Compliance Lead

Compliance Lead London - Hybrid £75,000 - £80,000

Why this role exists

Onsi operates in a highly regulated environment where trust, security, and regulatory integrity are foundational to our growth. As we scale our enterprise partnerships and insurance operations across markets, maintaining a robust, scalable compliance and risk framework is critical-not just to meet regulatory expectations, but to enable the business to move with confidence.

This role exists to own enterprise risk, compliance, and legal governance across the business; ensuring we remain compliant, audit-ready, and resilient as we grow across markets.

Why this role matters

As Compliance Lead, you will be a senior steward of Onsi's regulatory posture. You'll provide governance, oversight, and assurance-ensuring that compliance, security and legal-related requirements are consistently met across the organisation.

Reporting to the COO, you will partner closely with Engineering, Product (financial and digital), Operations, Information Security, and leadership teams while maintaining independent oversight and challenge. Your focus is not day to day delivery, but ensuring that what Onsi builds, sells, and operates stands up to regulatory scrutiny and best practice-particularly across financial service regulation, data protection, cybersecurity and operational risk.

Why Onsi, why now

With strategic backing from Zurich Insurance and investors behind Deliveroo, Zoopla, and Delivery Hero, Onsi is entering its next phase of growth. As we scale, we're intentionally building small, high-impact teams that own real problems end to end.

Reporting line & team

• Reports to: COO
• Line management: 1 direct report (Compliance Specialist)
• Operating model: You set strategy, priorities, governance and assurance; your Compliance Specialist runs day to day programme execution (e.g., control testing coordination, evidence collection, documentation maintenance, audit preparation support), working cross functionally with Product, Engineering, Ops and InfoSec.

Key Responsibilities

• Enterprise Risk and Compliance Framework
  • Own and evolve a group wide compliance and risk framework that supports regulatory compliance, operational resilience, and scale.
  • Define risk appetite/thresholds (where appropriate), maintain the enterprise risk register, and ensure clear escalation and decision making pathways.
• Regulatory Engagement & Horizon Scanning (FCA, AFM, DFSA)
  • Act as Onsi's primary compliance interface with regulators (e.g., UK FCA, Dutch AFM and Danish FSA), as appropriate to our operating model and permissions.
  • Lead horizon scanning, regulatory change management, and early response to new or evolving obligations- translating requirements into practical controls and delivery expectations.
• Policy, Controls & Governance Oversight
  • Ensure clear, practical compliance, legal, and security policies are in place, understood, and operating effectively across the business.
  • Establish a governance cadence (forums, reporting, attestations) that provides leadership with clear visibility of compliance posture and issues.
• Audit, Assurance & Due Diligence (Carriers / Lloyd's / Enterprise / Regulatory)
  • Own readiness for audits and reviews by insurance carriers and Lloyd's, and support other assurance activity (enterprise security reviews, regulatory reviews, customer due diligence).
  • Set the standard for documentation quality and evidence expectations; ensure controls are demonstrably operating and issues are remediated with pace and rigour.
  • Oversee third party and partner risk governance from a compliance, cyber, and legal risk perspective (including outsourced service considerations).
• Insurance Operations Governance
  • Oversee compliance standards, governance protocols, and regulatory obligations relating to insurance operations and partners.
  • Ensure partner expectations and delegated requirements (where applicable) are met and evidenced.
• Delivery Compliance & KYC Oversight
  • Provide oversight of KYC, onboarding, and delivery side compliance requirements, ensuring proportionate controls without slowing execution.
  • Ensure ownership is clear across teams and that compliance requirements are embedded early in delivery, not bolted on at the end.
• GDPR & Data Protection Governance
  • Own oversight of GDPR compliance, ensuring appropriate governance around privacy by design, DPIAs/assessments where required, incident readiness, and third party processing risk.
  • Partner with Product, Engineering, and InfoSec to ensure privacy and security controls remain effective and auditable.
• ISO 27001 Oversight & Certification Maintenance
  • Provide senior ownership of ISO 27001 certification maintenance and audit readiness, ensuring governance, internal assurance, management review inputs, and corrective actions are operating effectively.
  • Work closely with InfoSec and Engineering while maintaining independence of oversight and assurance.
• Team Leadership & Capability Building
  • Line manage and develop the Compliance Specialist, setting priorities, coaching on execution, and ensuring high quality programme outputs.
  • Build scalable ways of working-tooling, templates, playbooks, and reporting-that reduce friction and improve consistency over time.
• Compliance Training & Culture
  • Set direction for compliance training and promote a practical, values led compliance culture across Onsi.
  • Enable teams to understand requirements and make good decisions without creating bottlenecks.

The successful candidate is expected to follow all Onsi security policies and procedures.

What you bring

• A recognised professional qualification in compliance, data protection, risk, or security governance (or equivalent senior experience delivering these outcomes in practice).
• Senior experience in compliance, risk, and/or legal governance within regulated environments (financial services, insurance, fintech, or adjacent).
• Strong working knowledge of regulatory, legal, cybersecurity, and data protection frameworks, including UK GDPR, ISO 27001, Cyber Essentials, and operational resilience expectations.
• Experience designing and operating regulatory and legal risk frameworks, including horizon scanning and regulatory change management.
• Credible experience preparing organisations for audits, regulatory reviews, enterprise due diligence, and legal scrutiny-and engaging confidently with regulators, insurers, auditors, and external stakeholders.
• Experience overseeing third party and partner risk, including compliance, cyber, and legal risk assessments.
• Strong judgement and communication skills, with the confidence to challenge constructively and escalat when needed, while staying pragmatic and delivery oriented.

Is This Role a Fit for You?

This role is a great match if you thrive on ownership, embrace ambiguity as a chance to grow, and celebrate small wins while keeping the big picture in sight. Most importantly, you believe there's no I in Onsi - we always win as a team.

It's probably not for you if you prefer rigid structure, narrowly defined roles, or working fully remote. We're hands on generalists who adapt quickly and learn best by collaborating in person.

What will you get in return?

Compensation & Financial Benefits

• Pension contributions (UK) with matching up to 7%
• Access to Onsi ODP & Marketplace: Get hands on with our own product including early wage access and savings plus exclusive offers through Onsi Marketplace.
• Cycle Schemes:
  • CycleSaver subscription: save up to 47% on shared cycles (Lime, Forest, Beryl, Dott, Voi, Santander) with flexible salary sacrifice
  • Cycle to Work scheme buy a bike or e bike via salary sacrifice and save on tax

Time Off & Leave

• ️ 25 days annual leave + UK bank holidays (rising to 35 days with tenure)
• Birthday day off
• Up to 3 extra days for weddings or moving house
• ️ 1-month paid sabbatical after 5 years of service
• Enhanced parental leave (enhanced pay + staggered return)
• Family leave: fertility treatment, appointments & growing your family

Growth & Learning

• Personal development budget: £500 per year, increasing to £1,500 after 3 years to invest in your growth (courses, books, coaching)
• Learning & Development Days: 12 dedicated days each year for professional growth, training, or upskilling
• Knowledge sharing culture: Regular Lunch & Learns, Monthly Speaker Series, cross team workshops, and company offsites to expand your perspective and keep learning

️ Health & Wellbeing

• ️ PT-Link Fitness App: Personalised training plans, nutrition guidance, and habit coaching at your fingertips
• 24/7 GP access: Virtual doctor appointments anytime, anywhere
• Mental health support: Counselling, resources, and wellbeing check ins to help you

Culture & Perks

• Hybrid working: Choose flexibility - split your time between home and our London or Amsterdam or Cape Town offices
• Work from abroad: up to 20 days per year
• Social culture: Regular team lunches, coffee catch ups, after work drinks . click apply for full job details