CryptoProcessing by Coinspaid is a Estonia-licensed stablecoins payment provider helping businesses accept digital assets and convert it to fiat. With over 10 years of industry experience, over 1000 clients across various sectors from iGaming to travel, CryptoProcessing connects businesses to crypto users and makes transactions as simple as pressing a button.

Today, our team includes 350+ professionals working remotely across multiple countries.

We combine the pace of fintech with a long-term approach to building products, teams, and careers. As a remote-first company, we give people flexibility in how they work while maintaining strong collaboration and shared ownership across teams.

🏆 In 2026, Coinspaid was recognized as Best Corporate Culture in the Blockchain Industry in Europe, reflecting our focus on ownership, trust, and collaboration.

Key Responsibilities

1. Vendor onboarding and KYV operations

• Coordinate the onboarding workflow for new Third Parties, outsourcing arrangements, ICT providers, and other KYV-relevant vendors.

• Collect required vendor information, questionnaires, declarations, and supporting evidence.

• Ensure onboarding files are complete before submission for review, approval, or contracting.

• Track onboarding progress, pending actions, missing documents, and unresolved issues.

• Maintain an audit trail of onboarding decisions, evidence, approvals, and escalations.

2. Due diligence coordination

• Coordinate due diligence evidence collection before entering into a Third Party or outsourcing arrangement.

• Request, receive, and organise information related to:

  • ownership and governance;

  • financial standing;

  • regulatory status;

  • sanctions, adverse media, and enforcement history;

  • subcontractors and service locations;

  • data processing and confidentiality;

  • certifications and assurance reports;

  • business continuity and exit information.

• Identify incomplete, inconsistent, outdated, or adverse due diligence findings.

• Escalate material findings to the Arrangement Owner, Risk Management, Compliance, Legal, CISO, or DPO as applicable.

• Support enhanced due diligence for critical, important, ICT, high-risk, third-country, or subcontracted arrangements.

3. Risk assessment support

• Support Arrangement Owners in preparing third-party risk assessment inputs.

• Record risks identified through due diligence, monitoring, screening, incidents, subcontracting, or material changes.

• Support documentation of mitigating controls, residual risks, and required action plans.

• Perform first-line completeness and consistency checks before risk assessments are submitted for independent review.

• Trigger reassessment where there is a material change, including scope change, provider ownership change, new subcontracting, location change, certification expiry, incident, or deterioration in service performance.

4. Third-Party Inventory administration

• Administer the Third-Party Inventory workflow.

• Coordinate creation, update, review, and closure of vendor records.

• Ensure records include required information on classification, criticality, outsourcing status, ICT status, CIF linkage where relevant, contract dates, service locations, subcontractors, and evidence references.

• Perform first-line data quality checks on completeness and consistency.

• Track stale records, missing attestations, expired evidence, and overdue updates.

• Support preparation of Outsourcing Register and DORA Register of Information extracts, where required.

5. Third-Party & Outsourcing Risk Register administration

• Maintain entries in the Third-Party & Outsourcing Risk Register.

• Record risks, mitigations, action owners, due dates, status updates, evidence links, and closure information.

• Track action plans to closure and escalate overdue or blocked items.

• Support Arrangement Owners in preparing risk acceptance requests.

• Provide structured register information to Risk Management for independent oversight and challenge.

6. Ongoing screening and monitoring

• Perform ongoing vendor screening in line with the agreed cadence and risk profile.

• Monitor for sanctions, adverse media, enforcement actions, ownership changes, certification expiry, and other relevant risk indicators.

• Escalate potential positive hits or material findings to the appropriate control function.

• Support annual and periodic vendor reviews by coordinating refreshed evidence and monitoring results.

• Maintain screening evidence and monitoring records.

7. Conflict of interest and subcontracting support

• Collect vendor-related conflict of interest information identified during due diligence or contracting.

• Submit relevant COI findings to Compliance for assessment and register entry.

• Track implementation of agreed COI mitigations linked to third-party arrangements.

• Collect subcontractor, fourth-party, service-chain, and location information from vendors.

• Escalate critical subcontracting, ICT-CIF subcontracting, or material subcontracting changes to Legal, CISO, Risk Management, and the Arrangement Owner.

8. Exit and offboarding support

• Support Arrangement Owners in collecting and maintaining exit-related information for critical, important, or ICT-CIF arrangements.

• Coordinate offboarding updates across the Third-Party Inventory, risk register, contract repository references, and monitoring records.

• Track evidence of termination, transition, data return, data deletion, or residual risks.

• Escalate incomplete exit evidence or unresolved offboarding actions.

9. Reporting and escalation

• Prepare operational reporting inputs on:

  • onboarding pipeline;

  • overdue evidence;

  • expired documents;

  • stale records;

  • open risk items;

  • overdue actions;

  • screening results;

  • monitoring exceptions;

  • register completeness.

• Escalate material vendor issues, unresolved risk items, missing critical evidence, or persistent non-response from Arrangement Owners.

• Maintain evidence that escalation steps were completed.

Required Experience

• Experience in financial crime operations, vendor risk management, third-party risk, outsourcing governance, compliance operations, operational risk, or similar control environment.

• Experience coordinating due diligence, evidence collection, screening, or risk assessment workflows.

• Understanding of first-line and second-line responsibilities.

• Familiarity with third-party onboarding, vendor monitoring, risk registers, inventory management, and audit evidence.

• Experience working with cross-functional stakeholders such as Risk, Compliance, Legal, Information Security, DPO, Finance, and business owners.

• Experience in a regulated financial services, fintech, crypto, payments, or outsourcing environment is preferred.

Required Knowledge

• Understanding of third-party risk management and outsourcing lifecycle controls.

• Awareness of KYV / vendor due diligence principles.

• Awareness of sanctions, adverse media, regulatory enforcement, and ownership screening.

• Basic understanding of outsourcing, ICT third-party risk, DORA, MiCA, GDPR, and EBA outsourcing expectations.

• Understanding of evidence standards, audit trails, escalation processes, and risk documentation.

• Ability to distinguish operational coordination from risk ownership, legal ownership, ICT assurance, and independent review.

Practical Skills

• Strong documentation and evidence management.

• Ability to manage multiple onboarding, review, and monitoring cases at the same time.

• Ability to identify missing, inconsistent, expired, or risk-relevant information.

• Clear escalation and follow-up discipline.

• Good working knowledge of spreadsheets, workflow tools, registers, ticketing systems, and document repositories.

• Ability to prepare structured operational updates for Risk Management, senior stakeholders, and audit purposes.

• Ability to work with detailed regulatory and policy requirements without turning them into unnecessary bureaucracy.

Success Measures

• Vendor onboarding files are complete, traceable, and ready for review before approval.

• Third-Party Inventory records are accurate, current, and supported by evidence.

• Risk register entries are complete, action-oriented, and tracked to closure.

• Due diligence and monitoring exceptions are escalated promptly.

• Screening is performed according to agreed cadence.

• Arrangement Owners are prompted to update and attest records on time.

• Audit, Risk Management, Legal, Compliance, CISO, and DPO can rely on the evidence trail.

• Critical or high-risk vendor issues are not left unresolved or undocumented.

Why join CryptoProcessing by Coinspaid