Working Student supporting regulatory and compliance efforts at Paymenttools' e - money institution. Collaborating on risk management and compliance projects in a hybrid role based in Cologne.
About the role
- Head of Compliance at Compass managing enterprise risk, information security, and multi-jurisdictional regulatory compliance. Building compliance frameworks in an exciting high-growth SaaS environment.
Responsibilities
- Oversee compliance across payment operations, third-party providers and key commercial partners.
- Establish and standardise onboarding, compliance requirements and documentation processes.
- Lead external compliance audits and act as the primary liaison with partners and assessors.
- Identify and implement process improvements and automation to improve efficiency and reduce manual effort.
- Lead ISO 27001 certification and ongoing ISMS maintenance across Australian and international entities.
- Own audit preparation, evidence gathering and control documentation, driving a shift to continuous audit readiness.
- Manage risk assessments and maintain the risk register, escalating material findings where required.
- Support expansion into the UK and Ireland, ensuring alignment with GDPR, UK GDPR and NIS2.
- Partner with Product and Engineering to embed security and compliance-by-design principles.
- Oversee alignment with PCI-DSS and other relevant data security standards.
- Provide compliance input into new products, commercial initiatives and customer contracts.
- Develop, maintain and embed compliance policies and procedures across the organisation.
- Deliver training and awareness programs across privacy, information security and payments.
- Monitor regulatory developments (ASIC, APRA, OAIC, ICO, CBI) and advise on required actions.
- Establish and maintain a compliance monitoring and assurance program.
- Drive a culture of proactive risk identification and accountability.
- Maintain and report on the compliance risk register to the General Counsel, CFO and Board.
- Build relationships with regulators and key external partners.
- Support Legal on complex or high-risk compliance matters, escalating clearly and early.
Requirements
- 3–6 years’ experience in compliance, risk or information security within a regulated or technology environment.
- Proven experience operating as the primary or sole compliance owner in a previous role.
- Hands-on experience with ISO 27001, including certification or ISMS management.
- Exposure to multi-jurisdictional compliance, including UK and/or Irish regulatory environments.
- Strong process mindset, with the ability to design practical, scalable compliance frameworks.
- Clear and confident communication skills, translating regulatory complexity into actionable guidance.
- Highly regarded:
- Experience in payments, acquiring or merchant services environments.
- Exposure to Australian Privacy Act, GDPR or UK GDPR.
- Experience in a scaling SaaS, fintech or EdTech business.
- Relevant compliance qualifications (e.g. ICA).
- Familiarity with PayTo, NPP or Open Banking compliance.
Benefits
- A hybrid working environment, with teams working a hybrid structure in our office hubs.
- Learning and development opportunities, including a dedicated PD budget.
- 24/7 access to our Employee Assistance Program (EAP), including face-to-face, phone and live chat support.
- A parental leave program for both primary and secondary carers.
- Regular team events, social budgets and in-office perks help you stay connected, from team lunches to end-of-week socials.
- Employee Referral Program
- A supportive, inclusive culture where your voice is valued and heard.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Senior Consultant Regulatory Affairs participating in pharmaceutical projects focused on market access and regulatory compliance. Joining Deloitte's sector regulation team based in Madrid.
Trade Compliance Officer managing stakeholder compliance with UK and US export laws. Contributing to trade policies and documentation for international imports and exports in a hybrid role.
Expert HSE Compliance role focused on environmental regulations and safety in energy production at EniBioch4in. Overseeing compliance, audits, and promoting HSE culture across facilities.
Junior Regulatory Reporting Operations Specialist analyzing vast trade reporting data and ensuring regulatory reporting quality at SEB. Collaborating with teams to resolve reporting issues for regulatory compliance.
Risk & Compliance Advisory Practice Lead at Netwealth providing risk and compliance advice across investment and product governance. Leading advisory teams while ensuring regulatory compliance and risk management standards.
Director Compliance role at Manulife managing the Complaints & Regulatory Investigations team. Overseeing investigations and ensuring compliance with regulatory standards.
Regulatory Affairs Director overseeing activities in the Regulatory Affairs Department at CareSource. Focused on compliance, contracting, and leading the team in a hybrid work environment.
IT Regulatory Supervisor managing regulatory inquiries and oversight for capital projects at Eversource. Focused on compliance with state laws and regulations in the energy sector.
Assistant Manager overseeing Compliance operations for Southeast Asia - based FinTech company. Engaging in regulatory alignment and policy implementation across several locations.