Job Type: Permanent
Hours of Work: Full-time
Location : Hybrid/remote with access to our office locations in Abingdon, Portchester and Wootton Bassett
Department : Finance
Reporting to : CFO
About Conscia
Conscia is a leading provider of cybersecurity, networking, hybrid cloud, and observability solutions for mission-critical IT infrastructure in large European organisations. Conscia’s experts design, implement, and run innovative, customised IT solutions across cybersecurity, networking, hybrid cloud, and observability, supporting our customers throughout their technology lifecycles. Founded in 2003, Conscia is owned by private equity investor Nordic Capital. With around 1,500 employees, Conscia serves large organisations in finance, healthcare, manufacturing, utilities, retail, and the public sector from offices in Belgium, Denmark, Finland, Germany, Ireland, Norway, Slovenia, Sweden, the Netherlands, and the UK.
People and Culture
We believe our company culture is part of what makes us special: it’s part of what people love about working here. We’re dedicated to nurturing this positive and inclusive culture, so that people are empowered to bring their whole selves to work each day. Our goal is to foster an environment where people feel valued, heard, and supported, and where they can thrive and succeed. This is reflected in our company values: Inspire Trust, Commit to Collaborate, Deliver on Promise, Learn for Life and Embrace Sustainable Change.
The Candidate – What YOU can bring to Conscia
Required skills, experience and effective behaviours
Essential
- Significant experience in risk, compliance, governance, legal operations or business assurance within a technology, managed services, telecommunications or professional services environment.
- Proven experience managing integrated management systems, including ISO 9001, ISO 14001 and ISO 27001, together with internal and external audit programmes.
- Experience reviewing, negotiating and managing commercial contracts, contractual risk and liability provisions.
- Experience developing and maintaining governance frameworks, risk registers, policies, procedures and internal controls.
- Experience managing supplier assurance, due diligence and third-party risk management programmes.
- Working knowledge of information security, UK GDPR, data protection, business continuity and organisational resilience practices.
- Strong understanding of risk management principles, quality management systems and continual improvement methodologies.
- Knowledge of public sector procurement frameworks and compliance requirements.
- Strong analytical, problem-solving and risk-based decision-making skills with excellent commercial awareness.
- Excellent written and verbal communication skills, including policy drafting and the ability to influence stakeholders at all levels.
- Ability to interpret complex legal, contractual, and regulatory documentation and translate requirements into practical business controls.
- Highly organised, self-motivated and able to manage multiple priorities with minimal supervision while maintaining strong attention to detail.
Nice to have
- Degree or equivalent professional experience.
- Internal Auditor or Lead Auditor qualification in one or more of ISO 9001, ISO 14001 or ISO 27001.
- Risk Management qualification (IRM or equivalent).
- Data Protection qualification (IAPP, BCS or equivalent).
- PRINCE2, MSP or similar project/programme management qualification.
- Membership of a recognised compliance, governance or risk management professional body.
The Risk and Compliance Manager role is a newly established role reporting to the CFO, responsible for establishing, maintaining and continually improving the organisation's governance, risk management, and compliance framework. The role ensures the business operates in accordance with legal, regulatory, contractual, and certification requirements while supporting commercial objectives and protecting the organisation from operational, financial, legal and reputational risk.
The role acts as the primary point of coordination for corporate governance, contractual risk management, information security compliance, quality management, environmental management, supplier assurance, policy development and business continuity planning.
Working closely with senior leadership, legal advisers, customers, suppliers, and external auditors, the postholder provides pragmatic advice and oversight to ensure risks are identified, assessed, mitigated and managed effectively.
Governance and risk management
- Maintain and develop the organisation's enterprise risk management framework.
- Own and maintain the corporate risk register and associated mitigation plans.
- Identify emerging legal, regulatory, commercial and operational risks.
- Provide risk reporting, analysis and recommendations to the Leadership Team and Board.
- Support strategic decision-making through risk assessment and governance reviews.
- Lead internal governance reviews and compliance monitoring activities.
- Develop and maintain governance policies, procedures, and controls.
Compliance management
- Ensure compliance with applicable legislation, regulations and industry standards.
- Maintain legal and regulatory compliance registers.
- Monitor changes in legislation and assess organisational impacts.
- Coordinate responses to customer compliance questionnaires, audits, and due diligence requests.
- Manage corrective actions arising from audits, incidents, or compliance reviews.
- Develop and deliver compliance awareness initiatives across the business.
Information security and data protection
- Own compliance with ISO 27001 and associated information security controls.
- Coordinate information security governance activities with internal and external stakeholders.
- Maintain policies and procedures relating to information security and data protection.
- Own GDPR compliance activities, including supplier due diligence, contractual reviews, and incident management.
- Coordinate security-related customer requirements and assurance activities
Quality and environmental management
- Manage the Integrated Management System (IMS).
- Maintain certification against ISO 9001, ISO 14001, and ISO 27001.
- Coordinate certification audits and surveillance visits.
- Lead internal audit programmes and management review activities.
- Manage non-conformities, corrective actions, and continual improvement initiatives.
- Maintain organisational objectives, monitoring programmes, and performance reporting
Contractual and commercial risk
- Review customer, supplier, and partner contracts to identify and mitigate risk.
- Provide contractual and commercial guidance to sales, procurement, and operational teams.
- Own negotiations relating to liability, indemnities, service levels, data protection, and regulatory obligations.
- Maintain contract governance processes and contract management frameworks.
- Own dispute resolution and contractual issue management.
- Oversee contractual compliance obligations throughout contract lifecycles
Supplier assurance and procurement governance
- Develop and maintain supplier assurance and onboarding processes.
- Conduct supplier risk assessments covering security, compliance, financial stability, and business continuity.
- Maintain approved supplier records and assurance documentation.
- Own procurement governance and due diligence activities.
- Monitor critical supplier performance and compliance
Business continuity and resilience
- Maintain the Business Continuity Management framework.
- Coordinate business impact assessments and continuity planning activities.
- Develop and maintain business continuity and disaster recovery plans.
- Coordinate testing and exercising programmes.
- Own incident response and organisational resilience initiatives.
Corporate governance
- Maintain corporate policies and organisational procedures.
- Own company secretarial and governance activities as required.
- Coordinate insurance renewals and risk disclosures.
- Manage governance requirements arising from acquisitions, restructures, and organisational change.
- Maintain organisational records and document control processes
Audit and assurance
- Lead internal audit planning and execution.
- Coordinate external certification and customer audits
- Track audit findings and corrective actions.
- Produce management reports and compliance metrics.
- Support assurance activities across all operational functions
Stakeholder management
- Act as a trusted advisor to senior management on risk and compliance matters.
- Engage with customers, suppliers, auditors, certification bodies, and regulatory stakeholders.
- Own bid and tender responses relating to governance, compliance, and assurance requirements.
- Promote a positive culture of compliance and continuous improvement throughout the organisation
We constantly review our benefits package to ensure our people are enabled to effectively fulfil their roles. Our current benefits package includes:
- 25 days of annual leave, plus bank holidays and a buy/sell holiday scheme where you can buy/sell up to 5 days each year
- A day off for your birthday
- Flexible working
- Up to 40 days of occupational sick pay
- Life assurance
- Private healthcare
- Electric vehicle lease scheme
- Bicycle purchase scheme
- Enhanced maternity and paternity pay
- Voucher rewards through YuLife
- A positive and supportive culture to help you bring your best self to work
- Ongoing support for your professional development