Risk & Compliance Lead

Job Title

Risk & Compliance Lead at Elliptic

London, UK

Info Sec

As our Risk & Compliance Lead, you will build and scale a best‑in‑class enterprise risk and compliance function for a forward‑thinking SaaS company operating in the digital asset space. You’ll own the design, implementation, and continuous improvement of a unified risk and compliance framework, balancing global regulatory expectations, operational resilience, and business agility.

• Strategy and ownership
  • Own Elliptic’s Risk and Compliance strategy, frameworks, and annual plan
  • Define risk appetite and tolerances with leadership; translate into KRIs and control objectives
• Enterprise risk management
  • Maintain risk taxonomy, registers, and assessment cadence across business, product, data, third‑party, and operational risks
  • Facilitate risk identification with domain owners, evaluate inherent/residual risk, and drive treatment plans
• Compliance framework (SaaS‑appropriate)
  • Identify applicable obligations and industry standards for a SaaS provider and maintain a single control framework mapped to them
  • Keep policies and standards current, actionable, and adopted across teams
• Control assurance and continuous improvement
  • Plan and run a risk‑based assurance programme to test control design and effectiveness
  • Manage issues, nonconformities, and lifecycle with clear ownership and due dates
• Operational resilience and incident governance
  • Partner with Platform, SRE, and Security to validate backup, recovery, continuity, and disaster recovery capabilities
  • Chair or contribute to post‑incident reviews to ensure learnings are captured and risks addressed
• Third‑party and product risk
  • Set methodology and thresholds for vendor and product risk, partnering with Procurement, Legal, and Product to embed controls in lifecycle workflows
• Assurance and audits
  • Coordinate external audits and certifications as needed; ensure our evidence strategy is efficient and reusable
  • Provide executive reporting on risk posture, top risks, trends, and remediation progress
• Ways of working and culture
  • Enable teams through guidance, training, and practical tooling; make compliance easy and transparent

• Directly lead the Risk and Compliance Analyst, delegating routine evidence collation while retaining ownership of strategy and executive reporting
• Work closely with Engineering, Platform/SRE, Product, Legal, Procurement, Sales/CS, and Data teams

• Proven ownership of an ERMF or equivalent risk programme in a SaaS or technology business
• Experience designing and operating a unified control framework mapped to multiple obligations or standards
• Knowledge of data protection and data governance practices relevant to SaaS
• Planning and executing risk‑based assurance and control testing, managing CAPA to closure
• Partnering with engineering and product teams to embed quality and compliance controls into their operations
• Clear, concise written communication and executive risk reporting
• Strong stakeholder management across technical and non‑technical teams

• Experience with ISO 27001, SOC 2, or similar certifications, and familiarity with ISO 9001/22301/14001 as contributing inputs
• Exposure to model risk governance or validation practices
• Experience with evidence automation or compliance tooling

• Hybrid working and the option to work from almost anywhere for up to 90 days per year
• £500 Remote working budget to set up your home office space
• $1,000 Learning & Development budget to use on anything that contributes to your growth and development
• Holidays: 25 days of annual leave + bank holidays, an extra day for your birthday, enhanced parental leave – 16 weeks fully‑paid
• Private Health Insurance – Vitality

Mid‑Senior level

Full‑time

Finance and Sales