Global Director, Risk & Compliance

About The Position

Requirements

• 8+ years in risk management, compliance, or legal operations in professional services, technology, AI/data, or consulting
• 5+ years in a global or multi-regional role managing policies and compliance programs
• Deep knowledge of data privacy laws (GDPR, CCPA/CPRA, LGPD), AI governance (EU AI Act, NIST AI RMF), and risk management standards (COSO, ISO 31000)
• Technology literacy: understand cloud architecture (AWS), data platforms (Snowflake, Databricks), and AI/ML risks (bias, data quality, model drift). Not expected to build systems, but must speak credibly with technical teams and translate tech risk into business terms
• Experience managing corporate insurance (professional liability, cyber, D&O) and working with brokers
• Comfortable engaging directly with Fortune 500 clients on security, compliance, and risk matters
• Strong written and verbal communication; able to present to executives, boards, and clients
• Proven ability to influence across regions and functions in a fast-moving, matrixed organization
• Bachelor's degree required

Nice To Haves

• JD, MBA, or relevant advanced degree preferred
• Experience in AI/ML services, data analytics, cloud-native, or digital transformation firms
• Certifications: CRISC, CISM, CISA, CIPP/E, ARM, or equivalent
• SOC 2 audit experience and ESG/sustainability reporting (CDP, SBTi)
• Knowledge of cybersecurity frameworks (NIST CSF, ISO 27001) at a governance level
• Spanish language skills
• Familiarity with Latin American regulations (Colombia, Uruguay)
• Experience building a compliance function from scratch at a growth-stage company

Responsibilities

• Partner with executive leadership to define Blend360's risk appetite and tolerance thresholds; translate those into a practical risk management framework with clear escalation protocols across all the global enterprise.
• Create and maintain a master risk register that tracks business, operational, regulatory, and technology risks; record who owns each risk, its likelihood and potential impact, and how we'll address it.
• Run annual risk reviews across all regions and business units; use the external Global Risk Assessment (expected Q3 2026) to benchmark our findings.
• Design incident response procedures and lead after-incident reviews to track fixes to completion.
• Brief senior leadership quarterly on our risk position, new threats, and progress on mitigation efforts.
• Create and maintain policies for how Blend360 uses AI, manages data, handles information security, and maintains business continuity.
• Partner with the AI Steering Committee to ensure AI is used responsibly both for client work and internal operations.
• Set standards for building and using AI models: establish rules around data quality, model performance, bias detection, and responsible use; translate regulatory requirements (EU AI Act, NIST AI RMF) into Blend360 standards.
• Work with the VP of IT and Sr. Security Engineer to assess risks in our technology infrastructure (AWS, Snowflake, client systems); document findings in the risk register and present to leadership.
• Track data safety across the company, from how it's collected and processed to how it's shared and moved across borders (for both client and internal data).
• Review client projects for risks related to cloud, data, and AI components; provide risk-based recommendations to support legal review and deal decisions.
• Establish standards for evaluating vendor and partner risks; assess key technology providers (AWS, Snowflake), subcontractors, regional partners and any data processors.
• Set rules for how we safely integrate with and share data with vendors.
• Review the technical side of partnerships, acquisitions, and client solutions working with the VP of IT.
• Review all policies at least annually and maintain an update process when policies change.
• Manage Blend360's global insurance programs: professional liability, cyber, directors & officers, general liability, and any client-specific coverage.
• Manage broker relationships and lead annual insurance renewals.
• Lead SOC 2 compliance: own the audit relationship, framework, and track remediation; work with the Sr. Security Engineer on technical requirements.
• Oversee ESG compliance, including Mastercard requirements and sustainability reporting (SBTi, CDP).
• Track regulatory changes across North America, Europe, and Latin America that affect Blend360 (GDPR, EU AI Act, data privacy laws, employment law).
• Coordinate compliance across regions with legal leads: North America, Latin America, and EMEA.
• Work with VP Ops in Uruguay and India on compliance, employment law, and data protection at each office.
• Fill the EMEA compliance gap until dedicated legal resources are in place; own EMEA policies in the meantime.
• Partner with legal lead on Latin American regulatory issues; work with Legal & Compliance Analyst for on-the-ground support.
• Run quarterly compliance reviews with each region; track fixes and report status to the SVP Finance.
• Represent Blend360 on risk and compliance matters with enterprise clients; engage directly with their security, procurement, and compliance teams.
• Handle client compliance questionnaires (security, privacy, ESG, AI governance) in partnership with IT, Security, and delivery teams.
• Create standard checklists for reviewing client contracts and define when to escalate.
• Support high-risk contract reviews; assess insurance, liability, indemnification, and IP issues.
• Maintain a log of client contracts that exceed our risk limits.