Head of Compliance – Job Description
Department: Compliance & Security
Reports To: Head of Compliance and Security
Location: Hybrid, UK (London)
Role Purpose:
As Head of Compliance, you will lead the enterprise compliance strategy and ensure that the organisation meets all regulatory, contractual and internal control requirements across our data-center campuses and corporate environment. You will oversee regulatory compliance, policy management, internal controls, audit readiness, third-party assurance, data governance alignment and risk management. This role ensures the compliance framework strengthens operational resilience, protects the organisation from sanctions and reputational risk, and supports customer trust and market differentiation.
Key Responsibilities:
Strategy & Governance:
* Define the enterprise compliance strategy, roadmap and operating model; align to ERM, security and resilience frameworks.
* Develop and maintain the compliance management system, ensuring governance across all business units.
* Set compliance KPIs and coordinate reporting to executive and board-level committees.
* Ensure policies and procedures remain current, effective and aligned with regulatory expectations.
Certification & Regulatory Management:
* Own compliance across relevant regulatory frameworks (e.g., NIS2, GDPR, environmental and energy reporting obligations, critical infrastructure rules) with support from departmental leaders.
* Own compliance across company certifications such as ISO standards, PCI DSS, SOC1 and SOC2.
* Monitor emerging regulations across the UK, EU and global markets; provide impact assessments and implementation guidance. Includes working alongside Legal developing and managing the Verne registers.
* Lead engagement with regulators, auditors and external bodies.
Audit, Controls and Assurance
* Lead internal and external audit programs and ensure evidence, findings and remediation actions are managed effectively.
* Maintain internal control frameworks, including RACI documents, control inventories, testing schedules and corrective action plans.
* Coordinate compliance assurance activities across Verne and support InfoSec, ESG, H&S, Development and Operations.
* Lead and support case management across the company, including incidents, corrective actions plans, risk control plans and maintaining the Compliance Tracker.
Policy, Risk & Incident Management
* Own the compliance policy framework combined with supporting ESG efforts across ethics, anti-bribery, anti-corruption, conflicts of interest, supplier conduct and data governance.
* Maintain the enterprise risk register and ensure alignment with all risk owners.
* Partner with InfoSec, Safety, ESG, Legal, Development and Operations on incident investigations, reporting requirements and regulatory notifications.
Vendor and Customer Compliance
* Support Procurement with supplier compliance due diligence across high-risk categories.
* Support customer audits, RFP responses, contract negotiations and compliance-related queries.
* Ensure compliance clauses and obligations are embedded into supplier and customer contracts In partnership with Legal.
Training and Culture
* Develop and maintain compliance training programs across ethics, code of conduct, security, data handling and operational obligations.
* Embed a culture of compliance and accountability across all departments.
Leadership & Budget
* Build and lead a high-performing compliance team across regions.
* Secure and manage budgets for audits, legal support, training and compliance systems.
* Influence senior stakeholders to ensure compliance integration into business decisions.
Required Qualifications & Experience:
* Bachelor's degree in a relevant subject or similar experience and professional certification required. Master's degree or level 7 equivalent preferred.
* 10+ years of progressive management experience In Compliance and/or related disciplines.
* 5+ years compliance leadership experience within data centres, critical infrastructure, telecoms, financial services or similarly regulated industries.
* Strong understanding of regulatory frameworks including GDPR, NIS2 and critical-infrastructure requirements.
* Strong understanding and proven delivery of maintaining certification schemes such as ISO standards, PCI DSS, SOC1 and SOC2.
* Experience working with audit bodies, regulators and external assurance providers.
* Knowledge of operational processes across DC environments, including security, H&S and ESG intersections Is seen as a plus.
* Relevant Industry certifications, memberships and auditor status expected or willingness to achieve.