Global Risk and Compliance Lead

Responsibilities

• Manage and enhance the Group’s enterprise risk framework, global risk register, and full risk lifecycle.
• Strengthen cybersecurity governance in partnership with the CISO, aligning to standards such as ISO 27001 and SOC 2.
• Lead the risk and compliance programme, ensuring controls are scalable for SOC 2 Type 2 and ISO 27001 certifications.
• Maintain a centralized, audit-ready evidence repository and coordinate internal/external audits and client due diligence.
• Oversee global policies and ensure alignment with regulatory and listing obligations.
• Support global data protection compliance, including GDPR and CCPA.
• Own vendor and third-party risk management, ensuring due diligence of suppliers and acquisition targets.
• Deliver executive reporting on risk posture, KPIs, and remediation milestones to senior leadership.

Requirements

• 5+ years of experience in risk, compliance, audit, or governance roles.
• Experience within professional services, consulting, technology, or a listed corporate environment.
• Proven experience managing risk registers, control frameworks, and remediation plans.
• Working knowledge of managing or supporting SOC 2, ISO 27001/27002, or NIST CSF certification processes.
• Practical understanding of global data protection requirements and supplier risk management.
• Ability to translate technical controls and regulatory requirements into operational practices.

Preferred Qualifications

• Experience working in a fast-growth or acquisition-heavy environment.
• Professional compliance qualification or a law/business-related degree.
• Strong understanding of cybersecurity governance and information security risk management.

About the Company

Elixirr is a Main Market-listed, fast-growing global consulting and digital transformation group. Operating across the UK, USA, EU, and South Africa, we help ambitious organisations turn strategy into measurable, sustainable results through an entrepreneurial, challenger-firm approach.