Compliance, Risk & Governance Manager

View full description

Requirements:

• 5+ years of experience in compliance, risk management, or IT governance, ideally within a SaaS, security, or privacy-focused environment.
• Deep knowledge of regulatory frameworks such as GDPR, CCPA, ISO 27001, SOC 2, and experience supporting audits and due diligence processes.
• Experience completing vendor security assessments with engineering-focused questions and infrastructure-level questions
• Hands-on experience managing IT systems, employee device provisioning, and endpoint security tools (e.g. MDM, SSO, endpoint protection).
• Strong understanding of operational risk and compliance in a B2B tech context, or a banking, fintech or credit context
• Ability to design and implement scalable internal controls, policies, and procedures with clarity and simplicity.

Responsibilities:

• Lead audits for SOC2, PCI and HIPAA (we use Vanta). Ensuring compliance with certification requirements and managing improvements post-audit.
• Ensure and maintain compliance with GDPR, CCPA, CPRA and other privacy regulations
• Manage the provisioning, security, and lifecycle of company laptops to ensure all devices are compliant, tracked, and securely maintained.
• Conduct risk assessments and mitigate data security and compliance risks.
• Represent Kodex as the primary point of contact for all compliance-related matters with clients, partners, and regulatory bodies.
• Ensure employees are trained and educated on compliance and security best practices to maintain a strong security culture within the organization.
• Lead the development and enforcement of internal compliance policies, frameworks, and best practices aligned with industry standards.
• Stay updated on cybersecurity trends and threats to ensure effective training and awareness programs for employees
• Monitor and respond to evolving regulatory landscapes affecting law enforcement data requests, data privacy, and cross-border data governance.