Compliance Operations Manager

We are seeking a highly skilled and experienced Compliance Operations Manager to join our team. In this role you will oversee the implementation and maintenance of our organization's security and privacy compliance programs focusing on operational aspects of privacy and adherence to industry-specific standards such as PCI and SOC2A. You will play a crucial role in ensuring our company's adherence to security and privacy requirements while promoting a culture of compliance. The ideal candidate will have an understanding of compliance operations practices strong analytical skills and the ability to communicate effectively with stakeholders at all levels of the organization.

What You’ll Do

• Oversee the Implementation of Compliance Policies: In coordination with the information security and legal teams implement and enforce policies and procedures to facilitate compliance with privacy and industry standards protecting the confidentiality integrity and availability of sensitive information.

• Oversee Risk Management Activities: Coordinate regular risk assessments conducted by relevant teams to identify potential vulnerabilities and threats to the organization's security and privacy posture. Coordinate strategies to mitigate risks and facilitate compliance and implementation of best practices.

• Implement and enforce compliance standards as directed by the legal and information security teams ensuring operational adherence to required practices.

• Compliance Training and Awareness: Coordinate with legal and information security to implement and deliver compliance training programs. Ensure employees understand their responsibilities under these standards and promote a culture of compliance throughout the organization.

• Vendor Compliance Management: Oversee third-party compliance assessments ensuring alignment with company standards. Conduct due diligence assessments and monitor vendor compliance with AffiniPay policies and contracts.

• Collaborate with the legal team to implement and integrate policy updates and governance directives into daily operations.

• Incident Response: Facilitate collaboration with Information Security and legal teams to investigate and manage operational compliance incidents as needed. Support the information security team in post-incident assessments and implementing remediations and best practices.

• Privacy Impact Assessments (PIAs): Facilitate the implementation of third-party Privacy Impact Assessments (PIAs) ensuring that relevant teams incorporate privacy considerations into project planning under your oversight.

• Data Governance: Facilitate and maintain data governance frameworks including data classification retention policies and data access controls with a focus on the appropriate handling of sensitive information in compliance with applicable law. Coordinate with engineering and product teams to ensure compliance with data retention and deletion policies based on leadership guidance.

• Security Audits and Assessments: Coordinate and participate in internal and external security audits and assessments. Collaborate with auditors and assessors to address findings and implement remediation measures to maintain information security compliance.

Qualifications:

• Bachelor's degree in Information Security Computer Science or equivalent experience. Advanced degree and/or relevant certifications (e.g. CIPP CISSP CISA) preferred.

• Minimum of 3 years of experience in compliance or related risk-oriented operations roles preferably in the financial industry with SaaS exposure.

• Understanding of risk management principles standards and best practices.

• Proficiency in conducting risk assessments implementing  policies and procedures and managing operations aspects of compliance initiatives.

• Excellent communication and interpersonal skills with the ability to effectively engage with stakeholders at all levels of the organization.

• Strong analytical and problem-solving abilities with a keen attention to detail.

• Experience with security technologies and tools such as SIEM DLP encryption and access controls.

• Ability to work independently and collaboratively in a fast-paced environment with a commitment to continuous learning and improvement.