Head of Compliance

Head of Compliance

London (Westminster) • Hybrid • Full-time

Arqit is a global pioneer in post-quantum cryptography: we provide a proven defence against both current cyber dangers and impending quantum threats. Our global team describe Arqit as providing a positive, inclusive and high-performing working environment, where employees feel that managers care about the success and well-being of their teams, individuals feel valued as employees and teams achieve more than they thought possible, together.

We have brought together a world-leading team of pioneers in engineering and cryptography, and we now have an opportunity for a Head of Compliance to lead our compliance function. As a key member of the Operations team, you will ensure our company adheres to regulatory standards, industry best practices, and internal policies. This includes overseeing our ISO 27001 certification, risk management framework, GDPR compliance, export controls, and internal auditing processes. You will play a crucial role in maintaining the integrity of our operations as we continue to grow and expand globally.

The Role

This is a senior, hands-on role offering the chance to build and run the Risk and Compliance function at Arqit — writing and maintaining policy documentation, conducting internal audits, managing certification processes, and driving corrective actions through to completion.

As a key member of the Operations team, you will ensure the company adheres to regulatory standards, industry best practices, and internal policies across our UK and US operations. You will be the authoritative voice on compliance matters, with the credibility and technical depth that comes from a background in a Defence Prime or similarly regulated environment. This background is important: Arqit operates in a defence and national security context, and you will need to understand that landscape from the inside.

You will be based close to Westminster, with considerable flexibility around working from home.

What You Will Be Doing

ISO 27001 & ISO 9001 Compliance and Internal Auditing

• Own and maintain both ISO 27001 and ISO 9001 certifications end-to-end, including all documentation, surveillance audits, and recertification cycles
• Plan and personally conduct internal audits, produce findings reports, and see corrective actions through to closure[B1]
• Drive continuous improvement across the ISMS and QMS, ensuring both frameworks remain genuinely operational rather than paper exercises

DCC Certification (UK) and CMMC (US)

• Take ownership of the company’s Defence Cyber Certification (DCC) programme in the UK, managing assessment readiness, evidence gathering, and remediation activities
• Lead the Cybersecurity Maturity Model Certification (CMMC) process for the company’s US operations working alongside our consultants, including gap analysis, practice implementation, and preparation for third-party assessments
• Own the recertification process for Cyber Essentials and Cyber Essentials Plus
• Stay current on evolving requirements under both frameworks and ensure Arqit’s controls and documentation always remain assessment-ready

Risk Management

• Develop, own, and actively maintain the company’s risk management framework — this includes the risk register, risk appetite statements, and reporting to senior leadership
• Identify, assess, and mitigate compliance risks across all business functions; lead risk treatment rather than raising issues for others to resolve
• Collaborate with leadership to align risk management practices with company objectives and the realities of operating in the defence and national security sector

Export Control

• Work with the Legal department and COO to own and maintain a robust framework for monitoring compliance with export licences, including ITAR, EAR, and UK strategic export controls as they apply to cryptographic technology
• Personally manage and maintain evidentiary documentation and policies required for regulatory audits
• Lead the KYC/B screening programme in collaboration with Operations, Legal, and Finance

Regulatory Compliance and Governance

• Work with relevant departments to ensure regular review and maintenance of company compliance policies, procedures, and training, ensuring adherence to legal and regulatory requirements
• Prepare and present compliance and risk reports to senior management as required
• Monitor the regulatory landscape across UK, EU, and US jurisdictions and proactively advise on changes that affect the company’s compliance posture

What We’re Looking For

Essential

• A background in a Defence Prime or similarly regulated defence/national security environment — you will understand the culture, the rigour, and the expectations that come with operating in this space
• Proven experience of working hands-on in a senior compliance role, where you have written the policies, run the audits, managed the certifications, and driven remediation.
• Hands-on experience with ISO 27001 and ISO 9001, including certification maintenance and internal auditing
• Direct experience with DCC and/or CMMC, or a clear and demonstrable plan for how you will close any gap quickly
• Strong understanding of UK, EU, US, and international regulatory environments as they apply to the business
• Exceptional communication and stakeholder management skills, with the ability to present to senior leadership
• The right to work in the UK without restrictions — this is essential; UK security clearance may be required in future

Highly Desirable

• Relevant certifications: CISM, CISSP, ISO 27001 Lead Auditor/Implementer, ISO 9001 Lead Auditor, or equivalent
• Experience testing SOX controls and leading annual SOX risk assessments
• Working knowledge of export control regulations and licensing requirements, specifically as they relate to cryptography or information security systems (ITAR, EAR, and UK strategic export controls)
• Experience working in a listed technology or cybersecurity company
• Familiarity with the UK Ministry of Defence supply chain compliance landscape