Compliance Lead in London

Onsi operates in a highly regulated environment where trust, security, and regulatory integrity are foundational to our growth. As we scale our enterprise partnerships and insurance operations across markets, maintaining a robust, scalable compliance and risk framework is critical—not just to meet regulatory expectations, but to enable the business to move with confidence. This role exists to own enterprise risk, compliance, and legal governance across the business; ensuring we remain compliant, audit-ready, and resilient as we grow across markets.

As Compliance Lead, you will be a senior steward of Onsi’s regulatory posture. You’ll provide governance, oversight, and assurance—ensuring that compliance, security and legal-related requirements are consistently met across the organisation. Reporting to the COO, you will partner closely with Engineering, Product (financial and digital), Operations, Information Security, and leadership teams while maintaining independent oversight and challenge. Your focus is not day‑to‑day delivery, but ensuring that what Onsi builds, sells, and operates stands up to regulatory scrutiny and best practice—particularly across financial service regulation, data protection, cybersecurity and operational risk.

Key Responsibilities:

• Enterprise Risk and Compliance Framework: Own and evolve a group‑wide compliance and risk framework that supports regulatory compliance, operational resilience, and scale. Define risk appetite/thresholds (where appropriate), maintain the enterprise risk register, and ensure clear escalation and decision‑making pathways.
• Regulatory Engagement & Horizon Scanning (FCA, AFM, DFSA): Act as Onsi's primary compliance interface with regulators (e.g., UK FCA, Dutch AFM and Danish FSA), as appropriate to our operating model and permissions. Lead horizon scanning, regulatory change management, and early response to new or evolving obligations- translating requirements into practical controls and delivery expectations.
• Policy, Controls & Governance Oversight: Ensure clear, practical compliance, legal, and security policies are in place, understood, and operating effectively across the business. Establish a governance cadence (forums, reporting, attestations) that provides leadership with clear visibility of compliance posture and issues.
• Audit, Assurance & Due Diligence: Own readiness for audits and reviews by insurance carriers and Lloyd’s, and support other assurance activity (enterprise security reviews, regulatory reviews, customer due diligence). Set the standard for documentation quality and evidence expectations; ensure controls are demonstrably operating and issues are remediated with pace and rigour. Oversee third‑party and partner risk governance from a compliance, cyber, and legal risk perspective (including outsourced service considerations).
• Insurance Operations Governance: Oversee compliance standards, governance protocols, and regulatory obligations relating to insurance operations and partners. Ensure partner expectations and delegated requirements (where applicable) are met and evidenced.
• Delivery Compliance & KYC Oversight: Provide oversight of KYC, onboarding, and delivery‑side compliance requirements, ensuring proportionate controls without slowing execution. Ensure ownership is clear across teams and that compliance requirements are embedded early in delivery, not bolted on at the end.
• GDPR & Data Protection Governance: Own oversight of GDPR compliance, ensuring appropriate governance around privacy‑by‑design, DPIAs/assessments where required, incident readiness, and third‑party processing risk. Partner with Product, Engineering, and InfoSec to ensure privacy and security controls remain effective and auditable.
• ISO 27001 Oversight & Certification Maintenance: Provide senior ownership of ISO 27001 certification maintenance and audit readiness, ensuring governance, internal assurance, management review inputs, and corrective actions are operating effectively. Work closely with InfoSec and Engineering while maintaining independence of oversight and assurance.
• Team Leadership & Capability Building: Line manage and develop the Compliance Specialist, setting priorities, coaching on execution, and ensuring high‑quality programme outputs. Build scalable ways of working—tooling, templates, playbooks, and reporting—that reduce friction and improve consistency over time.
• Compliance Training & Culture: Set direction for compliance training and promote a practical, values‑led compliance culture across Onsi. Enable teams to understand requirements and make good decisions without creating bottlenecks.

The successful candidate is expected to follow all Onsi security policies and procedures.

What you bring:

• A recognised professional qualification in compliance, data protection, risk, or security governance (or equivalent senior experience delivering these outcomes in practice).
• Senior experience in compliance, risk, and/or legal governance within regulated environments (financial services, insurance, fintech, or adjacent).
• Strong working knowledge of regulatory, legal, cybersecurity, and data protection frameworks, including UK GDPR, ISO 27001, Cyber Essentials, and operational resilience expectations.
• Experience designing and operating regulatory and legal risk frameworks, including horizon scanning and regulatory change management.
• Credible experience preparing organisations for audits, regulatory reviews, enterprise due diligence, and legal scrutiny—and engaging confidently with regulators, insurers, auditors, and external stakeholders.
• Experience overseeing third‑party and partner risk, including compliance, cyber, and legal risk assessments.
• Strong judgement and communication skills, with the confidence to challenge constructively and escalate when needed, while staying pragmatic and delivery‑oriented.

This role is a great match if you thrive on ownership, embrace ambiguity as a chance to grow, and celebrate small wins while keeping the big picture in sight. Most importantly, you believe there’s no I in Onsi — we always win as a team. It’s probably not for you if you prefer rigid structure, narrowly defined roles, or working fully remote. We’re hands‑on generalists who adapt quickly and learn best by collaborating in person.

Thank you for considering Onsi. We’re looking for passionate individuals to help us shape the future of work. If this opportunity excites you, we’d love to hear from you!