Tech Risk & Compliance Director [Interim]

Contract  |  Hybrid (Europe, with travel as required)  |  6 months with possible extension 

Our client is a major European FMCG group who are modernizing their technology organization, they are scaling AI-native capabilities and converging IT capabilities across European markets. As the transformation accelerates, compliance demands on the central technology function are multiplying across security, data protection, operational resilience, AI regulation, and audit readiness. 

You will step in as the accountable senior leader who filters these demands and builds a coherent, prioritised agenda. Reporting directly to the European CTO, you will set the future-state vision for Tech risk and compliance, drive the transformation roadmap, and hand over a functioning Risk and Compliance operating model to a permanent successor. 

• →

  Act as the single point of coherence for all compliance demands on the technology function - translating fragmented asks into a prioritised agenda 

• →

  Design and run non-cyber risk and compliance governance: risk appetite, control frameworks, reporting cadence, and escalation 

• →

  Define the future-state vision and lead business planning for IT risk and compliance: multi-year roadmap, investment cases, and measurable outcomes 

• →

  Partner with convergence leadership to design risk and compliance into the target operating model 

• →

  Own the non-cyber technology risk portfolio at scale: infrastructure, platform, application, and data risk 

• →

  Drive operational resilience in line with DORA-equivalent expectations - critical service identification, impact tolerances, scenario testing, and incident readiness 

• →

  Stand up the third-party risk framework covering critical vendors, cloud providers, and AI suppliers 

• →

  Own the Tech organization’s posture on GDPR, the EU AI Act, and adjacent regulatory frameworks 

• →

  Act as the primary interface for internal audit and cyber security teams 

• Director-level leader with deep experience in technology risk, compliance, operational resilience, or audit within a regulated industry, large multinational, or top-tier consulting firm 

• Proven track record turning fragmented compliance demands into a single coherent agenda 

• Experience setting strategy and shaping vision for a risk and compliance function - not only running day-to-day 

• Strong working knowledge of DORA-equivalent resilience expectations, GDPR, and the EU AI Act 

• Credible at C-suite level; comfortable operating alongside a strong cybersecurity function with clear boundaries 

• Pragmatic, decisive, and able to move at pace in a transforming environment 

• Available immediately or at short notice 

The following are a plus: 

• Background combining consulting and industry-side experience 

• Track record in convergence or harmonization programmes across markets 

• Experience with modern cloud and hybrid estate risk in a large-scale environment 

Riverflex was founded in Amsterdam and London in 2018 and has grown into a global team of consultants united by one mission: help courageous leaders drive intelligent transformation. We integrate three service pillars - strategy & transformation consulting that Creates Change, talent services that Build Teams, and business-accelerating AI products that Augment Intelligence. 

We are not a traditional consultancy. We work at C-level with blue-chip companies on the programmes that actually matter, and we are building our Technology Risk practice at exactly the moment the market needs it most. 

Interested in this role? Submit your CV and a brief note on your relevant experience through the Riverflex website or reach out to our talent team directly. 

We are an Equal Opportunity Employer and take pride in a diverse environment. We do not discriminate in recruitment, hiring, training, promotion, or other employment practices for reasons of race, color, religion, gender, sexual orientation, national origin, age, marital status, medical condition, or disability. Even if you believe you do not tick all the aforementioned requirements for the role, we still encourage you to take the time to apply.