managing Director

The Chief Risk Officer (CRO) is a newly created role, as we establish a formal second line of defense, bringing Regulatory & Compliance, Enterprise Risk & Governance and Safety, Resilience & Incident Management together under one risk structure.  The successful candidate will be a key member of iCapital’s Performance and Risk Management team, accountable for the enterprise-wide risk management, regulatory compliance, and safety and resilience programs of the firm. This leader will oversee the integration of regulatory and compliance functions with a comprehensive enterprise risk management framework, ensuring iCapital continues to operate with strong governance, disciplined risk oversight, and regulatory credibility as the business scales globally.

Reporting directly to the Chief Financial Officer, the CRO will partner closely with executive leadership, the Board, and Board‑level Audit & Risk Management Committee to proactively identify, assess, and manage risk across iCapital’s global platform. This role is critical to iCapital’s continued growth, requiring a seasoned executive with deep expertise in alternative investments, complex regulatory environments, and enterprise risk management.

The CRO will oversee the administrative and strategic activities of the teams responsible for regulatory compliance, risk management, controls, and resilience, while serving as a trusted advisor to senior leadership.

Responsibilities:

Regulatory & Compliance Oversight and Execution

• Global Regulatory Strategy: Oversee regulatory compliance across iCapital’s global footprint, including U.S., Canada, UK, Europe, and APAC jurisdictions, and support expansion into new regulated markets.
• Alternatives & Structured Products: Provide leadership on regulatory requirements governing alternative investments, structured investments, annuities, and registered and private fund vehicles.
• Licensing & Registrations: Oversee regulatory registrations, licensing, exemptions, and ongoing obligations with regulators including the SEC, FINRA, and international authorities.
• Policies & Controls: Ensure the development and maintenance of scalable policies, procedures, training, and controls aligned with regulatory requirements and business strategy.
• Regulatory Engagement: Lead regulatory examinations, audits, and inquiries, maintaining strong, credible relationships with regulators and external advisors.

Enterprise Risk & Governance Leadership

• Enterprise Risk Management (ERM): Design, evolve, and execute iCapital’s enterprise risk management framework, including risk appetite, governance, assessment, and reporting across all business lines and geographies.
• Risk Governance: Provide oversight through established governance forums, including the Board‑level Audit & Risk Management Committee, Corporate Risk Management Committee, and operational risk working groups.
• Risk Assessment & Monitoring: Maintain and enhance the enterprise risk register, integrating Risk Control Self‑Assessments (RCSAs), risk appetite metrics, and issue management into a consistent, scalable framework.
• Executive & Board Engagement: Serve as a primary point of contact for senior management and the Board on risk‑related matters, delivering clear, actionable insights and recommendations.

Risk Controls, Assurance & Audits

• Controls Framework: Partner with Finance, Technology, Legal, and Operations to strengthen internal controls, including IT General Controls (ITGCs), ICFR, and operational controls.
• SOC 2 & Assurance: Oversee SOC 2 audits across business lines, managing auditor relationships, evidence collection, remediation, and ongoing control maturity.
• Technology & Data Risk: Collaborate with Technology and Security teams to manage platform, data protection, and information security risk in a technology‑enabled business model.

Safety, Resilience & Incident Management

• Business & Technology Resilience: Ensure the firm’s ability to continue delivering critical services through disruption by maintaining approved business continuity and disaster recovery plans, validated through regular testing.
• Incident Management: Oversee a centralized enterprise incident management framework, including escalat