How you can help make a better world of work

The Senior Director, Risk & Compliance will lead and strengthen our enterprise-wide risk and compliance strategy and operational execution. You will embed a culture of risk awareness, operational resilience, and legal/regulatory compliance, supporting Culture Amp in achieving business outcomes and maintaining stakeholder trust.

You will ensure our frameworks, policies, and controls align with global standards (such as GDPR, SOC 2, ISO 27001, and ISO 42001) and regulatory obligations, while enabling innovation (including responsible development of AI capabilities). This role partners closely across the executive, board, and functional leadership to set appetite, monitor, mitigate and report on key risks, and drive continuous improvement.

Success in the Role Means

Culture Amp maintains robust risk management practices supporting innovation (including AI) and operational resilience.  Key risks are systematically identified, monitored, mitigated, and reported; appetite and tolerance are transparent. The company receives and retains relevant certifications and achieves regulatory compliance. Risk awareness and a compliance culture are embedded across all levels of the organization.

The Key Responsibilities Are

• Own and continuously evolve Culture Amp’s Risk Management Framework, ensuring our risk practices, appetite statement, and controls underpin strategic objectives, regulatory expectations, and stakeholder trust. 
• Facilitate forums and practices that effectively govern risk (ie Board and Management Risk Management Committees); drive regular forums for senior leadership to validate and monitor company-wide risks, including strategic, operational, financial, technology, and regulatory risks. Develop reporting packs for the Finance, Audit and Risk Governance Board sub-committee and the Board, ensuring transparency on key risks, compliance obligations, and risk-based decisions. 
• Collaborate with the functional risk owners to identify, assess, and prioritise risks across the organisation, including financial, operational, cybersecurity, artificial intelligence, and reputational risks.  Maintain oversight of risk registers and support functional risk owners to drive remediation plans including cost-benefit analysis, in line with appetite and tolerance. 
• Partner across the business (customer, product, ops teams) providing advice on the risk implications for emerging technology (e.g., Agentic AI, etc.), ensuring products and services are aligned to customer and regulatory obligations and within risk tolerance settings. 
• Oversee corporate compliance obligations including Camper training and tracking, ensuring staff complete mandatory requirements and are equipped to identify and respond to evolving threats (e.g., cybersecurity, fraud, business resiliency events). 
• Lead business resiliency and business continuity practice including documenting and maintaining supporting documentation, continuous improvement, and conducting at least annual simulations.
• Foster a risk-aware culture throughout the organisation by promoting risk management education and awareness.

What you’ll bring to Culture Amp:

• 10+ years in risk management and compliance with at least 5 years experience in a leadership role
• Track record leading risk and compliance for a high-growth, multi-national AI-led technology business (ideally SaaS/platform) 
• Familiarity with effective application of risk management frameworks in technology/AI platform development and industries with privacy and data protection obligations.
• Proven leadership building cross-functional risk forums/committees, delivering commercial outcomes in a risk-empowered context. 
• Strong knowledge of auditing standards (e.g. IIA Standards), risk management frameworks (e.g. ISO 31000), and compliance requirements (e.g. SOC 2, ISO 27001, GDPR)
• Experience in developing, implementing, and managing an Enterprise Risk Management (ERM) program in alignment with organisational objectives
• Extensive background in ensuring compliance with laws, regulations, and standards like GDPR, SOC 2, ISO 27001, and industry-specific regulations
• Experience with global operations, understanding the differences of compliance and risk management in different regulatory environments
• Strong ethical leadership, particularly in handling sensitive information and decisions with integrity