
Soho House · England
The Role.. This is a fantastic opportunity to join the Internal Audit & Risk Management (IA&RM) team at Soho House, based in our Milton Keynes located hub. You...
The Role..
This is a fantastic opportunity to join the Internal Audit & Risk Management (IA&RM) team at Soho House, based in our Milton
Keynes located hub. You will work across a wide range of areas in the UK and internationally, giving you real breadth and variety
in your role. As a trusted advisor, you will review and challenge how the business operates, support improvements to the risk
environment, and make a tangible impact during an exciting period of transformation.
What makes this role stand out is the mix of traditional audit delivery with enterprise risk management, giving you exposure to
every corner of the business from commercial operations to group functions. If you’re looking for a role that blends challenge,
variety, and the chance to influence a brand’s journey, this is it.
Our business support teams are in the office four days a week as we believe that skills are developed through collaboration, and
that spending time together makes us more creative and connected.
1. Assist in the preparation of a risk based annual audit plan. Support execution of the audit plan – perform testing on
internal controls, financial reporting controls (ICFR, SOX (if applicable), to confirm design and operating effectiveness;
assurance reviews on operations, supply chain, group functions, transformation programme, and ESG reporting.
2. Support the planning and execution of internal audits, including walkthroughs, control testing, root cause analysis for
deficiencies / findings, documentation in accordance with professional standards and internal methodologies, and timely
reporting of findings.
3. Track, monitor, and support the remediation of audit findings, process and control deficiencies, partnering with process
owners to ensure timely resolution.
4. Provide support for the documentation and implementation of new or enhanced internal controls, especially in response to
regulatory changes or system/process updates.
5. Assess adherence to company policies, regulatory requirements, ethical codes, and anti-bribery/fraud policies.
6. Assist in the maintenance and updating of risk and control matrices (RCM) across financial, operational, and IT processes.
7. Assist in the preparation of periodic audit dashboards for senior stakeholder review.
8. Assist in performing periodic fraud assessment and investigation of fraud incidents including root cause analysis, reporting
and tracking of mitigation steps to strengthen the anti-fraud environment aligned with local legislations and US and UK
legislations (UK - Anti-Bribery and Corruption Act, Corporate Criminal Offence; US – Foreign Corrupt Practices Act).
9. Support the Enterprise Risk Management (ERM) framework by assisting in regular risk assessments and "deep dives" to identify,
assess, and quantify enterprise-wide risks in business units e.g., Finance, IT, HR, Legal, Procurement, Operations, Business
Development, and other functions.
10. Partner with business units to understand risks, implement appropriate remediation /mitigation strategies and plans, track
actions to ensure timely resolution, and help embed risk management practices.
11. Assist in developing, implementing, and maintaining ERM policies, processes, and tools.
12. Assist in monitoring the Key Risk Indicators (KRIs), maintenance of the enterprise risk register and preparation of periodic
reports for senior leadership and board-level committees to support governance over key enterprise risks.
13. Work closely with the central accounting team in Milton Keynes to ensure proper documentation and completion of key
accounting activities e.g., Balance Sheet reconciliation.
14. Work and share audit methodology with guest auditors from finance and other teams across the business.
15. Work with the finance and business teams on short term assignments to enhance finance and business knowledge.
Key Qualifications & Skills
1. Professional qualification (ACA, ACCA, CPA or IIA).
2. 3–5 years of experience in internal audit, SOX testing, internal controls testing within finance, operations, IT environments
(ITGC), or risk management.
3. Strong understanding of risk management, internal controls, and auditing principles.
4. Proficiency in audit methodologies, testing approaches, and documentation standards.
5. Familiarity with risk and control matrices (RCMs), remediation tracking, and control design assessment.
6. Excellent analytical skills with the ability to identify risks and recommend improvements to risk mitigation.
7. Previous experience in hospitality is desirable but no essential.
8. Strong communication and collaboration skills, with the ability to engage with process owners and senior stakeholders.
9. Problem-solving, critical thinking, and attention to detail.
10. Proficiency in MS Office.
11. Willingness to travel from time to time (20%).
Benefits…
Soho House offers competitive compensation packages that feature global benefits and perks. Whether you’re seeking entry-level
employment or a new opportunity to expand your profession, we offer training to develop the technical and managerial skills
necessary to grow your career.
to inspire and educate.
more
can sign up to.
WHAT’S IN IT FOR YOU? Ready to make a serious impact? Millions of people already rely on Calendly, and we’re still in the midst of exciting product growth — it’s a fantastic time to join us. Everything you’ll work on here will accelerate your career to the next level. If you want to learn, grow, and do the best work of your life alongside the best people you’ve ever worked with, then we hope you’ll consider allowing Calendly to be a part of your professional journey. About the team & opportunity Our Compliance and Risk team is a strategic partner that enables the business to grow securely and responsibly. We work across Engineering, Security, Product, Legal, HR, and Business Operations to build scalable compliance and risk programs that support innovation while maintaining customer trust. As a Senior Compliance and Risk Analyst, you will own and mature our compliance program, ensuring the organization maintains certifications such as SOC 2 and ISO 27001 while building scalable, automated processes that support a rapidly growing SaaS business. This is a high-impact role for someone who enjoys both strategy and execution. You'll design and operationalize controls, strengthen our common controls framework, optimize compliance automation, and embed compliance into business processes and product development. Beyond maintaining audit readiness, you'll help shape how compliance evolves as the organization grows, driving continuous improvement and fostering a proactive culture of risk management. A day in the life of a Senior Compliance and Risk Analyst * Own and manage the organization's compliance program, including SOC 2 and ISO 27001 readiness, certification, and ongoing maintenance. * Develop and execute a compliance roadmap aligned with business objectives, regulatory requirements, and organizational risk appetite. * Lead internal and external audits by coordinating evidence collection, managing auditor relationships, and driving timely remediation of findings. * Monitor changes in regulatory and industry frameworks, assessing their impact on the organization's compliance program. * Own the enterprise risk management process, including risk identification, assessment, treatment planning, and ongoing monitoring. * Conduct periodic risk assessments and partner with stakeholders to identify control gaps and prioritize remediation activities. * Develop and present compliance metrics, risk dashboards, and executive reports for senior leadership. * Design, document, and improve internal controls aligned with SOC 2, ISO 27001, and other applicable frameworks. * Lead control testing, including evidence collection, effectiveness validation, remediation tracking, and continuous improvement. * Expand and mature the organization's common controls framework to support evolving compliance requirements. * Administer and optimize compliance automation platforms, improving workflow efficiency and reducing manual effort. * Perform User Access Reviews (UARs) and support continuous compliance monitoring through automation and reporting. * Partner with Engineering, Security, Product, Legal, HR, and Operations to integrate compliance into business processes and product development. * Develop training, playbooks, and self-service resources that empower teams to meet compliance requirements efficiently. * Manage multiple compliance initiatives simultaneously while ensuring projects remain on schedule and stakeholders stay informed. What do we need from you? * 5+ years of experience in compliance, risk management, audit, or Governance, Risk, and Compliance (GRC) roles within a technology or SaaS environment. * Experience owning or leading compliance programs supporting frameworks such as SOC 2 and ISO 27001. * Working knowledge of security and privacy frameworks including NIST, ISO 27001, GDPR, and HIPAA. * Experience administering compliance automation platforms such as Drata, Vanta, Tugboat Logic, or similar solutions. * Experience performing User Access Reviews (UARs) using GRC or compliance automation platforms. * Strong understanding of internal controls, risk assessment methodologies, and audit processes. * Demonstrated ability to manage multiple initiatives and deliver results in a fast-paced environment. * Excellent project management, analytical, and problem-solving skills. * Strong communication skills with the ability to translate technical and regulatory requirements into practical business solutions. * Proven ability to collaborate effectively with technical and non-technical stakeholders across the organization. Preferred Qualifications * Experience leveraging AI to improve compliance processes or automate workflows. * Experience scaling compliance programs within a high-growth SaaS organization. * Hands-on experience developing or expanding a common controls framework. * Advanced expertise configuring compliance automation platforms, including integrations, custom controls, and reporting. * Familiarity with additional compliance frameworks such as PCI DSS, FedRAMP, or other industry standards. * Experience developing compliance training, awareness programs, or self-service enablement resources. * Professional certifications such as CISA, CRISC, CISSP, CCSK, or equivalent. Tier 1 Salary Hiring Range $198,238—$233,221 USD Tier 2 Salary Hiring Range $181,718—$213,786 USD Tier 3 Salary Hiring Range $165,198—$194,351 USD The ranges listed above are the expected annual base salary for this role, subject to change. Calendly takes a number of factors into consideration when determining an employee’s starting salary, including relevant experience, relevant skills sets, interview performance, location/metropolitan area, and internal pay equity. Base salary is just one component of Calendly’s total rewards package. All full-time (30 hours/week) employees are also eligible for our Top Performer Bonus program (or Sales incentive), equity awards, and competitive benefits. Calendly uses the zip code of an employee’s remote work location, or the onsite building location if hybrid, to determine which metropolitan pay range we use. Current geographic zones are as follows: * Tier 1: San Francisco, CA, San Jose, CA, New York City, NY * Tier 2: Chicago, IL, Austin, TX, Denver, CO, Boston, MA, Washington D.C., Philadelphia, PA, Portland, OR, Seattle, WA, Miami, FL, and all other cities in CA. * Tier 3: All other locations not in Tier 1 or Tier 2 If you are an individual with a disability and would like to request a reasonable accommodation as part of the application or recruiting process, please let your Recruiter know when first connecting with them. Calendly is registered as an employer in many, but not all, states. If you are located in Alaska, Delaware, Hawaii, Idaho, Iowa, Montana, Nebraska, North Dakota, Rhode Island, South Dakota, and West Virginia, you will not be eligible for employment. Note that all individual roles will specify location eligibility. All candidates can find our Candidate Privacy Statement here Candidates residing in California may visit our Notice at Collection for California Candidates here: Notice at Collection This role may require occasional travel for company events, team collaboration, or offsites.
Service Operations Compliance Lead I Viator About Tripadvisor The Tripadvisor Group connects people to experiences worth sharing, and aims to be the world’s most trusted source for travel and experiences. We leverage our brands, technology, and capabilities to connect our global audience with partners through rich content, travel guidance, and two-sided marketplaces for experiences, accommodations, restaurants, and other travel categories. The subsidiaries of Tripadvisor, Inc. (Nasdaq: TRIP), include a portfolio of travel brands and businesses, including Tripadvisor, Viator, and TheFork. The Service Compliance Lead ensures that Service Operations delivered to our customers by our service associates adheres to our operating processes and procedures, in relation to refunds, promotion/coupons and gestures of goodwill. They are responsible for the overall spend ensuring we are always customer first in our approach, aligned with regional customer regulations. Regular audit of our statement of work to ensure vendors deliver under our contractual obligations across our marketplace operations, for traveler, operator and partners. Identify opportunities to leverage AI technology and automate processes used within Contact Centers to adhere to operational and financial processes. Mitigate risk by conducting audits, mitigation planning, internal/external employee knowledge assessment, training and implementing security procedures. Operating in our fast-moving, and highly competitive environment, we advocate for our customers in our behaviour and decision making. At Tripadvisor we are Traveler first in all our decision making. Job Location: Hybrid This role is a hybrid position that requires 3 days per week in our London Office. Key Responsibilities: Audit and Monitoring * Performing regular audits of external BPO and internal Resolution/Experience Recovery (EcR) processes. * Monitoring of AI and Human compliance in handling of refunds, promotions and Gesture of GoodWill processes. Risk Mitigation * Investigate potential compliance breaches or complaints, report findings to CS Management * Identify BPO process gaps, assess risks, and implement corrective actions to ensure compliance * Identify Refund or Gesture of Goodwill process/policy adherence, to identify if Supplier or Vendor error * Collaborate with AI Service Lead to ensure AI tools adhere to refund/compensation service processes Policy Knowledge * Maintain working knowledge of tours & activities industry specific regulations, including consumer refund and compensation regulations * Drafting, updating, and enforcing internal refund/compensation processes to comply Regional regulations Stakeholder Management * Take the lead on collaborating with business partners * Build trusted relationships with internal business units and external vendors Reporting * Maintain audit documentation on processes and prepare compliance reports for CS Management * Maintain weekly Gesture of Goodwill spend reporting * Maintain weekly Supplier & Vendor Clawback for process/policy breach Financial Steward * Responsible for auditing Gesture of GoodWill spending * Responsible for ensuring clawback from Supplier or external vendor is accurately credited to CS-OPS P&L AI Automation * Build investment strategy to enable AI automated tooling to elevate ability audit and monitor operations * Working with CS AI Lead ensure future voice/non-voice AI-Assist remains compliant to regional regulations Minimum Qualifications & Experience: * Internal Auditor Certification/Certified Compliance Analyst * 3+ years experience in Customer Operations, Service Excellence or CX Transformation * Experience working with Global Vendor BPO Operations in an audit or risk analyst role * Gen AI Governance experience * Close-Loop resolution for process mitigation * Customer obsessed mindset, advocating for simplicity and putting yourself in the shoes of the customer Skills you should bring to the role: * Traveler first: drive exceptional value and effortless resolution service-support (essential) * Execution at speed: Challenge legacy processes, experiment, seeks to always improve (essential) * Communication: strong influencing skills with ability to articulate issues to C-Level leadership (required) * Data Driven: Strong ability to analyze data, identify trends, and resolve complex issues. Industry: Experience in a similar role within the Travel Industry (Preferred) What We Offer * Competitive compensation packages (routinely benchmarked against the latest industry data), including base salary and annual bonuses * “Work your way” with flexibility to suit your lifestyle. Tripadvisor Group takes a remote-friendly approach to collaboration across a worldwide team, with the option to join on-site as often as you’d like or as required by your team. * Flexible schedule. Work-life balance is ingrained in our culture by design. Trust and accountability make it work. * Donation matching. Give back? Give more! We match qualifying charitable donations annually. * Tuition assistance. Want to level up your career? We love to hear it! Receive annual support for qualified programs. * Lifestyle benefit. An annual benefit to spend on yourself. Use it on travel, wellness, or whatever suits you. * Travel perks. We believe that travel is employee development, so we provide discounts and more. * Employee assistance program. We’re here for you with resources and programs to help you through life’s challenges. * Health benefits. We offer great coverage and competitive premiums. * Generous referral scheme. Help us grow and be rewarded with generous awards for referring successful candidates. Our Cultural Pillars: Traveler first We exist to create value for our customer, the traveler. We enable our suppliers and partners to unlock this value. Their collective behaviors and insights are what drives us. Execution is our edge We act fast, experiment, learn from failure, iterate, and improve the solutions of tomorrow across every aspect of our business. Our execution is agile, data-driven, prioritised, and built to scale. We assume no problem is someone else’s problem and finish what can be done today, knowing tomorrow will bring fresh challenges. We succeed together The best outcomes are driven by empathic, humble, and diverse subject matter experts working toward shared goals. We collaborate relentlessly, challenge assumptions, give actionable feedback, and set each other up for success through empowered teams with a clear charter. We transparently take ownership of our growth, individually and as a team. We celebrate the quality of our effort, our learnings, and our collective achievements. We strive to create an accessible and inclusive experience for all candidates. If you need a reasonable accommodation during the application or the recruiting process, please make sure to reach out to your individual recruiter or our team at AccessibleRecruiting@tripadvisor.com. If you have any additional questions about careers at Tripadvisor you can email us at recruitment@tripadvisor.com. We have all the answers!
Vestiaire Collective is the leading global platform for desirable pre-loved fashion and a pioneer in transforming how people consume fashion. Our mission is simple: make circular fashion the norm, not the exception. Through technology, expertise, and a highly engaged global community, we enable millions of people to buy and sell fashion in a more sustainable way. Founded in Paris in 2009, Vestiaire Collective is now a globally scaled marketplace with offices in Paris, London, Berlin, New York, Singapore, and Ho Chi Minh City, and logistics hubs across Europe, Asia, and the US. Today, we are a team of around 600 people from over 50 nationalities, united by a shared ambition: to drive meaningful change in the fashion industry. Our values, Activism, Transparency, Dedication, Greatness, and Collective, shape how we build, collaborate, and grow every day. Please upload your CVs in English About the role : As a Senior Security Analyst at Vestiaire Collective, you will be part of our Security team. Your objective will be to provide a safe, secure, and trustworthy experience for our users, while safeguarding their privacy and personal data, as well as protecting our company assets and internal employees. Additionally, you will ensure compliance with regulatory requirements. This role is focused on security operations, risk, and assurance: you will be the person who keeps continuous watch over our security posture — monitoring and investigating alerts, driving vulnerabilities through to remediation, supporting incident response, and producing the evidence and metrics that demonstrate our security and compliance to auditors, regulators, and leadership. Reporting to the Head of Security, you will work alongside a talented team of security engineers and collaborate closely with engineering teams and other stakeholders such as legal, finance, and corporate IT. You will work daily with our security stack: Datadog (SIEM), SentinelOne (EDR), Upwind (CSPM), Cloudflare (WAF and Cloudflare One), and Grafana/Prometheus, on top of our AWS and GCP cloud environments. What you will do : Operate and continuously improve our security monitoring: triage and investigate alerts across our detection stack (Datadog SIEM, SentinelOne EDR, Cloudflare), tune detections to reduce noise, and escalate confirmed threats. Review and prioritize cloud security posture findings (Upwind CSPM) across our AWS and GCP environments, and drive misconfigurations through to resolution with the relevant teams. Own the vulnerability management lifecycle: consolidate findings from penetration tests, application security reviews, and our bug bounty program; validate and prioritize them; and drive remediation with engineering teams against defined SLAs. Triage incoming bug bounty submissions: reproduce and assess reported issues, determine severity, and coordinate fixes with the relevant code owners. Support incident response from detection to closure: first-line investigation, coordination during incidents, documentation, and post-incident follow-up actions. Support audit and assurance activities: prepare and maintain evidence for external audits, run periodic access reviews (joiners/movers/leavers, privileged access), and keep compliance documentation up to date. Contribute to security metrics and reporting: maintain and enrich the KPIs and dashboards (Grafana) we use to report our security posture to leadership. Assess third-party vendors and tools from a security and data-protection standpoint. Handle day-to-day security requests from across the company (reported phishing, the security inbox, employee questions) and deliver security awareness initiatives to promote a security-conscious culture. Who you are : Proven experience (3+ years) in a security analyst, SOC, or security operations role, preferably in a fast-paced startup/scaleup environment. Strong analytical and problem-solving abilities, rigorous documentation habits, and the ability to communicate clearly with both technical and non-technical stakeholders. Hands-on experience with SIEM and log analysis platforms (e.g., Datadog, Splunk, Elastic) for alert triage, threat detection, and investigation; familiarity with EDR tooling (e.g., SentinelOne, CrowdStrike) is a strong plus. Working familiarity with cloud environments (AWS and/or GCP) and cloud security fundamentals - enough to understand, prioritize, and follow up on CSPM and WAF findings. Solid understanding of vulnerability management and common application threats (e.g., OWASP Top 10) - enough to validate findings, assess real-world impact, and discuss remediation credibly with engineers. Understanding of compliance frameworks and regulations (e.g., ISO 27001, PCI DSS, SOC 2, GDPR, DSA), with the ability to translate requirements into practical controls, procedures, and audit evidence. Scripting or query skills (e.g., Python, SQL), for automating routine analysis and digging into data during investigations. Ability to adapt to a rapidly changing environment and manage multiple priorities. NICE TO HAVE: Bachelor's or Master's degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CompTIA Security+/CySA+, GIAC GCIH/GCIA, CISA, ISO 27001 Lead Auditor/Implementer) are a plus. Our Tech Stacks includes Datadog SIEM Upwind CSPM Cloudflare (WAF, One) SentinelOne AWS, GCP Grafana, Prometheus Snowflake Tableau