Senior Risk and Compliance Officer in Wantage

We are seeking a highly organised and driven Senior Risk & Compliance (R&C) Officer to support our Risk & Compliance function. This individual will join the team alongside our existing R&C Officer and will play a pivotal role in ensuring the operational excellence of R&C within Airbox Systems. In this dynamic role, you will ensure that Airbox Systems adheres to legal, regulatory and internal policies and procedures to successfully support our business objectives while maintaining high standards, mitigating risk and upholding our commitment to robust R&C and Information Security practices.

What you’ll do

• Compliance

• Accreditation Management: Accountability for developing and executing detailed plans to achieve and maintain key business accreditations, including all ISO certifications and Cyber Essentials. Ensure compliance with the latest industry standards and best practices.
• Identifying Additional Accreditations: Identify potential new and relevant accreditations to enhance the company’s standing in Risk & Compliance management, keeping Airbox at the forefront of industry best practices. Support in obtaining these as appropriate.
• Employee Support and Training: Provide expert advice and training to employees across the business, helping them understand and maintain required Risk & Compliance standards and best practice.
• Internal Audits & ISMS Management: Lead regular internal audits across all areas of the business to assess compliance, identify areas for improvement, and ensure the Information Security Management System (ISMS) remains current and aligned with evolving business needs.
• External Certifications: Manage the external certification process, ensuring the necessary documentation and evidence are prepared for auditors. Regularly report to senior management on certification progress and the effectiveness of the ISMS.
• Compliance Policy and Procedures: Develop, review and implement Airbox Systems R&C framework, policies and procedures in alignment with current regulations and industry standards.
• Company Policy and Procedure Register: Manage company policy and procedure register and ensure that periodic reviews of company policies are completed and documented correctly.

• Risk Assessments: Conduct comprehensive risk assessments on live services and potential suppliers, ensuring alignment with the organisation’s risk management framework, policies and procedures. Identify potential risks, vulnerabilities, and mitigation strategies.
• Risk Identification and Mitigation: Collaborate with department leads and stakeholders to identify potential risks and develop and implement effective risk management strategies and action plans.
• Risk Registers: Work closely with relevant stakeholders to ensure that departmental risk registers are aligned with the Board-level risk register, resulting in a unified approach to risk management across the organisation.
• Risk Reporting: Compile and present detailed risk reports to senior management, highlighting risk profiles, mitigation actions, and strategic recommendations.
• Three Lines of Defense Framework: Oversee and coordinate the execution of the Three Lines of Defense risk management framework, ensuring clear accountability and effective risk mitigation.
• Risk Management Awareness: Lead initiatives to raise awareness of risk management practices within the business, including delivering training sessions and workshops to enhance understanding across departments.
• Incident Response: Act as the primary point of contact for risk-related incidents, leading the response efforts, managing mitigation strategies, and ensuring effective resolution.

• Data Protection Impact Assessments (DPIAs): Completion of DPIAs (internal and external).
• Record of Processing Activities (ROPA): Collaborate across the business to develop, manage and maintain Airbox Systems ROPA.

• Maintain and test BCDR plan: Review and update BCDR plan including simulating disaster scenarios to ensure operational readiness.
• Risk assessments: Identify vulnerabilities within Business Impact Assessments (BIA) and create strategies to minimise any disruption or downtime.
• Compliance and reporting: Ensuring the BCDR plan meets regulatory standards (i.e. ISO 22301) and report against this as required.

About You

• Professional Qualifications: A recognised professional qualification in risk management or business management.
• Risk Management Expertise: A minimum of 5 years of experience in Risk & Compliance, including strong experience in risk analysis, management and reporting.
• ISO Certification Experience: Demonstrable experience in achieving and maintaining ISO certifications, including ongoing compliance management, auditing, and preparation for recertification.
• Communication: An excellent communicator who can convey ideas clearly.
• Problem Solver: A proactive individual who takes initiative and strives for excellence.
• Organisation and attention to detail: Highly organised with a strong attention to detail.
• Continuous Improvement: A proactive approach towards continuous improvement of R&C across the business.

Bonus if you have

• Extensive, hands‑on experience with risk management and risk frameworks.
• Experience working with international teams and across multiple geographies.
• Familiarity with scaling businesses in a tech environment, particularly in high-growth settings.
• Experience in regulated industries and familiarity with industry-specific legislation.
• Relevant certifications such as ISO Lead Implementer.
• Knowledge of international compliance frameworks and accreditations, such as IRAP.

What we offer

• The chance to work with a passionate team that’s working together every day towards our shared big ambitious goal.
• A dynamic, flexible and fun scale-up work environment with a highly talented team.
• 26 days holiday per year, plus public holidays.
• Private medical cover with Bupa for all our colleagues.
• Pension scheme, offering up to 6% matching contribution.
• Electric Car Scheme.
• Flexible & Hybrid Working: We said you’ll get freedom to work in a way that is best for you, and that extends to being in the office – or not. Work better from home? No worries. Prefer the office? Come on down. We have 2 mandatory Townhall days; Spring and Autumn, where the whole business gets together. When you visit the office you won’t just find rows and rows of desks. No, you’ll find our colleagues meeting on the walking pads, having planning sessions over a game of tennis table or grabbing a bean bag in our ‘Quality’ collaborative space - that’s right we live our values so much, we named our meeting spaces after them.