Head of Risk & Compliance and Authorised Manager

As Shopify seeks our EU Electronic Money Institution (EMI) licence, we are looking for an experienced Head of Risk & Compliance who will also serve as one of the registered Authorised Managers of our Luxembourg entity.
The Head of Risk & Compliance is responsible for the proper operation of the second line of defence, providing oversight and challenge of the first line of defence functions. You will be responsible for the design, governance, and oversight of the compliance and risk management frameworks, including: Anti-Money Laundering (AML), Counter-Terrorist Financing (CTF), operational and outsourcing risk, safeguarding risk, fraud risk, complaints, ICT and privacy. This is a hands-on leadership role with regulator-facing responsibility from day one.
TEAM OVERVIEW
Within the Shopify Legal Team, the Compliance Team aims to ensure that Shopify is compliant with regulatory and contractual commitments while remaining agile to encourage growth and innovation. As Shopify continues to expand its financial products and services, we’re also expanding our Compliance Programme to support Shopify’s mission of making commerce better for everyone. Our team designs and enforces policies and controls that ensure Shopify complies with applicable laws and regulations so our merchants, partners, and third parties can trust us.
KEY RESPONSIBILITIES
- Lead our effort to obtain an EMI licence in Luxembourg, including representing Shopify’s positions clearly, constructively, and with evidence-based regulatory judgment.
- Act as a primary interface with the Commission de Surveillance du Secteur Financier (CSSF) throughout the application process and post-authorisation.
- Design and hold management-level accountability for our AML/CTF and risk management programmes, ensuring alignment with CSSF regulations.
- Serve as one of two local Authorised Managers, with substantive decision-making authority and collective responsibility for sound and prudent management of the entity.
- Provide second line of defence oversight of our regulatory obligations, including PSD2/EMD2, consumer protection, business conduct, fraud risk, safeguarding, outsourcing risk, business continuity, ICT and privacy.
- Lead the local Risk & Compliance function, including setting priorities, supervising and supporting the MLRO and other local function holders, managing the risk register, coordinating group support, and ensuring appropriate resourcing as the entity scales.
- Drive cross-functional collaboration with Product, Engineering, Operations and other teams across Shopify to ensure our entity’s risk is appropriately managed.
- Coordinate management responses to internal audit reviews and drive closure of audit and CSSF findings.
- Produce the annual Compliance Report for the Board and CSSF, as well as other management reporting.
- Monitor and interpret CSSF and other regulatory developments; translate them into actionable plans for the business.
JOB REQUIREMENTS
- Significant senior compliance leadership experience within an EU-regulated financial institution (payments/e-money strongly preferred), including oversight of Luxembourg-regulated programmes.
- Deep working knowledge of CSSF regulatory expectations for payments/e-money firms, including local AML/CTF and other risk management functions.
- Track record of directly engaging with the CSSF during both the EMI/PI licensing and post-authorisation stages.
- Experience working collaboratively to build and scale risk and compliance programmes for new, high-growth products, across distributed teams.
- Demonstrated ability to work effectively with a management board and to provide clear, risk-based reporting and timely escalation.
- Prior CSSF “fit and proper” approval or demonstrated ability to meet such expectations for an Authorised Manager (including background screening).
- Residency in Luxembourg with the ability to commute to the office for in-person meetings, as needed (e.g., with regulators, financial partners).
- Advanced English language skills.
Nice to have:
- CAMS, ICA, or comparable AML certification.
- French language skills.