Risk and internal Controls Analyst

Why should you join dLocal?

dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets. 

By joining us you will be a part of an amazing global team that makes it all happen, in a flexible, remote-first dynamic culture with travel, health and learning benefits, among others. Being a part of dLocal means working with 1000+ teammates from 30+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.

What's the opportunity?

We are hiring an experienced a Risk & Internal Controls Analyst to oversee the design, implementation, and continuous improvement of the internal control system for our Malta entity, and to provide specialist support to group control activities in other regions. The role will anchor our controls program to internationally recognized frameworks and Malta/EU regulatory expectations, ensuring strong governance, reliable reporting, operational resilience, and regulatory compliance. This is an on-site/hybrid position; it is mandatory that the professional be based in Malta.

• Reporting to the Malta Risk Manager, This professional will follow dlocal global Risk and Internal Controls standards to evolve the Malta internal control framework, embedding clear control objectives, risk/control matrices, control ownership, and design/operating effectiveness testing across financial, operational, compliance, and technology-related processes.
• Drive periodic risk and control assessment and entity/process-level scoping; maintain process documentation and narratives, RCMs, flowcharts, and risk-based control testing plans.
• Lead the annual control testing cycle (design/operating effectiveness), including walkthroughs, sample-based testing, deficiency evaluation, remediation plans, and control re‑testing; produce management reporting and attestations.
• Champion operational resilience and control reliability: business continuity planning, incident management, and third-party/outsourcing control expectations (in coordination with Risk, IT, Security, and Operations)
• Ensure the Malta entity’s internal controls and governance practices are consistent with MFSA expectations for internal control, governance, and board oversight; support local regulatory inquiries and inspections as needed.
• Partner with Technology/InfoSec to strengthen ICT and security risk control requirements (e.g., change management, logical access, backups, monitoring, cyber incident response), aligned to EU guidance for financial entities.
• Contribute to group initiatives on DORA-readiness where applicable (ICT risk management framework, incident classification/reporting, testing, third-party oversight, and register-of-information inputs), coordinating Malta-specific deliverables and evidence.
• Support external and internal audit engagements and any regulatory reviews (planning, PBC requests, walkthroughs, issue management and remediation).
• Where applicable to the Group, support Internal Controls initiatives, specially in regulated countries.
• Build control culture: develop training, control-owner playbooks, and pragmatic advisory to first/second-line teams; facilitate issue closure and sustainable remediation.
• Track and report KPIs/KRIs for control health (e.g., testing progress, exception rates, remediation timeliness, incident learnings, third‑party control posture); present to leadership/governance forums.

• Based in Malta (mandatory).
• Bachelor’s degree in Accounting, Finance, Business, Engineering, Information Systems, or related field.
• 4+ years in internal controls, internal audit, risk management, or related governance roles within financial services, payments/fintech, or regulated environments.
• Demonstrable expertise applying the COSO Internal Control–Integrated Framework in designing/testing controls across processes and systems.
• Working knowledge of operational resilience and operational risk practices aligned with BIS principles (governance, BCP/testing, third‑party/outsourcing, ICT/cyber resilience).
• Familiarity with MFSA expectations for governance/internal controls for authorised entities operating in/from Malta (proportionality, board oversight, internal control, compliance, and business continuity).
• Practical understanding of ICT and security risk controls lifecycle (access, change, backup/restore, monitoring, incident/problem) aligned to EBA guidance and, where applicable, DORA requirements for financial entities.
• Strong test execution and documentation skills (walkthroughs, sampling, testing, root cause analysis, deficiency aggregation/assessment, remediation tracking).
• Excellent stakeholder management, clear written/oral communication, and the ability to coach process/control owners.

What do we offer?

Besides the tailored benefits we have for each country, dLocal will help you thrive and go that extra mile by offering you:

- Remote work: work from anywhere or one of our offices around the globe!*

- Flexibility: we have flexible schedules and we are driven by performance.

- Fintech industry: work in a dynamic and ever-evolving environment, with plenty to build and boost your creativity.

- Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded.

- Learning & development: get access to a Premium Coursera subscription.

- Language classes: we provide free English, Spanish, or Portuguese classes.

- Social budget: you'll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections!

- dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We’ve got your back!

*For people based in Montevideo (Uruguay) applying to non-IT roles, 55% monthly attendance to the office is required

What happens after you apply?

Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process!

Also, you can check out our webpage, Linkedin, Instagram, and Youtube for more about dLocal!