Senior Director - Risk & Compliance

Join us on our mission to make a better world of work. 

Culture Amp is the world’s leading employee experience platform, revolutionizing how 25 million employees across more than 6,500 companies create a better world of work. Culture Amp empowers companies of all sizes and industries to transform employee engagement, drive performance management, and develop high-performing teams. Powered by people science and the most comprehensive employee dataset in the world, the most innovative companies including Canva, On, Asana, Dolby, McDonalds and Nasdaq depend on Culture Amp every day.

Culture Amp is backed by leading venture capital funds and has offices in the US, UK, Germany and Australia. Culture Amp has been recognized as one of the world’s top private cloud companies by Forbes and most innovative companies by Fast Company.

For more information visit cultureamp.com.

How you can help make a better world of work

The Senior Director, Risk & Compliance will lead and strengthen our enterprise-wide risk and compliance strategy and operational execution. You will embed a culture of risk awareness, operational resilience, and legal/regulatory compliance, supporting Culture Amp in achieving business outcomes and maintaining stakeholder trust.

You will ensure our frameworks, policies, and controls align with global standards (such as GDPR, SOC 2, ISO 27001, and ISO 42001) and regulatory obligations, while enabling innovation (including responsible development of AI capabilities). This role partners closely across the executive, board, and functional leadership to set appetite, monitor, mitigate and report on key risks, and drive continuous improvement.

Success in the Role Means

Culture Amp maintains robust risk management practices supporting innovation (including AI) and operational resilience.  Key risks are systematically identified, monitored, mitigated, and reported; appetite and tolerance are transparent. The company receives and retains relevant certifications and achieves regulatory compliance. Risk awareness and a compliance culture are embedded across all levels of the organization.

The Key Responsibilities Are

• Own and continuously evolve Culture Amp’s Risk Management Framework, ensuring our risk practices, appetite statement, and controls underpin strategic objectives, regulatory expectations, and stakeholder trust. 
• Facilitate forums and practices that effectively govern risk (ie Board and Management Risk Management Committees); drive regular forums for senior leadership to validate and monitor company-wide risks, including strategic, operational, financial, technology, and regulatory risks. Develop reporting packs for the Finance, Audit and Risk Governance Board sub-committee and the Board, ensuring transparency on key risks, compliance obligations, and risk-based decisions. 
• Collaborate with the functional risk owners to identify, assess, and prioritise risks across the organisation, including financial, operational, cybersecurity, artificial intelligence, and reputational risks.  Maintain oversight of risk registers and support functional risk owners to drive remediation plans including cost-benefit analysis, in line with appetite and tolerance. 
• Partner across the business (customer, product, ops teams) providing advice on the risk implications for emerging technology (e.g., Agentic AI, etc.), ensuring products and services are aligned to customer and regulatory obligations and within risk tolerance settings. 
• Oversee corporate compliance obligations including Camper training and tracking, ensuring staff complete mandatory requirements and are equipped to identify and respond to evolving threats (e.g., cybersecurity, fraud, business resiliency events). 
• Lead business resiliency and business continuity practice including documenting and maintaining supporting documentation, continuous improvement, and conducting at least annual simulations.
• Foster a risk-aware culture throughout the organisation by promoting risk management education and awareness.

What you’ll bring to Culture Amp:

• 10+ years in risk management and compliance with at least 5 years experience in a leadership role
• Track record leading risk and compliance for a high-growth, multi-national AI-led technology business (ideally SaaS/platform) 
• Familiarity with effective application of risk management frameworks in technology/AI platform development and industries with privacy and data protection obligations.
• Proven leadership building cross-functional risk forums/committees, delivering commercial outcomes in a risk-empowered context. 
• Strong knowledge of auditing standards (e.g. IIA Standards), risk management frameworks (e.g. ISO 31000), and compliance requirements (e.g. SOC 2, ISO 27001, GDPR)
• Experience in developing, implementing, and managing an Enterprise Risk Management (ERM) program in alignment with organisational objectives
• Extensive background in ensuring compliance with laws, regulations, and standards like GDPR, SOC 2, ISO 27001, and industry-specific regulations
• Experience with global operations, understanding the differences of compliance and risk management in different regulatory environments
• Strong ethical leadership, particularly in handling sensitive information and decisions with integrity

We believe that our employees are the heartbeat of our success. We're committed to fostering a work environment that truly cares for and develops its people, and creates lasting positive impact. In addition to providing a competitive compensation package, some of the key benefits we offer are: 

• Employee Share Options Program: We empower you to be an owner in Culture Amp and share in our success
• Programs, coaching, and budgets to help you thrive personally and professionally
• Access to external providers for mental wellbeing and coaching support to sustain the wellbeing, safety and development of our people
• Monthly Camper Life Allowance: An automatic allowance paid out each month with your pay - you can spend it however you like to help improve your experience and life outside work
• Team budgets dedicated to team building activities and connection
• Intentional quarterly wellbeing pauses: A quarterly company-wide shutdown day in each region to to collectively pause, reset and focus on restoration and rest, without having to tap into individual vacation time
• Extended year-end breaks: An extended refresh period at the end of year
• Excellent parental leave and in work support program available from day 1 of joining Culture Amp
• 5 Social Impact Days a year to make a positive impact on the community outside of work
• MacBooks for you to do your best & a work from home office budget to spend on setting up your home office
• Medical insurance coverage for you and your family (Available for US & UK only) 

Additionally, we don't just focus on our internal community; we believe in creating a better world of work for all. We're committed to diversity, equity, and inclusion, with Employee Resource Groups and ally communities in place. 

We have a strong commitment to Anti-Racism, and endeavor to lead by example. Every step we make as a business towards anti-racism is another step we can take to support our customers in making a better world (of work). You can see our current commitments to Anti-Racism here.

Please keep reading...

Research shows that candidates from underrepresented backgrounds often don't apply for roles if they don't meet all the criteria – unlike majority candidates meeting significantly fewer requirements.

We strongly encourage you to apply if you’re interested: we'd love to know how you can amplify our team with your unique experience!

If you decide to apply, as part of your application, we will ask you to complete voluntary diversity questions (excluding roles in Germany). These questions are completely optional, but your participation truly helps. By sharing this anonymous information, you support our efforts to build a more inclusive and equitable hiring process—and help us hold ourselves accountable to that commitment. Your responses are entirely confidential and will not impact hiring decisions.

If you require reasonable accommodations or adjustments due to a disability to complete the online application or to participate in the interview process, please contact accommodations@cultureamp.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly. Culture Amp will retain your CV & personal information for a period of two years (four years for the US) from the date of your application process completion. Culture Amp may contact you in relation to future job opportunities during this time period. For further information please see our privacy policy here or contact privacy@cultureamp.com.