Risk and Compliance Lead
Listed on 2026-07-16
-
IT/Tech
Location: Hybrid / Manchester, UK
job type: Permanent / Full-time
Sector and subsector: Finance & Legal | Risk Management
Salary: Negotiable salary
Conferma is a global payment technology company who combine innovation and expertise to push the boundaries of what can be achieved in the world of virtual payments. We were created in 2005 and were more recently acquired by Sabre, with additional investment from Mastercard. Over the past decade, the Conferma ecosystem has grown, enabling us to become the world’s largest payments platform for virtual cards.
We’ve engineered connectivity to over 90 of the world’s best commercial card partners, over 400 travel management companies and over 150 travel technology partners. Every day, our team members work together to make it easier for travellers to connect with people and places. Our teams include passionate people dedicated to providing an environment that encourages partnership, a place where you feel like you belong, and where you are empowered to succeed.
We look forward to having you join our journey – and seeing how far we can go, together!
The position:
At Conferma, our continued success lies in ensuring our policies, procedures and regulations comply with the highest industry standards and meet our customers' needs and expectations. We're seeking an experienced Risk & Compliance Lead to drive our enterprise approach to compliance, data protection, operational resilience, and risk management. This role will lead the design, implementation, and continuous improvement of Enterprise frameworks, policies, and training to ensure compliance with evolving UK, EU and global regulatory requirements.
As a senior risk and compliance leader, you will act as a strategic partner to the business, collaborating across all Conferma teams, to embed practical, risk-based controls that support growth and innovation while protecting Conferma and our clients. Strong communication, stakeholder engagement, and the ability to translate complex regulatory requirements into actionable business guidance are essential.
This role will work alongside the information security GRC function as well as risk owners across the business.
You'll be responsible for:
- Own and maintain the Enterprise Risk Universe and enterprise risk register.
- Lead the development and enhancement of Enterprise Risk Management, Operational Resilience, and Data Protection frameworks.
- Ensure compliance with UK, EU, and global privacy, security, and regulatory requirements.
- Provide expert guidance on risk, compliance, regulatory change, AI governance, and third-party risk.
- Oversee customer audits and drive continuous improvement of controls and governance.
- Identify, assess, and monitor strategic and operational risks across the business.
- Provide second‑line oversight of cyber, AI, vendor, and emerging risks.
- Produce high‑quality risk reporting and insights for senior leadership.
- Build strong stakeholder relationships to embed risk ownership and accountability.
- Design and deliver risk and compliance training, promoting a positive risk culture.
- Drive continuous improvement across risk, governance, and compliance practices.
You will have:
- Experience in risk, compliance, operational resilience or a related field (fintech or payments experience strongly preferred).
- Strong understanding of technology, cloud, data management, and operational risk.
- Proven experience designing and embedding risk and compliance frameworks in a fast‑paced environment.
- Exceptional analytical, problem‑solving, and communication skills.
- Experience partnering with senior stakeholders and influencing decision making.
- Expertise in UK and EU data protection laws (UK GDPR, EU GDPR), UK operational resilience regulation, cyber‑security expectations, and AI governance trends. (Desirable)
- A working understanding and awareness of cyber‑security risk sufficient to provide effective second‑line oversight in a fintech environment. (Desirable)
You are:
- Forward thinking and creative: strong business acumen, particularly in determining the significance of data privacy, risk and matters and effectively minimising risks.
- A collaborator: building relationships across teams and…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).