Risk and Compliance Specialist

Who we are
Our Company was founded on the idea that there are patterns in people’s behavior that, with the right logic, can be used to predict future outcomes. We are a small but rapidly growing organization that works in partnership with our customers to create solutions that are simply not found anywhere else. We work in groups rather than in structured corporate hierarchies; our culture is creative and entrepreneurial where everyone contributes to company goals in very real way. We are a hardworking group, but we have a lot of fun with what we do and are looking for new people with a similar mindset to join the organization.
What we do
Our proprietary software-as-a-service helps automotive dealerships and sales teams better understand and predict exactly which customers are ready to buy, the reasons why, and the key offers and incentives most likely to close the sale. Its micro-marketing engine then delivers the right message at the right time to those customers, ensuring higher conversion rates and a stronger ROI.

**What you will do**:
**Job responsibilities include**:
Design, implement and lead a global risk management strategy for the organization supporting annual SOC 2 and ISO 27001 frameworks
Collaborate with IT, Legal, HR, InfoSec, Architecture and DevSec Operations embedding a risk aware culture throughout the org
Establish and quantify the organization’s 'risk appetite' and ensure risk approach adheres accordingly
Perform annual Risk Assessments, Business Impact Analysis, Risk Acceptance Criteria, Quarterly UAR
Develop Risk Treatment Plans and Mitigation Strategies reducing overall risk profile
Oversee 3rd Party Risk Governance, identify critical/high operational dependencies and report scorecards
Perform 3rd party risk assessments leveraging Standard Information Gathering questionnaires
Monitor and report Key Risk Indicators measured based on likelihood, impact and risk
Facilitate annual internal audit via parent company and/or 3rd party assessments
Develop and implement security policies, standards, and procedures; eg Risk Assessment, Vendor Management
Horizon scan to increase awareness of risks affecting the business and emerging trends
Ensure compliance with regulatory obligations while taking a commercial and practical approach to risk based challenges and offer appropriate solutions
Ensure senior management remain informed of regulatory, legislative and best practice changes and their obligations under these changes and how they impact the org
Provide regular reports to boards, risk liaison teams, and other relevant bodies detailing any current issues or information as required
Corporate governance involving external risk reporting to stakeholders
Ensure minimum insurance requirements and liabilities are met prior to finalizing agreements
Providing support, education and training to staff to build risk awareness within the organization.
Provision of proactive and practical regulatory advice to business managers and support functions
Manage the successful delivery of compliance projects ensuring technical excellence and a practical/business driven approach.
Work closely with key stakeholders to understand the business requirement for projects, develop effective working relationships during project implementation and ensure business as usual ownership is understood by management Who you are:
Bachelor’s degree in Risk Management, Human Resources, or a related field
Minimum 4 years of experience in Risk Management, Compliance, or similar areas
Expert knowledge of CCPA, VCDPA, CPA and evolving regulatory environment both onshore and offshore covering all service lines offerings
Must be able to demonstrate a broad technical knowledge and expertise covering conduct of business matters, corporate governance matters and regulatory risk and regulatory change matters
Practical and commercial approach to problem solving
Experience of influence behaviors at all levels of the organization
Proven track record of delivering enhancements to process efficiency
Ability to produce and present effective presentations and training sessions.
Governance, Risk and Compliance Professional certification (GRCP), Certified Information Systems Security Professional (CISSP), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC)

**Expected Hours of Work**:
This is a full-time position. Generally, work is performed Monday through Friday, though holidays and weekends may be required.

**We believe in equal employment opportunities**:
The company provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, the company complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and co