Legal & Compliance Lead (German-speaking) in Plymouth

We are an InsurTech business working with some of Europe's largest and most innovative insurers, combining technology, regulatory expertise, and deep insurance know-how to help clients build, launch, and grow. Our work spans a broad range of challenges across European markets. As we continue to grow, legal and compliance expertise remains a key part of enabling our clients' success and supporting the development of our own business.

Our team is a diverse group of professionals with backgrounds in insurance, tech, humanities, and beyond - and we believe that variety is our strength. We're collaborative, ambitious, always curious, and increasingly excited about what AI makes possible. Now, we are looking for a new team member to join our journey!

We are looking for a mid to senior compliance professional to take end-to-end ownership of our legal, data protection and compliance programme. This is a high-autonomy role spanning DPO, ISO 27001, and legal contract support — working directly with the CEO, CTO, and external counsels in a fast-growing InsurTech sitting at the intersection of technology and insurance, with a dedicated compliance infrastructure service for regulated entities across Europe.

Beyond the core compliance remit, the role also supports the MGA and EU market access function, working closely with the existing team, providing senior compliance input and developing into a regulatory backup over time. We operate under GDPR, hold ISO 27001 certification, and support a portfolio of 40+ mostly London market insurance brokers and MGAs as a leading provider of post-Brexit EU market access solutions. We are committed to supporting the right candidate in obtaining all required qualifications connected to the role, including company-sponsored support, dedicated study leave and preparation time.

What You'll Do:

• Data Protection & DPO
  • Serve as the named Data Protection Officer under EU and UK GDPR, maintaining the full compliance programme — including RoPA, privacy notices, lawful basis documentation, retention schedules, DSARs, LIAs, and international transfer assessments.
  • Conduct and review DPIAs for new products, vendors, and processing activities.
  • Own breach response procedures and act as the primary point of contact with relevant data protection supervisory authorities, including the competent German authority and the ICO.
  • Monitor AI-related privacy risks and maintain practical AI governance documentation, including acceptable use guidance, GDPR-focused AI training materials and review of AI use cases involving personal or confidential data.
• ISO 27001 & Information Security
  • Lead and maintain the ISO 27001 ISMS, ensuring it remains embedded, effective and audit-ready.
  • Maintain the GRC platform (currently Scytale), including control evidence, policy documentation, risk records, and compliance workflows.
  • Own the information security risk register, including risk assessments, mitigation tracking, horizon scanning, and leadership reporting.
  • Oversee vendor and supplier risk management, including security due diligence, ongoing monitoring, and remediation coordination.
  • Manage information security training and awareness, including phishing simulations, policy acknowledgements, and audit evidence tracking.
  • Lead internal ISO 27001 audits and support external surveillance and recertification audits, including preparation, evidence gathering, and remediation tracking.
• Legal & Contract Support
  • Draft, review and quality-check commercial, client, vendor, and supplier contracts, escalating complex or high-risk matters to external counsel.
  • Maintain contract templates, legal playbooks, and related repositories, keeping documentation current and accessible.
  • Own contract administration and e-signature workflows, including document housekeeping and execution tracking.
  • Maintain data processing agreements in coordination with the broader privacy programme.
  • Provide ad hoc internal advice on legal, contractual, and regulatory questions; support corporate governance and board-level compliance reporting.
• Compliance Operations & Reporting
  • Manage the company-wide compliance training programme, covering data protection, regulatory compliance, AI governance, and role-specific needs.
  • Maintain the compliance incident management framework, including logging, escalation, investigation support, and remediation tracking.
  • Coordinate cross-functional compliance reporting across risks, incidents, training, regulatory developments, and audit actions.
  • Support horizon scanning for legal, regulatory, and compliance developments, assessing impact with internal stakeholders.
  • Support business continuity and operational resilience documentation and lead or contribute to ad hoc compliance projects as required.
• EU Market Access & MGA Compliance
  • Work closely with the existing EU market access team to support compliance oversight across the client portfolio, periodic reviews, and escalation management.
  • Act as senior compliance escalation point for client queries, regulatory interpretation, and ongoing market access matters.
  • Develop a strong working understanding of KASKO’s EU market access model, MGA arrangements, distribution structure and insurance intermediation obligations.

This is a genuine ownership role. You will hold the DPO appointment, lead the ISO programme, and have a direct line to leadership. The business has already invested in AI-powered compliance tooling and existing workflows - you will inherit a solid foundation and have the mandate to build on it. For the right person, this is a rare opportunity to own a full compliance and legal function in a fast-growing InsurTech operating at the heart of the regulated insurance world.

About You:

• Fluent in German and English (written and spoken).
• Demonstrated experience in data protection and/or compliance in a regulated environment.
• Legal background or strong legal exposure (a Law degree is advantageous).
• A holder or is actively working towards a recognised DPO qualification (e.g. CIPP/E, CIPM, BCS Practitioner Certificate in Data Protection) — must be in place within 3 months of joining, with 2 weeks of paid study leave provided.
• Familiar with ISO 27001 and information security management — internal auditor qualification desirable, with training support available.
• Comfortable with ambiguity and able to work independently across multiple disciplines.
• A confident communicator, able to engage credibly with senior stakeholders, clients, and external advisers.
• Pragmatic, solutions-oriented mindset.
• Detail-oriented while maintaining a strong strategic perspective.
• Insurance or InsurTech experience is a bonus, but curiosity about the sector matters more.

We Offer:

• A small, senior team where your work is visible and your voice is heard.
• A clear pathway into a Legal, Compliance & Regulatory leadership position within a fast-growing European InsurTech business.
• The opportunity to be part of a company intentionally building towards an AI-first way of working.
• Full support towards required qualifications — with company-sponsored fees, dedicated study leave, and preparation time.
• An attractive salary package.
• Stock options, so you share directly in KASKO’s long-term success.
• Unlimited holiday - you own your time off.
• Flexible working hours and the freedom to work from anywhere in the UK or Germany.

KASKO is an Equal Opportunity Employer and we value diversity at our company. We do not discriminate based on race, religion, national origin, colour, gender, gender identity or expression, sexual orientation, age, marital or parental status, disability status, or any other characteristic protected by law. Our aim is to ensure that all employees and job applicants are given equal opportunity and that our organisation is representative of all sections of society.

We use AI tools at certain stages of our recruitment process to help us work efficiently, but always with a human in the loop. Every hiring decision is made by a person, not an algorithm. By submitting your CV, you agree that your personal data is processed by KASKO for recruitment purposes only. You reserve the right to withdraw your application at any time by contacting us.