Sr. Compliance Manager (Individual Contributor)
Spring Labs is redefining how data is exchanged for the new age of data sharing, security, and consumer privacy through decentralization. Our Spring Protocol Tech Stack, which includes the use of Blockchain and Cryptography, allows institutions to share information among themselves to verify identities and reduce fraud - all while protecting consumer data.
There are a few things we look for at Spring Labs in all qualified candidates, regardless of role or team. First, we look for signals that a candidate will thrive in a culture like ours, where we act like owners, empower and trust others, place ideas over hierarchy, and expect a high level of collaboration and performance. Second, we expect all employees to commit to our mission and become active culture carriers. Finally, we look for humble people, with the desire and capacity to grow and share their expertise.
The Sr. Compliance Manager is responsible for managing Spring Labs’ Compliance Program under the direction of the General Counsel. This includes analyzing any applicable regulatory, security, or operational requirements, and maintaining Standards, Policies and Procedures to ensure adherence to these requirements. This individual contributor is the primary point of contact for Spring Labs’ customers, partners, investors, auditors and third-party vendors for responding to due diligence requests, initiating review processes and audits, and will be responsible for ensuring that all phases of these processes are completed on time.
This person will work under the supervision of the Legal Counsel / Chief Information Security Officer to assist in maintaining and running the Compliance Program. The ideal candidate is a self-starter, who is agile, has a proven ability to learn on the job, and is interested in technology, laws, and regulations related to security, privacy, compliance, and risk management.
What You’ll Do
- Manage existing compliance program and stay on top of relevant compliance frameworks
- Coordinate external reviews and/or assessments from regulators, audit firms, and client due diligence requests
- Manage compliance testing of existing compliance program and monitor current and future regulatory obligations
- Conduct internal security risk assessments under the guidance of CISO.
- Work with external auditors on SOC 2, PCI DSS, and other identified compliance frameworks in conjunction with legal and tech teams
- Ensure compliance with regulations and implement changes where necessary in collaboration with the Legal team
- Conduct KYBs periodically on traditional and Web 3.0 companies
- Review and process escalated KYCs periodically
- Maintain the Risk Management Program
- Develop, review, and modify security and privacy policies
- Keep up with relevant regulation, emerging threats, forecasts, policies and best practices, and maintain a mindset of constant innovation to consider possibilities in advancing the risk management framework.
What You'll Need
- 7+ years of related work experience building and/or operating compliance programs to mitigate risk, while ensuring confidentiality, integrity, and privacy.
- Prior experience in preparing due diligence responses for regulated enterprises, Risk, Compliance or relevant Audit / Assessments functions
- Strong understanding of common compliance and governance framework security controls and how security controls are implemented technically for a fast-growing and fast-paced technology company
- Experience in project or program management
- Ability to collaborate across interdisciplinary teams to achieve tactical and strategic goals; an innovative teammate, problem solver, and consultant.
- Ability to evangelize IT security and compliance to make it a critical part of business operations
- Must possess strong presentation skills and communicate professionally in response to emails, customer responses, auditors, and internal teams
- Ability to effectively prioritize and execute tasks in high-pressure situations
- Big-4/Consulting experience in an audit or assessor function is a plus
- Relevant professional certifications such as CISA, CISM, CRISC, CGEIT, CSX-P, CISSP, CCSK
- Strong knowledge of compliance frameworks such as SOC 2, GDPR, PCI DSS, NIST Cyber Security Framework (CSF) / 800-53
- Casual Work Environment
- Fully Stocked Kitchen
- Free Gym On-site
- Weekly Office Events
- Flexible PTO
- Paid Sick Leave
- Comprehensive Medical/Dental/Vision
- FSA & DCSA
- Perks Discount Program
Spring Labs is committed to diversity, inclusion, and equality in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation, or any other basis protected by applicable law. Additionally, Spring Labs participates in the E-Verify program, as required by law.
Spring Labs is also committed to providing reasonable accommodations to individuals with disabilities. If you need reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to firstname.lastname@example.org and let us know the nature of your request and your contact.
Your application has been successfully submitted.
Protect Your Data. Minimize Your Risk.