Tech Risk & Compliance Director [Interim]

Job description

This contract opportunity is for a Director, Tech Risk & Compliance in a hybrid setup across Europe, with travel as required, for 6 months with possible extension.

Our client is a major European FMCG group modernizing its technology organization, scaling AI-native capabilities and converging IT capabilities across European markets. As the transformation accelerates, compliance demands on the central technology function are multiplying across security, data protection, operational resilience, AI regulation, and audit readiness.

You will step in as the accountable senior leader who filters these demands and builds a coherent, prioritised agenda. Reporting directly to the European CTO, you will set the future-state vision for Tech risk and compliance, drive the transformation roadmap, and hand over a functioning Risk and Compliance operating model to a permanent successor.

Key Responsibilities

• Act as the single point of coherence for all compliance demands on the technology function - translating fragmented asks into a prioritised agenda
• Design and run non-cyber risk and compliance governance: risk appetite, control frameworks, reporting cadence, and escalation
• Define the future-state vision and lead business planning for IT risk and compliance: multi-year roadmap, investment cases, and measurable outcomes
• Partner with convergence leadership to design risk and compliance into the target operating model
• Own the non-cyber technology risk portfolio at scale: infrastructure, platform, application, and data risk
• Drive operational resilience in line with DORA-equivalent expectations - critical service identification, impact tolerances, scenario testing, and incident readiness
• Stand up the third-party risk framework covering critical vendors, cloud providers, and AI suppliers
• Own the Tech organization’s posture on GDPR, the EU AI Act, and adjacent regulatory frameworks
• Act as the primary interface for internal audit and cyber security teams

Who You Are

• Director-level leader with deep experience in technology risk, compliance, operational resilience, or audit within a regulated industry, large multinational, or top-tier consulting firm
• Proven track record turning fragmented compliance demands into a single coherent agenda
• Experience setting strategy and shaping vision for a risk and compliance function - not only running day-to-day
• Strong working knowledge of DORA-equivalent resilience expectations, GDPR, and the EU AI Act
• Credible at C-suite level; comfortable operating alongside a strong cybersecurity function with clear boundaries
• Pragmatic, decisive, and able to move at pace in a transforming environment
• Available immediately or at short notice

The following are a plus:

• Background combining consulting and industry-side experience
• Track record in convergence or harmonization programmes across markets
• Experience with modern cloud and hybrid estate risk in a large-scale environment

A Little Bit About Riverflex

Riverflex is not a traditional consultancy. It works at C-level with blue-chip companies on critical programmes that actually matter and is building its Technology Risk practice at a time when market demand is high.