Overview:
The Head of Internal Audit is responsible for establishing and leading an independent, risk-based internal audit function, providing assurance over the effectiveness of the Company's governance, risk management, internal controls, and regulatory compliance across its virtual asset activities.
The role supports the Board and Audit Committee by delivering objective assessments of the control environment, maintaining a risk-based audit plan, reporting findings independently, and ensuring timely remediation in line with VARA expectations.
Responsibilities:
- Establish and maintain the internal audit framework, including methodology, charter, audit universe, and risk-based audit plan
- Deliver independent audits across governance, compliance, operations, finance, technology, and client-facing processes
- Conduct risk assessments to define audit priorities, coverage, and resource allocation
- Evaluate the design and effectiveness of key controls across the business
- Prepare clear, evidence-based audit reports with findings, root causes, and recommendations
- Track and validate remediation actions, escalating delays or ineffective controls
- Assess compliance with regulatory requirements, policies, and licence conditions (independent of Compliance and Risk)
- Oversee audits of technology, cybersecurity, and third-party dependencies
- Review operational and financial controls, including trade lifecycle, reconciliations, and client asset handling
- Assess outsourcing and third-party governance frameworks
- Support regulatory inspection readiness and control environment reviews
- Present audit plans and findings to the Audit Committee and maintain functional independence
Qualifications:
- Bachelor's degree in Accounting, Finance, Audit, Risk, Information Systems, or related field
- Professional certification (CIA, ACCA, CPA, CISA, or equivalent) preferred
- 7+ years of internal/external audit or assurance experience in regulated financial services, fintech, or virtual assets
- Experience leading risk-based audit plans and reporting to Board or Audit Committees
- Strong understanding of internal controls and the three lines of defence model
