Compliance Lead

Onsi operates in a highly regulated environment where trust, security, and regulatory integrity are foundational to our growth. As we scale our enterprise partnerships and insurance operations across markets, maintaining a robust, scalable compliance and risk framework is critical—not just to meet regulatory expectations, but to enable the business to move with confidence.

This role exists to own enterprise risk, compliance, and legal governance across the business; ensuring we remain compliant, audit-ready, and resilient as we grow across markets.

As Compliance Lead, you will be a senior steward of Onsi’s regulatory posture. You’ll provide governance, oversight, and assurance—ensuring that compliance, security and legal-related requirements are consistently met across the organisation.

With strategic backing from Zurich Insurance and investors behind Deliveroo, Zoopla, and Delivery Hero, Onsi is entering its next phase of growth. As we scale, we’re intentionally building small, high-impact teams that own real problems end-to-end.

• Reports to:
  
  COO
• Line management: 1 direct report (Compliance Specialist)
• Operating model:
  You set strategy, priorities, governance and assurance; your Compliance Specialist runs day-to-day programme execution (e.g., control testing coordination, evidence collection, documentation maintenance, audit preparation support), working cross-functionally with Product, Engineering, Ops and Info Sec.

• Own and evolve a group-wide compliance and risk framework that supports regulatory compliance, operational resilience, and scale.
• Define risk appetite/thresholds (where appropriate), maintain the enterprise risk register, and ensure clear escalation and decision-making pathways.

• Act as Onsi's primary compliance interface with regulators (e.g., UK FCA, Dutch AFM and Danish FSA), as appropriate to our operating model and permissions.
• Lead horizon scanning, regulatory change management, and early response to new or evolving obligations—translating requirements into practical controls and delivery expectations.

• Ensure clear, practical compliance, legal, and security policies are in place, understood, and operating effectively across the business.
• Establish a governance cadence (forums, reporting, attestations) that provides leadership with clear visibility of compliance posture and issues.

• Own readiness for audits and reviews by insurance carriers and Lloyd’s, and support other assurance activity (enterprise security reviews, regulatory reviews, customer due diligence).
• Set the standard for documentation quality and evidence expectations; ensure controls are demonstrably operating and issues are remediated with pace and rigour.
• Oversee third-party and partner risk governance from a compliance, cyber, and legal risk perspective (including outsourced service considerations).

• Oversee compliance standards, governance protocols, and regulatory obligations relating to insurance operations and partners.
• Ensure partner expectations and delegated requirements (where applicable) are met and evidenced.

• Provide oversight of KYC, onboarding, and delivery-side compliance requirements, ensuring proportionate controls without slowing execution.
• Ensure ownership is clear across teams and that compliance requirements are embedded early in delivery, not bolted on at the end.

• Own oversight of GDPR compliance, ensuring appropriate governance around privacy‑by‑design, DPIAs/assessments where required, incident readiness, and third‑party processing risk.
• Partner with Product, Engineering, and Info Sec to ensure privacy and security controls remain effective and auditable.

• Provide senior ownership of ISO 27001 certification maintenance and audit readiness, ensuring governance, internal…