Risk and Compliance Officer

It is our vision to connect the insurance community through market-leading technology. Our people are placed at the heart of this, and diversity, equity and inclusion are central to everything we do. We know the key to achieving success is to enable a positive, inclusive, and collaborative working culture, and, as part of our commitment, we have signed up for a number of pledges and programmes designed to support and nurture our people. No matter where you sit or which team you are a part of, we want you to know that you contribute in helping us to shape where the company will be in the future. We would love for each employee to be able to talk with pride about our company and, most importantly, consider Open GI to be an inclusive, fun and fulfilling place to work.

An overview of the role:

The Risk and Compliance Officer will play a critical role in safeguarding the organisation by ensuring compliance with legal, regulatory, and industry standards while proactively managing risk across all operations. This position is responsible for building and maintaining a robust compliance framework that addresses payment security, cybersecurity regulations, FCA compliance and product-related requirements. The role leads initiatives to achieve compliance with PCI DSS, PRA/FCA, and other relevant regulations, embedding risk management practices into everyday processes. The Risk and Compliance Officer will manage vendor and partner risk assessments to ensure third-party relationships meet stringent security and compliance standards. Working closely with product teams, the role ensures compliance is integrated throughout the product lifecycle, from design to deployment. As a trusted advisor to senior leadership, the Risk and Compliance Officer monitors emerging regulations, evaluates potential impacts, and implements strategies to maintain compliance and mitigate risk effectively. This position demands a strong understanding of regulatory landscapes, risk management principles, and regulatory compliance, combined with the ability to influence stakeholders and foster a culture of compliance across the organisation.

Your key responsibilities:

• Develop and maintain compliance programs aligned with PCI DSS, FCA and other legal frameworks.
• Drive enterprise-wide risk management processes, identifying and mitigating legal and operational risks.
• Ensure adherence to regulatory requirements, industry standards, and internal policies.
• Conduct critical vendor and partner risk assessments, ensuring third-party compliance with legal, finance and security requirements.
• Manage reporting and other regulatory requirements for the FCA regulated entity in the group, Powerplace.
• Collaborate with product teams to embed compliance requirements into product design and development.
• Develop and implement a Risk Management Framework for the organisation.
• Develop a regular cadence of risk management reporting to the Executive Team, Audit Committee and the Board.
• Manage the group wide insurance policies and oversee renewals.
• Monitor regulatory changes and industry trends, advising leadership on implications and necessary actions.
• Perform internal audits and compliance reviews, reporting findings and recommending improvements.
• Deliver training and guidance to staff on compliance obligations and risk management best practices.

What you’ll need to succeed:

Experience:

• 5 years + experience in a risk and compliance function in a regulated business (preferably experience of leading a small team or being second in command of a larger team).
• Proven track record in risk management and compliance, with hands-on experience implementing frameworks that meet regulatory and industry standards preferably in an FCA regulated environment.
• Strong background and understanding of PCI DSS compliance, including policy development, audit preparation, and remediation activities.
• Experience of FCA/PRA risk frameworks.
• Demonstrated ability to conduct critical vendor and partner risk assessments, negotiate compliance requirements, and manage third-party risk programs.
• Exposure to product compliance, including integrating legal and regulatory requirements into product design, development, and lifecycle management.
• Skilled in performing internal audits, compliance reviews, and risk assessments, and delivering actionable recommendations to senior leadership.
• Familiarity with contractual compliance clauses, regulatory reporting, and liaising with external auditors and regulators.
• Experience in developing training programs and promoting a culture of compliance across diverse teams.

Skills & Aptitudes:

• Regulatory Knowledge: Strong understanding of compliance frameworks, including PCI DSS, PRA/FCA and other relevant standards.
• Risk Management Expertise: Ability to identify, assess, and mitigate operational, legal, and vendor-related risks effectively.
• Analytical Thinking: Skilled in interpreting complex regulations and translating them into actionable compliance strategies.
• Communication & Influence: Excellent ability to present compliance requirements clearly to technical and non-technical stakeholders, and influence decision-making at all levels.
• Attention to Detail: Ensures accuracy and thoroughness in compliance documentation, audits, and reporting.
• Problem-Solving: Proactive approach to resolving compliance issues and implementing preventive measures.
• Collaboration: Strong interpersonal skills to work with product, legal, IT, and vendor teams to embed compliance into business processes.
• Adaptability: Ability to keep pace with evolving regulations, emerging technologies, and industry best practices.
• Training & Awareness: Capable of designing and delivering compliance training programs to promote a culture of risk awareness.

Mission and Values:

Our mission is to be both the Technology Partner and Employer of choice for the UK General Insurance Market. Our values are central to this vision, as they represent how we collaborate to continually deliver for our customers:

• Accountability: We own our actions and shape our success on the results we deliver.
• Innovation: We tackle challenges with fresh thinking and bold ideas.
• Teamwork: We work together, recognising we can’t do this without each other.
• Trust: We build trust on integrity, transparency and mutual respect.

We are looking for an individual who embraces our values in their actions, decisions, communications and processes to inspire positivity and, ultimately, exceptional performance.

Benefits package:

• Salary of circa £62,000, dependant on skills and experience.
• Company pension.
• Bonus opportunity.
• Life assurance and critical illness cover.
• Cycle to work scheme.
• Perkbox – an exclusive platform offering a wide range of discounts and benefits.
• Holiday entitlement of 25 days per annum, increasing to 26 days per annum after three years of service & a holiday purchase scheme.
• Opportunity for a more flexible approach to start, finish, and lunchtimes to allow you to better manage events outside of work.
• Social clubs - whether you’re into your cycling, crafts, or other hobbies, we have a number of groups at Open GI where individuals who enjoy the same pursuits can get together.
• Wellbeing – wills at work scheme, employee assistance programme and mental health first aiders.

Please note, this is a hybrid role requiring a minimum two days in-office attendance, at our Worcester office, therefore we are looking for candidates who live within a 50 mile commutable distance to one of these offices.