
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Risk & Compliance Manager
Risk and Compliance Manager
Job Type: Permanent Hours of Work: Full-time Location: Hybrid/remote with access to our office locations in Abingdon, Portchester and Wootton Bassett Department: Finance Reporting to: CFO
About Conscia
Conscia is a leading provider of cybersecurity, networking, hybrid cloud, and observability solutions for mission-critical IT infrastructure in large European organisations. Conscia’s experts design, implement, and run innovative, customised IT solutions across cybersecurity, networking, hybrid cloud, and observability, supporting customers throughout their technology lifecycles. Founded in 2003, Conscia is owned by private equity investor Nordic Capital. With around 1,500 employees, Conscia serves large organisations in finance, healthcare, manufacturing, utilities, retail, and the public sector from offices in Belgium, Denmark, Finland, Germany, Ireland, Norway, Slovenia, Sweden, the Netherlands, and the UK.
People and Culture
We believe our company culture is part of what makes us special: it’s part of what people love about working here. We’re dedicated to nurturing a positive and inclusive culture, ensuring people can bring their whole selves to work each day. Our goal is to foster an environment where everyone feels valued, heard, and supported, and where they can thrive and succeed. This is reflected in our company values: Inspire Trust, Commit to Collaborate, Deliver on Promise, Learn for Life, and Embrace Sustainable Change.
About the Role
The Risk and Compliance Manager is a newly established role reporting to the CFO. This position is responsible for establishing, maintaining, and continually improving the organisation’s governance, risk management, and compliance framework. The role ensures the business operates in accordance with legal, regulatory, contractual, and certification requirements while supporting commercial objectives and safeguarding the organisation from operational, financial, legal, and reputational risks.
The Risk and Compliance Manager acts as the primary point of coordination for:
- Corporate governance
- Contractual risk management
- Information security compliance
- Quality management
- Environmental management
- Supplier assurance
- Policy development
- Business continuity planning
Working closely with senior leadership, legal advisers, customers, suppliers, and external auditors, the role holder provides pragmatic advice and oversight to ensure risks are identified, assessed, mitigated, and managed effectively.
Responsibilities
Governance and Risk Management
- Maintain and develop the organisation’s enterprise risk management framework.
- Own and maintain the corporate risk register and associated mitigation plans.
- Identify emerging legal, regulatory, commercial, and operational risks.
- Provide risk reporting, analysis, and recommendations to the Leadership Team and Board.
- Support strategic decision-making through risk assessment and governance reviews.
- Lead internal governance reviews and compliance monitoring activities.
- Develop and maintain governance policies, procedures, and controls.
Compliance Management
- Ensure compliance with applicable legislation, regulations, and industry standards.
- Maintain legal and regulatory compliance registers.
- Monitor changes in legislation and assess organisational impacts.
- Coordinate responses to customer compliance questionnaires, audits, and due diligence requests.
- Manage corrective actions arising from audits, incidents, or compliance reviews.
- Develop and deliver compliance awareness initiatives across the business.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Information Security and Data Protection
- Own compliance with ISO 27001 and associated information security controls.
- Coordinate information security governance activities with internal and external stakeholders.
- Maintain policies and procedures relating to information security and data protection.
- Own GDPR compliance activities, including supplier due diligence, contractual reviews, and incident management.
- Coordinate security-related customer requirements and assurance activities.
Quality and Environmental Management
- Manage the Integrated Management System (IMS).
- Maintain certification against ISO 9001, ISO 14001, and ISO 27001.
- Coordinate certification audits and surveillance visits.
- Lead internal audit programmes and management review activities.
- Manage non-conformities, corrective actions, and continual improvement initiatives.
- Maintain organisational objectives, monitoring programmes, and performance reporting.
Contractual and Commercial Risk
- Review customer, supplier, and partner contracts to identify and mitigate risk.
- Provide contractual and commercial guidance to sales, procurement, and operational teams.
- Own negotiations relating to liability, indemnities, service levels, data protection, and regulatory obligations.
- Maintain contract governance processes and contract management frameworks.
- Oversee contractual compliance obligations throughout contract lifecycles.
- Own dispute resolution and contractual issue management.
Supplier Assurance and Procurement Governance
- Develop and maintain supplier assurance and onboarding processes.
- Conduct supplier risk assessments covering security, compliance, financial stability, and business continuity.
- Maintain approved supplier records and assurance documentation.
- Own procurement governance and due diligence activities.
- Monitor critical supplier performance and compliance.
Business Continuity and Resilience
- Maintain the Business Continuity Management framework.
- Coordinate business impact assessments and continuity planning activities.
- Develop and maintain business continuity and disaster recovery plans.
- Coordinate testing and exercising programmes.
- Own incident response and organisational resilience initiatives.
Corporate Governance
- Maintain corporate policies and organisational procedures.
- Own company secretarial and governance activities as required.
- Coordinate insurance renewals and risk disclosures.
- Manage governance requirements arising from acquisitions, restructures, and organisational change.
- Maintain organisational records and document control processes.
Audit and Assurance
- Lead internal audit planning and execution.
- Coordinate external certification and customer audits.
- Track audit findings and corrective actions.
- Produce management reports and compliance metrics.
- Support assurance activities across all operational functions.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Stakeholder Management
- Act as a trusted advisor to senior management on risk and compliance matters.
- Engage with customers, suppliers, auditors, certification bodies, and regulatory stakeholders.
- Own bid and tender responses relating to governance, compliance, and assurance requirements.
- Promote a positive culture of compliance and continuous improvement throughout the organisation.
Requirements
Essential
- Significant experience in risk, compliance, governance, legal operations, or business assurance within a technology, managed services, telecommunications, or professional services environment.
- Proven experience managing integrated management systems, including ISO 9001, ISO 14001, and ISO 27001, together with internal and external audit programmes.
- Experience reviewing, negotiating, and managing commercial contracts, contractual risk, and liability provisions.
- Experience developing and maintaining governance frameworks, risk registers, policies, procedures, and internal controls.
- Experience managing supplier assurance, due diligence, and third-party risk management programmes.
- Working knowledge of information security, UK GDPR, data protection, business continuity, and organisational resilience practices.
- Strong understanding of risk management principles, quality management systems, and continual improvement methodologies.
- Knowledge of public sector procurement frameworks and compliance requirements.
- Strong analytical, problem-solving, and risk-based decision-making skills with excellent commercial awareness.
- Excellent written and verbal communication skills, including policy drafting and the ability to influence stakeholders at all levels.
- Ability to interpret complex legal, contractual, and regulatory documentation and translate requirements into practical business controls.
- Highly organised, self-motivated, and able to manage multiple priorities with minimal supervision while maintaining strong attention to detail.
Nice to have
- Degree or equivalent professional experience.
- Internal Auditor or Lead Auditor qualification in one or more of ISO 9001, ISO 14001, or ISO 27001.
- Risk Management qualification (IRM or equivalent).
- Data Protection qualification (IAPP, BCS, or equivalent).
- PRINCE2, MSP, or similar project/programme management qualification.
- Membership of a recognised compliance, governance, or risk management professional body.
Benefits
We constantly review our benefits package to support our employees effectively. Our current benefits package includes:
- 25 days of annual leave, plus bank holidays; a buy/sell holiday scheme, allowing you to buy/sell up to 5 days each year.
- A day off on your birthday.
- Flexible working.
- Up to 40 days of occupational sick pay.
- Life assurance.
- Private healthcare.
- Electric vehicle lease scheme.
- Bicycle purchase scheme.
- Enhanced maternity and paternity pay.
- Voucher rewards through YuLife.
- A positive and supportive culture to help you bring your best self to work.
- Ongoing support for your professional development.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills