Job Description

About OdinODIN is the global leader in Australian mortgage broking and tax services for Australian expats and overseas investors. We operate an ACL-regulated, TPB-registered multi-practice model spanning mortgages, tax, and conveyancing, with offices in Hong Kong, Singapore, Nepal, and Australia. Our loan book sits at AU$640M and growing. Our clients are high-income Australian expats making some of the most consequential financial decisions of their lives — we take the trust that implies seriously.Our ValuesAt Odin, we operate with high ownership, deep accountability, and an obsession with delivering exceptional customer experiences.We don’t wait to be told what to do. We act like owners, improve every day, and deliver WOW moments for clients and partners.If this resonates with how you approach your work, we’d love to hear from you.Why Join OdinThis is not a traditional compliance role — it’s a chance to build a future-ready risk and compliance function inside a fast-scaling, multi-jurisdiction financial services business.At Odin, we operate across mortgages, tax, and conveyancing, supporting Australian expats making high-stakes financial decisions. With increasing regulatory scrutiny (ACL, TPB, privacy, cross-border data), the cost of getting compliance wrong is high — and we’re choosing to lead, not react.If you’re someone who wants to move from “monitoring compliance” to designing how compliance should work in a modern, tech-enabled business, this role gives you that platform.About The RoleThe Head of Risk & Compliance is responsible for end-to-end ownership of Odin’s risk and compliance ecosystem across mortgages, tax, conveyancing, and operational infrastructure. This role is highly operational and hands-on — you will not sit outside the business. You will embed yourself into teams, workflows, and systems to ensure compliance is built into execution, not checked after the fact.Key Responsibilities:• Regulatory, Licensing & External Compliance• Own end-to-end ACL obligations, including responsible lending (NCCP), Best Interests Duty, credit assistance disclosures, lender accreditation, and expat-specific policy disclosure boundaries• Own TPB compliance across the tax practice and legal compliance across the conveyancing arm, including conflict-of-interest management in the integrated service model• Manage the Finsure audit and lender accreditation relationships, drive audit pass rates to sustained best-practice levels• Liaise with ASIC, TPB, lenders, aggregators, and external counsel on regulatory matters, filings, and material incidents • Incident Management & Risk Operations (Core System)• Design and operate the compliance incident management system, including taxonomy, SLAs, logging, triage, remediation, and root-cause analysis — as the central nervous system of the risk function• Establish incident management as the central operating system for risk identification, escalation, and prevention • Embed compliance controls and training directly into Nepal operations, owning offshore data-access audits and remediation of incident root causes at source• Privacy, Data & Cyber Risk• Lead privacy, data, and cyber risk: Australian Privacy Principles, cross-border data flows (AU-HK-SG-Nepal), SOC 2 readiness, vendor and AI tooling risk assessment, and breach response• Marketing Conduct & AI-Enabled Compliance• Hold final sign-off authority on marketing and conduct risk, ensuring compliance with ASIC RG 234, Spam Act requirements, testimonial rules, and AI-generated content governance• Design, deploy, and supervise an AI-augmented compliance stack (automated file sampling, policy drift detection, marketing pre-flight checks, regulatory change monitoring) in partnership with the technical team• Risk Governance & Leadership• Maintain and evolve the risk register, compliance calendar, and board-level risk dashboard; advise the co-founder group on emerging regulatory exposure and mitigation strategyRequirementsRequired Experience• 6+ years in financial services compliance with direct ownership of an ACL, AFSL, or equivalent regulated license • Strong experience applying ASIC regulatory frameworks, particularly responsible lending • Proven track record designing and operating incident management systems (severity tiers, SLAs, RCA) • Experience managing compliance in offshore/BPO environments (Nepal, Philippines, India, etc.) • Hands-on experience in privacy and data governance, including cross-border data and breach response Favorable Experience• Exposure to TPB-regulated tax practice or Australian legal/commercial compliance • Experience implementing AI, automation, or agentic workflows in compliance or audit functions • Familiarity with the Australian expat market, Hong Kong MAS-adjacent, or Singapore MAS regulatory landscape• Australian legal qualification or Nepali legal qualification sufficient to triage commercial contracts and employment matters in-house. • Prior engagement with ASIC, APRA, TPB, Finsure, or major AU lenders • Professional certifications or qualifications such as: LLB/JD, CAMS, CISA, GRCP, ICA Diploma, CRM • Working proficiency in Australian credit and privacy law; TPB Code of Professional Conduct familiarity highly valuedQualifications• Bachelor’s degree in Law, Finance, Business, Risk Management, or related field • Ability to be based in Kathmandu full-time, with periodic travel • Strong written and spoken English; working Nepali a strong plus for offshore team leadershipRequired Skills• Regulatory judgment under ambiguity — able to make and defend risk decisions without precedent, and translate them into clear, enforceable policy • Strong incident management discipline — skilled in severity triage, SLA enforcement, root-cause analysis, and preventing recurrence • High operational depth — able to audit files, design controls, train teams, and troubleshoot systems or AI workflows end-to-end • AI and automation fluency — comfortable specifying, tuning, and supervising agentic workflows within compliance environments • Strong written communication — able to clearly brief regulators, founders, and operational teams at the appropriate level • Effective stakeholder management — able to operate across seniority levels, cultures, and jurisdictions (leadership, regulators, offshore teams) • Composed under pressure — proactive in handling incidents, able to hold firm positions with senior stakeholders while supporting teams • Strong analytical rigour — detail-oriented with the ability to design practical, efficient, and embedded controls • High integrity and discretion — trusted to exercise sound judgment, including veto authority on high-risk commercial decisions Benefits• Competitive salary• Daily office breakfast & lunch• 5-day work week (Mon-Fri), onsite• Social Security Fund (SSF) enrollment• Work hours: 6:30 AM – 3:00 PM• Medical and accidental insurance• Work with a high-agency, globally distributed team• Gym Membership