Key skills
LeadershipStakeholder ManagementRisk ManagementCommunication
About this role
Role Overview
- Own and maintain the company’s compliance and security policy framework, ensuring alignment with regulatory requirements and industry standards.
- Establish a strong culture and foundation of compliance across the organization.
- Partner with Legal, Security, and business leaders to ensure policies are practical, current, and enforceable.
- Own the enterprise risk registry and control library, including ongoing maintenance and maturity tracking.
- Assign and manage risk ownership, assess residual risk, and align with insurance considerations.
- Score and prioritize risks based on likelihood and impact, flagging critical risks to leadership.
- Track exceptions, compensating controls, and remediation progress; escalate stalled items as needed.
- Produce regular risk and compliance reporting, surfacing trends and systemic issues.
- Integrate risk and controls with recognized frameworks (SOC, PCI, ISO, etc.).
- Map regulatory obligations, including GLBA, HIPAA, CCPA, GDPR, and other applicable requirements.
- Plan and manage internal and external audits in partnership with cross-functional stakeholders.
- Use the risk registry to inform audit planning, readiness, and remediation activities.
- Lead Security & Compliance meetings with relevant stakeholders.
- Own client and vendor due diligence processes, including onboarding and offboarding workflows.
- Ensure timely, accurate responses to client compliance and security inquiries.
- Manage the vendor risk management program, including assessments and ongoing monitoring.
- Administer and maintain the SafeBase Trust Center.
- Monitor the effectiveness of compliance controls and the overall compliance program.
- Track and assess regulatory changes impacting fintech and financial services.
- Design and maintain compliance training for new hires in partnership with HR.
- Deliver ongoing training, updates, and reminders for existing employees and track completion.
- Conduct periodic compliance and risk assessments and implement program enhancements.
Requirements
- Bachelor’s degree in Compliance, Risk Management, Law, Information Security, Business, or a related field (or equivalent experience)
- 5+ years of experience in compliance, risk management, audit, or regulatory roles within fintech, financial services, or technology
- Hands-on experience with compliance frameworks (SOC, ISO, PCI)
- Working knowledge of regulations including GLBA, HIPAA, CCPA, GDPR
- Experience managing risk registers, control libraries, audits, and third-party risk programs
- Strong ability to translate regulatory requirements into scalable, operational controls
- Excellent communication and stakeholder management skills
- Familiarity with SafeBase or similar trust center platforms.
Benefits
- Comprehensive health coverage (medical, dental, vision, prescriptions, life & disability)
- Flexible PTO, 11 company holidays, and generous parental and caregiver leave
- An immediately vested 401(k) with company contributions
- Wellness resources and professional development opportunities