Global Head of Risk & Compliance (Technology Start Up)
Creating and developing the Risk and Compliance function for a Technology start-up who have recently developed their Global offering. Working with ISO 27001, enterprise risk, KYB, legal compliance and data risk.
Our client is solving online trust at a global scale.
Millions of day-to-day interactions take place digitally: their mission is to help people and businesses trust each other, even when they've never met face-to-face. Today, they work with global customers, including JustGiving, Revolut, Deliveroo, and Couchsurfing to help them verify users, investors, drivers and guests across 195 countries.
But they're just getting started! So far, they've been a pioneer in using deep learning to verify identity and reduce fraud. Their goal is to apply cutting-edge research to build powerful, simple products to drive trust, inclusion and safety in online business, collaboration and sharing.
They are currently looking for a Global Head of Risk and Compliance to support them with the creation, improvement and operation of their Global Risk and Compliance Management Program.
Reporting to the Director of Security, the role will involve the following:
- Work collaboratively with key stakeholders
- Advocate a strong culture of handling and managing personal data and classified business data sensitively through effective training and awareness programs.
- Maintaining an overview of all work streams related to information security and privacy
- Seek out and implement certifications appropriate to our business either proactively or as demanded by the market (eg. SOC 1/2, eIDAS, ISO/IEC 30107, TRMG / OSPAR, etc)
- Creating policies and processes appropriate to the business relating to the management of risk beyond ISO 27001;
- Responding to compliance related queries from clients during contract negotiation
- Supervising and following up with ad hoc audits, if any;
- Managing our Know Your Business (KYB) research;
- Implementing and operating the global ERM
- Support risk assessment questionnaire review from suppliers: review of answers, posing further questions, reviewing answers, recommending risk approval (or not), coordinating with security;
- Managing the enterprise risk register;
- Proven performance of internal audits
- Identification and evaluation of relevant compliance standards
- General understanding of privacy requirements and market trends
- Implementation and management of enterprise risk management systems (ISO 31000)
- Performance of risk assessments across organisations including the areas of software engineering, IT, HR, finance and operations
- Supporting the management and mitigation of risks in close cooperation with various teams and functions in organisations
- Qualified ACA/ IIA/ ACCA/ ISO 27001 Lead Auditor certification
- Managing (or assisting in the management of) the ISO 27001 programme in a certified organisation;
- Hands on experience with the implementation and management of other compliance and risk management standards (e.g. PCI-DSS, eIDAS, ISO/IEC 30107, TRMG / OSPAR, Cobit, COSO, OCEG, SOC, SSAE)
- Good understanding of cloud technologies, SaaS and software engineering processes.
- Good understanding of best practice security engineering
- Experience driving a privacy compliance program
- Opportunity to set up a function
- Share options
- 25 days holiday, plus bank holidays
- Pension (employer contribution 3% of base salary)
- Personalised Financial Advice
- Bupa Health Cash Plan
- Mental health coaching
- Flexible working
- Childcare vouchers
- Subsidised gym membership or home cleaning (50% up to £50 per month)
- Free yoga classes, 5-a-side football bookings
- Financial support for software or books you need
- Free languages classes (currently Spanish, French and English)
- A fully stocked kitchen with unlimited breakfast, drinks, snacks and fresh fruit every day
- Clubs: Coding, Running, Theatre, Games, Poker, Movies and many more!
- Quarterly socials (e.g. cookery classes, go-karting and private cinema trips)
- Open and transparent culture - meet for a Friday afternoon forum to engage peers informally over drinks.
- City of London / Central London location