
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Head of Compliance
Head of Compliance – Arqit Quantum Security Ltd
About the Role
Arqit is a global pioneer in post-quantum cryptography, providing a proven defence against both current and quantum cyber threats. We pride ourselves on fostering a positive, inclusive, and high-performing work environment—one where employees feel valued, managers support their teams’ success and well-being, and collective goals exceed individual expectations.
We are seeking a Head of Compliance to lead our compliance function and serve as a key member of the Operations team. In this senior, hands-on role, you will ensure the company adheres to regulatory standards, industry best practices, and internal policies, while overseeing critical frameworks such as:
- ISO 27001 certification (Information Security Management)
- Risk management
- GDPR compliance
- Export controls (ITAR, EAR, UK strategic controls)
- Internal auditing processes (including DCC and CMMC for defence/national security)
This position offers the opportunity to build and run the entire Risk and Compliance function—writing policies, conducting audits, managing certifications, and driving continuous improvement. As the authoritative voice on compliance, you will contribute to one of the most consequential cybersecurity companies in the world, delivering impact with the autonomy and visibility of a senior leadership role.
The role is based near Westminster, with flexibility for remote work. Nearby transport links include St James Park, Westminster, and Victoria stations.
Key Responsibilities
ISO 27001 & ISO 9001 Compliance & Internal Auditing
- Own and maintain ISO 27001 and ISO 9001 certifications, including documentation, surveillance audits, and recertification cycles.
- Plan and personally conduct internal audits, produce findings reports, and ensure corrective actions are closed.
- Drive continuous improvement in the ISMS (Information Security Management System) and QMS (Quality Management System), ensuring both frameworks remain operational.
- Maintain Cyber Essentials and Cyber Essentials Plus recertifications.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Defence Security Certifications (DCC & CMMC)
- Lead Arqit’s Defence Cyber Certification (DCC) programme in the UK, managing assessment readiness, evidence gathering, and remediation.
- Oversee the Cybersecurity Maturity Model Certification (CMMC) process for US operations, including:
- Gap analysis
- Practice implementation
- Preparation for third-party assessments
- Stay current on evolving requirements under both DCC and CMMC frameworks and ensure Arqit’s controls and documentation remain assessment-ready.
Risk Management
- Develop, own, and actively maintain the company’s risk management framework, including:
- Risk register
- Risk appetite statements
- Leadership reporting
- Identify, assess, and mitigate compliance risks across all business functions.
- Lead risk treatment rather than delegating issue resolution.
- Align risk management with company objectives, particularly in defence and national security operations.
Export Control
- Collaborate with Legal and COO to maintain a robust framework for export licence compliance, including:
- ITAR (International Traffic in Arms Regulations)
- EAR (Export Administration Regulations)
- UK strategic export controls (applicable to cryptographic technology)
- Manage and maintain evidentiary documentation and policies required for regulatory audits.
- Lead the KYC/B screening programme, working with Operations, Legal, and Finance.
Regulatory Compliance & Governance
- Work with relevant departments to review and update compliance policies, procedures, and training.
- Prepare and present compliance & risk reports to senior management.
- Monitor evolving UK, EU, and US regulatory landscapes and advise on changes affecting Arqit’s compliance posture.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Requirements
Essential
- Background in a Defence Prime or similarly regulated defence/national security environment, demonstrating:
- Understanding of the operational culture, rigour, and compliance expectations in this sector.
- Proven experience in a senior compliance role, with hands-on responsibility for:
- Writing policies
- Running audits
- Managing certifications
- Driving remediation to completion
- Hands-on experience with:
- ISO 27001 (certification maintenance and internal auditing)
- ISO 9001 (certification lifecycle)
- Direct experience with:
- DCC (Defence Cyber Certification) or CMMC (Cybersecurity Maturity Model Certification)
- If not, a clear, actionable plan to bridge any gap quickly.
- Strong understanding of compliance environments across:
- UK (including Ministry of Defence supply chain)
- EU (GDPR, NIS Directive)
- US (regulatory standards applicable to national security)
- Exceptional communication and stakeholder management skills, including the ability to present to senior leadership.
- The right to work in the UK without restrictions.
- Note: A possible future requirement for UK security clearances.
Highly Desirable
- Certifications including:
- CISM (Certified Information Security Manager)
- CISSP (Certified Information Systems Security Professional)
- ISO 27001 Lead Auditor/Implementer
- ISO 9001 Lead Auditor
- Experience with SOX controls and leading annual SOX risk assessments.
- Working knowledge of export control regulations, especially:
- ITAR
- EAR
- UK strategic export controls (as they relate to cryptography or information security systems)
- Prior experience in listed technology or cybersecurity companies.
- Familiarity with the UK Ministry of Defence supply chain compliance landscape.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location