
GetGround · London
We're looking for a Compliance and Risk Lead to be the hands-on engine of GetGround's compliance function, owning the day-to-day delivery of our regulatory obli...
We're looking for a Compliance and Risk Lead to be the hands-on engine of GetGround's compliance function, owning the day-to-day
delivery of our regulatory obligations and helping build the frameworks that keep us operating with integrity as we scale.
GetGround operates at the intersection of fintech, proptech and wealthtech, a business with a complex and growing regulatory
footprint. With £2Bn+ in assets on platform and 30,000+ users across 70 countries, our compliance obligations are significant and
expanding.
This is a role with real ownership and some people management responsibility. You'll be doing the work and leading a small team to
help deliver it. You'll be the person who makes compliance and risk happen at GetGround.
You're a hands-on compliance professional who knows how to get things done in a fast-moving, regulated environment. You bring:
finance
We know that great candidates don't always match every point on a job description. If this role excites you and you meet most of
the criteria, we'd encourage you to apply anyway.
What we are building: The first end-to-end real estate investment offering - making the dream of owning real estate more
accessible to everyone globally.
Diversity & inclusion at GetGround: We encourage applications from all sections of society and we believe in the criticality of an
inclusive culture. We are committed to equal employment opportunity regardless of race, religion or belief, ethnic or national
origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity or any
other basis as protected by law.
Month, International Women's Day and Pride
For more information on how we store your candidate data, please see our recruitment privacy policy.
Since being founded in 2018, Copper has been building the standard for institutional digital asset infrastructure with a focus on custody, collateral management, and prime services. Led by Amar Kuchinad, Copper's Global CEO, the firm provides a comprehensive suite of custody, trading and settlement solutions that reduce counterparty risk and bring greater capital and operational efficiency to digital asset markets. At the heart of Copper's offering is Multi-Party Computation (MPC) technology – the gold standard in secure custody. Copper’s multi-award winning custody system is unique in that it can be connected to centralised exchanges, DeFi applications and even staking pools without the assets leaving the custody. Built on top of this state-of-the-art custody, ClearLoop is the first solution in the market that overcomes a growing industry challenge; counterparty risk with exchanges. This solution underpins a full prime services offering, connecting global exchanges, and enabling customers to trade and settle directly from the safety of their MPC-secured wallets. By reducing settlement time for transfers to a few milliseconds (without blockchain network dependency) and offering enhanced security measures, ClearLoop is rapidly reshaping the way asset managers trade and manage capital. In addition to industry-leading security certifications, Copper has one of the strongest insurance coverages in the industry from an A+ rated insurer, positioning the firm as the partner of choice for institutions seeking to safeguard their assets. Department/Team Purpose: Copper provides institutional digital asset custody, settlement, and collateral management services across a wide range of blockchains and integrated venues. Information Security protects the firm's platforms, client assets, and regulated entities across the group. Role Purpose: The Principal Security Architect is the senior technical authority for security architecture at Copper. The role reports to the CISO and partners closely with Engineering. The holder sets architectural direction, reviews and approves designs for major change, and acts as the firm's reference point on the security of the systems, protocols, and integrations Copper depends on. The role is predominantly architecture and assurance, with limited hands-on solution design in the cloud and integration space where reference patterns are needed. Key Responsibilities: Architectural authority * Hold formal security sign-off authority for major changes to Copper's platforms, infrastructure, and integrations. * Shape and maintain the security architecture patterns, principles, and reference designs that engineering teams build against. * Provide the senior technical security position in architectural and business decisions, including escalations where security and delivery pressures conflict. Custody, signing, and cryptographic architecture * Provide architectural security leadership over Copper's signing infrastructure, working alongside specialist engineering and cryptography teams. Scope covers the people, process, and operational design around MPC-based signing. Solid conceptual grounding in threshold cryptography and signature schemes is required; cryptographer-level work is not. * Review and approve changes to transaction construction, signing flows, approval policy, and key lifecycle operations. * Provide architectural assurance over chain-of-trust constructs adjacent to custody, including verifiable build pipelines, hardware-backed code signing, and authenticator-bound administrative paths. Multi-chain and integration security * Reason at architectural depth across the range of blockchains Copper supports, including EVM, UTXO, and account-based non-EVM families. This requires a working understanding of transaction construction, signing semantics, consensus assumptions, and validator and staking models across these environments, without being a protocol engineer in any of them. * Assess third-party smart contract architectures, implementations, and audit reports to a level sufficient to understand the exploit and risk surface, without performing line-by-line code review. * Review first-party integrations with partner networks, including those underpinning staking and similar on-chain participation, and form a defensible security position on the operational and contract risk Copper inherits. Settlement, collateral, and off-exchange architecture * Provide architectural ownership of the security model for Copper's settlement, collateral mirroring, and off-exchange product surfaces. * Reason about the trust boundaries between Copper, venues, and clients, and ensure architectural controls match the obligations each side carries. Identity and access architecture * Own identity and access architecture as a dedicated pillar of the role. * Set patterns for workforce, workload, and third-party identity across Entra ID, federated SSO, OAuth2 / OIDC, SAML, and modern authenticators. * Govern entitlement design, privileged access, and access models for contractors, vendors, and external operators. Cloud and platform security * Maintain working architectural fluency in both AWS and Azure, including network topology, segmentation, secrets handling, and platform telemetry. * Produce reference patterns and, where needed, direct integration designs in the cloud and platform space. Third-party and protocol risk * Lead technical security review of vendors, integrated venues, and protocols, including challenge of assurances that do not stand up to scrutiny. * Support client and counterparty due diligence on the technical content most likely to be misrepresented or under-specified. Policy, regulatory, and assurance support * Maintain a working understanding of the regulatory regimes applicable to Copper's licensed entities sufficient to translate architectural decisions into language Compliance and GRC can defend. Primary ownership of regulatory positioning sits elsewhere. * Contribute to security policy, standards, and control framework development as the senior technical reviewer. * Participate in resilience exercises and incident reviews where architectural input materially shapes the outcome. Skills and Experience: Essential * Multi-chain architectural literacy. Able to reason across EVM, UTXO, and non-EVM account-based chains at the level of transaction construction, signing, consensus, and validator models. Comfortable assessing third-party smart contract designs, implementations, and audit reports for exploit and risk surface without performing code review. * Custody and signing architecture. Strong conceptual grasp of threshold signing, signature schemes, and key lifecycle. Able to design and challenge the operational architecture around signing, separation of duties, approval policy, key ceremony equivalents in MPC, and recovery, to a high standard. * Settlement and collateral architecture. Demonstrable experience reasoning about settlement, collateral, and off-exchange constructs, including trust boundaries between custodians, venues, and clients. * Identity and access architecture. Senior-level experience designing and governing identity across Entra ID, federated SSO, OAuth2 / OIDC, SAML, and modern authenticators. Comfortable with entitlement governance and third-party access design. * Cloud security. Working architectural understanding of AWS and Azure, including the ability to produce reference patterns and limited direct integration designs. * Architectural authority and judgement. Track record of holding sign-off on significant designs, taking defensible positions under uncertainty, and owning residual risk. * Change review and assurance. Comfortable reviewing the work of engineering peers, infrastructure changes, and vendor designs, and able to hold the line where it matters. * Communication. Able to operate credibly with engineers, senior business stakeholders, auditors, and regulators in the same week, without losing precision at any of them. Desirable * Familiarity with chain-of-trust constructs including verifiable builds, reproducible build pipelines, and hardware-backed code signing. * Awareness of the regulatory landscape relevant to digital asset custody and trading (for example FCA, FINMA, FSRA / ADGM, MiCA). * Compliance familiarity across ISO 27001, SOC 2, and NIST CSF / 800-53, with the ability to map controls cleanly between them. * Enterprise architecture grounding (TOGAF, SABSA) where it complements rather than replaces technical depth. Why Copper? At Copper, we keep innovation, openness, and curiosity at the centre of everything we do. Here, bold ideas get the spotlight, learning is constant, and diversity shapes our team from the ground up. Jump into a fast-moving, dynamic team that loves a challenge and knows how to have fun along the way. Collaboration is just as important as results—you’ll be surrounded by smart, driven colleagues in London and across our APAC, Switzerland, UAE, and US offices. Hybrid working model – we believe in the value of bringing people together and at the same time we embrace the adaptability of flexibly working. Diversity and inclusion matter to us – they’re woven into Copper life. From employee-led groups like Women at Copper to a committee focused on community and wellbeing, you’ll have a network that supports you from day one. Everyone voice matters. If you’re looking to ramp up your career, or keen to do something new in your field, with us, you’ll keep moving forward. Ready to make your mark, keep growing, and join a supportive, dynamic team? Copper’s the place. The interview process at Copper Our interview process is designed to be thoughtful, efficient, and engaging. While specific steps may vary slightly depending on the role, the typical journey includes: 1. Initial Screening A brief conversation with our Talent Acquisition team to explore your background, motivations, and alignment with the role. 2. Technical Interview A virtual session conducted via Microsoft Teams, where you'll engage with team members to discuss relevant skills, problem-solving approaches, and technical experience. 3. In-Person Interview A conversation focused on team dynamics, collaboration style, and any final technical questions. This may be with cross-functional peers or leadership. Additional steps may be added based on the role's complexity or seniority. We aim to keep the process transparent and respectful of your time. Benefits In return for everything you can bring to Copper, we can offer you an exciting, challenging role in a fast-growing and dynamic business, with career opportunities and welcoming working environment. Some of our key UK benefits are highlighted below: * Paid Time Off - A minimum of 35 days of paid time off per year, inclusive of annual leave and public holidays. Employees also receive one additional day of annual leave for each year of service. * Comprehensive Medical Insurance - Inclusive of dental, optical, audiology, and mental health coverage, with medical history disregarded * Life Insurance * Enhanced Pension Contributions - Includes an enhanced employer matching contribution * 24/7 Employee Assistance Programme (EAP) If you think you have everything we're looking for and more, then we'd love you to apply for the opportunity. Copper is an equal opportunity employer. We embrace diversity and equal opportunities in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be. So, bring us your experience, perspectives, and skills. It is in our differences that we will continue to grow and ensure Copper is transforming how institutional investors engage with digital assets. Copper is a Disability Confident Employer, please let us know if you have a disability. If you require us to provide any assistance during the recruitment process, then we would ask you to highlight this to us and we will be happy to accommodate.
We’re Capital on Tap 👋 💳 Capital on Tap started because small businesses were underserved. Big banks were slow, their products weren't fit for purpose, and small business owners often couldn't access what they needed. We set out to fix that. Today we're a financial platform - not just a credit card company. We offer a best-in-class business credit card, SME-focused spend management platform, a savings product that hit £1 billion in funds within its first year, and a growing suite of tools and financial products that make running a small business easier. 1,000+ employees, £20bn in annual card spend, 200,000+ customers, 17,000+ Trustpilot reviews averaging 4.7 stars, and we're profitable. We’ve done a pretty good job so far, but we’re just getting started! 🏡🏢This is a Hybrid role, with a minimum of 3 days a week in our London office. Risk & Compliance at Capital on Tap The Risk & Compliance team is the second line of defence at Capital on Tap, working at the intersection of regulation, product and business growth. As our Risk Manager, you'll lead the design and delivery of our risk management framework, working closely with the UK Compliance Director and Risk Owners across the Leadership Team. The Role This is a senior leadership role for someone who is energised by building forward-looking risk frameworks that inform decisions, not activity registers that sit on a shelf. The ideal candidate will have significant expertise in enterprise risk management within FCA-regulated firms, technical fluency, and take a pragmatic, problem-solving and risk-based approach. What You’ll Be Doing * Strategic Risk Leadership: Serve as the primary second-line risk lead, providing senior leadership with a forward-looking, decision-useful view of risk as the business scales. * Framework Ownership: Own and refresh the Enterprise Risk Management Framework ensuring the three lines of defence design fits a growing FinTech. * Risk Taxonomy & RCSAs: Re-baseline the Risk Taxonomy with Risk Owners to reflect the current business, and work collaboratively with them to refresh risk assessments and risk appetites. * KRIs & Risk Reporting: Work with Risk Owners to build live KRI dashboards and support reporting to the Risk Committee. * Risk Systems & Data: Responsible for transitioning to a GRC platform. * Stress Testing & Wind-Down: Lead the annual wind-down plan refresh aligned to FCA WDPG and the CASS 10A resolution pack. * Governance Support: Support Risk Committee Charter and Terms of Reference refresh. * Independent Assurance: Partner with Internal Audit and third party assurance providers to shape an independent assurance plan aligned to where the residual risks actually sit. * Business Enablement: Provide thoughtful, business-minded second line challenge to product launches, partner-bank changes and AI implementations. * Risk Culture: Support the risk culture across the business by engaging Risk Owners on impact classification and risk-owned RCSAs, embedding risk thinking into business-as-usual decisions. We’re Looking For * Deep Regulatory Expertise: Comprehensive working knowledge of FCA SYSC 4, 6 and 7, the EMD/PSD regime, FCA WDPG and CASS 10A, with the ability to interpret complex requirements and provide pragmatic business guidance. * Framework Design Experience: Hands-on experience designing or refreshing an Enterprise Risk Management Framework: taxonomy, appetite, KRIs, RCSA methodology and Risk Committee reporting. * FinTech / Payments Background: Proven experience in an FCA-regulated firm in the EMI, payments, banking or FinTech space, with an understanding of partner-bank concentration risk in card and payments models. * Forward-Looking Reporting: Track record of building effective risk reporting. * Stress Testing & Wind-Down: Practical experience embedding stress testing, reverse stress testing and wind-down planning at firm level. * Senior Stakeholder Influence: Confident providing independent challenge at Director and C-suite level, building constructive relationships while holding the second line. * Urgency & Business Focus: Demonstrated ability to work at pace in fast-moving environments, with the appetite to build at speed - the framework exists, it needs maturing fast as the business scales. * Strong Written Communication: Excellent written communication for papers, Risk Committee briefings and Board notes, with the ability to translate technical risk into business decisions. Nice to Have * GRC Platform Experience: Experience evaluating or implementing a GRC platform. * AI & Operational Resilience: Exposure to AI risk management and operational resilience under FCA expectations. * Professional Qualifications: A recognised risk qualification such as IRM (Institute of Risk Management), FRM (GARP), PRMIA or equivalent. Big 4 or consulting background in financial services risk also welcome. Diversity & Inclusion 🌈 We welcome, consider and encourage applications from anyone who shares our commitment to inclusivity. Join us in creating a space where authenticity thrives, and everyone can do their best work. Great Work Deserves Great Perks We try not to take ourselves too seriously (all the time) so we make sure our office is decked out with a pool table, arcade machine, beer tap, and a couple of office dogs thrown in for good measure. Check out our benefits: 🏥 Private Healthcare including dental and opticians services through Vitality ✈️ Worldwide travel insurance through Vitality ❤️ Access to a women's health platform via Hertility 🎁 Anniversary Rewards (£250, £500, £750, 4-week fully paid sabbatical) 👛 Salary Sacrifice Pension Scheme up to 7% match 🏖️ 28 days holiday (plus bank holidays) 📖 Annual Learning and Wellbeing Budget 👪 Enhanced Parental Leave 🚲 Cycle to Work Scheme 🚂 Season Ticket Loan 💬 6 free therapy sessions per year 🐶 Dog Friendly Offices 🍫 Free drinks and snacks in our offices Check out more of our benefits, values and mission here. Other Info 👍Check out our ‘Top Tips’ for interviewing. ✔️Keep updated on new job opportunities by following us on Linkedin. 📧Email careers@capitalontap.com if you have any questions. Excited to work here? Apply! If you’d like to progress your career within our fast growing, profitable fintech then click apply and we will aim to get back to you within 3 working days (during busy periods this could take up to 5 working days.)
Hello. We’re Teya. Teya was founded on a simple belief: local businesses deserve better. They are the cafés, restaurants, salons, shops and entrepreneurs that bring character to our high streets, create jobs and keep communities moving. Yet for too long, financial services has made life harder for them - with clunky tools, poor support and complexity that gets in the way of running a business. Teya exists to change that. We’re building a financial platform for local businesses across Europe - one built around simple tools, thoughtful design and real human support. Our Members rely on us to help them run their business with confidence, and that responsibility shapes the way we work. We move fast. We care about quality. We stay close to the detail. And we believe great performance and genuine hospitality should go hand in hand. If you want to build meaningful products, solve real problems and make a genuine difference for local businesses, we’d love to hear from you The Outsourcing and Third Party Risk Management (TPRM) Lead is responsible for running Teya’s day-to-day outsourcing and third party risk activities within the first line of defence, ensuring Teya meets its regulatory obligations and manages the risks arising from its use of external providers. The role owns the operational execution of the TPRM framework across the business, including due diligence, ongoing monitoring, contract risk review, and the maintenance of Teya’s outsourcing and ICT third party registers. You’ll be the go-to person for business owners managing third party arrangements, working closely with Procurement, Legal, Information Security, Compliance, and Operational Risk. You’ll be comfortable in a fast-paced environment and able to balance multiple competing priorities. Key Objectives * Drive the continuous improvement of TPRM and outsourcing processes, controls, and tooling, with a focus on risk-based prioritisation and proportionate due diligence. * Own and maintain Teya’s outsourcing register and ICT third party register, ensuring all critical or important arrangements are correctly classified and recorded in line with EBA Guidelines on Outsourcing, DORA, and FCA/PRA expectations. * Act as the first point of contact for business owners on third party risk matters, supporting them through onboarding, risk assessment, contract review, and ongoing monitoring. * Coordinate due diligence across information security, data protection, financial crime, business continuity, and concentration risk, working with subject matter experts to produce a single view of third party risk. * Run the ongoing monitoring programme, including performance reviews, control attestations, incident tracking, and periodic re-assessments of material third parties. * Produce management information and reporting for senior governance forums, flagging emerging risks, control gaps, and remediation progress. * Partner with Compliance and Operational Risk (2LOD) to ensure framework changes, regulatory updates, and findings are translated into operational practice. * Support regulatory submissions, audits, and supervisory engagement on outsourcing and ICT third party matters. Job Requirements * A minimum of 3 years of experience in outsourcing or third party risk management within a regulated financial services environment (payments, e-money, banking, or similar). * Working knowledge of the EBA Guidelines on Outsourcing Arrangements and DORA * Experience running due diligence and ongoing monitoring across material third parties, including critical or important outsourcing arrangements and ICT services supporting critical or important functions. * Highly organised, with strong attention to detail and the ability to manage a large portfolio of third parties simultaneously. * A pragmatic, risk-based mindset. You see the role of 1LOD as enabling the business to move quickly and safely, not blocking it. You can hold the line on real risks while finding sensible paths through. * Comfortable building with AI. You use AI tooling in your day-to-day work — for due diligence summarisation, drafting, evidence review, data extraction — and you actively look for ways to apply it to reduce manual effort across the third party lifecycle. * Bias to action. You'd rather ship a working v1 of a process or template and iterate than spend months designing the perfect framework. * Commercial awareness. You understand that every third party relationship has a business purpose, and you can have a credible conversation with engineers, product owners, and commercial leads about trade-offs rather than just citing policy. Desirable * Experience implementing or working with TPRM tooling (e.g. Aravo, Prevalent, OneTrust, ProcessUnity). * Experience supporting DORA implementation across a financial services firm, including ICT register builds and contractual remediation programmes. * Familiarity with operational resilience frameworks and the identification of important business services. Teya is proud to be an equal opportunity employer. We are committed to creating an inclusive environment where everyone regardless of race, ethnicity, gender identity or expression, sexual orientation, age, disability, religion, or background can thrive and do their best work. We believe that a diverse team leads to better ideas, stronger outcomes, and a more supportive workplace for all. If you require any reasonable adjustments at any stage of the recruitment process whether for interviews, assessments, or other parts of the application—we encourage you to let us know. We are committed to ensuring that every candidate has a fair and accessible experience with us.