Head of Risk and Compilance

About Zartis

Zartis is a global AI transformation and technology consulting partner dedicated to empowering ambitious organizations with cutting-edge technology solutions. Our expert teams specialize in AI-driven platforms, secure API architectures, and cloud-native engineering, delivering real impact from strategy to full product delivery. With engineering hubs across EMEA and LATAM, we partner with leading companies in financial services, healthcare, and energy, offering opportunities to work on meaningful projects that drive business outcomes and foster career advancement.

The Project

We are seeking a Head of Risk & Compliance to lead and evolve our Risk & Compliance function. This senior leadership role is designed for an individual who can own the strategic risk agenda, cultivate a proactive compliance culture, and provide direct decision-making support to the COO. You will manage an internal R&C team, serve as the primary accountable owner across all compliance domains, and leverage your technical expertise in information security and IT infrastructure to bridge the gap between governance frameworks and practical implementation.

What You Will Do

• Own and maintain the company-wide risk register, prioritizing and driving resolution across legal, operational, data, and information security domains.
• Develop and lead the annual risk assessment cycle, translating outputs into actionable mitigation plans with assigned owners and deadlines.
• Serve as the accountable owner for IT security risk, collaborating with internal stakeholders and external providers to identify and address vulnerabilities, access controls, and infrastructure risks.
• Act as the primary escalation point for all risk and compliance matters.
• Design and maintain the governance framework across 8 EU jurisdictions, ensuring policies are current, proportionate, and consistently applied.
• Lead incident response from detection to resolution, including client notification, root cause analysis, and lessons learned.
• Oversee ongoing ISO 27001 and Cyber Essentials certifications, and lead future certifications (e.g., SOC 2) as required.
• Manage GDPR compliance across all entities, including DPIAs, records of processing, data subject requests, breach management, and DPA relationships.
• Monitor and interpret emerging EU regulations (e.g., NIS2), translating requirements into operational action plans.
• Manage relationships with external legal counsel, auditors, and regulatory bodies.
• Directly manage the Risk & Compliance Manager and future team hires.
• Set clear performance expectations and develop team capabilities to minimize escalations.
• Act as an internal advisor to Business, Operations, and Finance functions.

What You Will Bring

• 7+ years of experience in risk, compliance, or information security roles, with at least 3 years in a leadership capacity.
• Direct ownership of ISO 27001 and hands-on experience with GDPR compliance operations across multiple jurisdictions.
• A proven track record of building or significantly maturing a compliance function.
• Experience working within a tech, consulting, or professional services environment.
• Demonstrated ability to engage C-suite executives and clients on risk topics with clarity and commercial acumen.

Nice to Have

• Exposure to AI governance frameworks or emerging EU AI regulations.
• Familiarity with multi-entity structures across EU jurisdictions (Spain, Ireland, Portugal, Germany, UK).

What We Offer

• 100% Remote Work.
• Work From Home allowance for remote working support.
• Career Growth opportunities through a structured development program and 360º feedback.
• Extensive Training resources, including allocated weekly time for online courses (Pluralsight, Educative.io), English classes, books, and conferences.
• Mentoring Program for professional development.
• Zartis Wellbeing Hub (Kara Connect) offering access to specialists (mental health, nutrition, physiotherapy) and webinars.
• A vibrant, multicultural working environment with regular online events, team-building activities, and contests.