Head of Risk and Compilance

Head of Risk and Compliance

Company: Zartis Location: Remote (Europe) Contract: Permanent Seniority: Senior Industry: Tech

About Zartis

Zartis is a global AI transformation and technology consulting partner. We collaborate with ambitious organizations to design, build, and scale technology solutions that deliver tangible impact. Our teams possess deep expertise in AI-driven platforms, secure API architectures, and cloud-native engineering. You will work on meaningful projects that accelerate the adoption of advanced technologies, from strategy and discovery through to full product delivery, helping to transform complex challenges into measurable outcomes. With engineering hubs across EMEA and LATAM, and long-term partnerships in financial services, healthcare and life sciences, and energy and climate, we offer opportunities to work on projects that truly matter.

About the Role

We are seeking a Head of Risk and Compliance to lead and evolve our Risk & Compliance function. This is a senior leadership role for an individual who can own the strategic risk agenda, foster a proactive compliance culture, and provide direct decision-making support to the COO. You will manage an internal R&C team, serve as the primary accountable owner across all compliance domains, and bring the necessary technical depth in information security and IT infrastructure to bridge the gap between governance frameworks and practical implementation.

Key Responsibilities

• Own and maintain the company-wide risk register, prioritizing and driving resolution across legal, operational, data, and information security domains.
• Develop and lead the annual risk assessment cycle, translating outputs into actionable mitigation plans with assigned owners and deadlines.
• Act as the accountable owner for IT security risk, collaborating with internal technical stakeholders and external providers to identify, assign, and address vulnerabilities, access controls, and infrastructure risks.
• Serve as the primary escalation point for all risk and compliance matters.
• Design and maintain the governance framework across 8 EU jurisdictions, ensuring policies are current, proportionate, and consistently applied.
• Lead incident response, managing the end-to-end process from detection to resolution, including client notification, root cause analysis, and lessons learned.
• Oversee ongoing ISO 27001 and Cyber Essentials certifications and lead future certifications (e.g., SOC 2) as required.
• Manage GDPR compliance across all entities, including Data Protection Impact Assessments (DPIAs), records of processing, data subject requests, breach management, and Data Protection Authority (DPA) relationships.
• Monitor and interpret emerging EU regulations, such as NIS2 and other upcoming frameworks, translating requirements into operational action plans before deadlines.
• Manage relationships with external legal counsel, auditors, and regulatory bodies.
• Directly manage the Risk & Compliance Manager and any future hires within the function.
• Set clear performance expectations and develop the team's capability to operate with minimal escalation.
• Act as an internal advisor to other business functions, including Business, Operations, and Finance.

Requirements

• 7+ years of experience in risk, compliance, or information security roles, with at least 3 years in a leadership capacity.
• Direct ownership experience with ISO 27001.
• Hands-on experience with GDPR compliance operations across multiple jurisdictions.
• A proven track record of building or significantly maturing a compliance function, not just maintaining an existing one.
• Experience working within a tech, consulting, or professional services environment.
• Demonstrated ability to engage C-suite executives and clients on risk-related topics with clarity and commercial awareness.

Nice to Have

• Exposure to AI governance frameworks or emerging EU regulations in the AI space.
• Familiarity with multi-entity structures across EU jurisdictions (e.g., Spain, Ireland, Portugal, Germany, UK).

What We Offer

• 100% Remote Work
• Work From Home Allowance: A monthly payment to support your remote working setup.
• Career Growth: Access to a structured career development program with 360º feedback to guide your progression.
• Training: Dedicated time for technical training, including online courses, English classes, books, conferences, and events.
• Mentoring Program: Opportunities to mentor or be mentored within Zartis.
• Zartis Wellbeing Hub (Kara Connect): Access to a platform offering sessions with specialists (mental health, nutrition, physiotherapy, fitness) and webinars.
• Multicultural Working Environment: Participation in tech events, webinars, parties, and online team-building activities.