Job Description

Compliance Manager

About the Role: The Compliance Manager is responsible for developing, implementing, and maintaining a comprehensive compliance framework across a SaaS/PaaS and payment-processing environment. This role ensures ongoing adherence to federal and state regulations governing financial data, consumer data privacy, security and payment transactions while managing corporate compliance programs such as SOC 1/SOC 2, GLBA, PCI-DSS, NACHA and/or related data-protection requirements.

The ideal candidate combines regulatory expertise with strong technical understanding and audit experience, bridging business, legal, and engineering functions to ensure that compliance and control standards are fully operationalized.

Responsibilities

Duties and Responsibilities include but are not limited to the following:

Regulatory & Corporate Compliance

• Oversee compliance with TSR, GLBA, UDAAP, FTC/CFPB, BSA/AML and state-level financial service regulations

• Lead pre-audit planning for external audits such as SOC, ACH, AML, including readiness reviews, control mapping, evidence management, and remediation

• Ensure compliance with PCI-DSS, NACHA, ISO 27001, and NIST CSF/RMF standards applicable to payment and data environments

• Maintain and continuously enhance the organization’s Compliance Management System (CMS) including policy updates, control inventories, and risk documentation

• Coordinate regulatory and compliance due diligence for new products, vendors, and partnerships

• Serve as the secondary liaison for internal and external auditors, bank partners, and regulatory examiners

Audit Management (Internal & External)

• Plan, lead, and execute internal audits to evaluate control effectiveness across departments, IT systems, and business operations

• Develop annual internal audit plans aligned with risk assessments, audit readiness and compliance objectives

• Review external audit plans (SOC, PCI DSS, financial, regulatory) to ensure audit readiness, evidence collection, and efficient communication of findings

• Track, validate, and document remediation of all audit findings and control gaps, ensuring timely closure and continuous improvement

• Coordinate walk-throughs and control testing sessions with engineering, security, and finance teams to validate control design and operating effectiveness

Technical Compliance & Information Security

• Partner with Engineering, Security, and Development teams to align control implementation with SOC 2 Trust Principles, NIST CSF, NIST RMF and CIS v8

• Support cloud-environment compliance for AWS, GCP, and private cloud environments, ensuring audit and privacy standards are met/maintained

• Contribute to BC/DR, change-management, and operations management activities with a compliance perspective • Oversee vendor risk management, including third-party SOC report review and compliance due diligence

Operational Oversight

• Maintain control testing schedules, evidence repositories, and audit logs for traceability and audit-readiness

• Contribute to ongoing compliance risk assessments, identify emerging risks, and coordinate mitigations

• Oversee company-wide compliance training to ensure timely completion report problems and findings to the compliance director

• Develop compliance dashboards and reports to highlight compliance KPIs

Qualifications and Required Skills

• Bachelor’s Degree

• 5–7 years of experience in compliance, audit, or risk management within FinTech, SaaS/PaaS, or payment-processing industries

• Minimum of 3 years as a manager or team lead for the compliance function

• Proven experience leading both internal and external audits, including SOC 1/SOC 2, PCI-DSS, ACH, BSA/AML, or similar frameworks

• Familiarity with federal and state financial services regulations and industry standards governing data protection and payment processing (e.g. BSA/AML obligations, Regulation E, TSR, UDAAP/UDAP and OFAC)

• Understanding of cloud security principles, access management (SSO/MFA) methodologies, and Privacy compliance

• Familiar with ISO 27001, NIST 800-53, CIS Controls, and GDPR/CCPA implications for SaaS platforms

What Will Make You Stand Out

• Bachelor’s degree in Law, Accounting, Information Systems, Finance, or Business Administration

• Strong understanding of Risk-Based Compliance Management System Frameworks

• Strong command of audit methodologies, control design, and evidence validation

• Exceptional collaboration and communication skills across engineering, security, and business teams

• Analytical thinker with the ability to distill technical details into senior leadership level reporting

• Highly organized, self-driven, and capable of managing concurrent small teams of compliance analysts, audits and other compliance initiatives

Job Tags

Similar Jobs