Risk & Compliance Manager

About The Position

Requirements

• 7-8 years of experience in security compliance, audit readiness, or risk management.
• Hands-on experience with SOC 2 or similar frameworks (ISO 27001, PCI, SOX).
• Strong understanding of control requirements and evidence validation.
• Excellent communication and documentation skills.
• Experience with compliance platforms such as Drata, Vanta, AuditBoard, or similar.
• Ability to manage multiple concurrent projects, deadlines, and stakeholders.

Nice To Haves

• Experience in fintech, SaaS, or other regulated industries.
• Knowledge of payments compliance (AML, sanctions, ACH/Nacha).
• Experience supporting client due-diligence engagements.
• Familiarity with security and risk frameworks (NIST, CIS, SOC).
• Experience with Conveyor, Jira, and vendor management tools (Zip).

Responsibilities

• Respond to and manage client security assessments, questionnaires, and due-diligence requests.
• Provide compliance documentation and evidence through Built’s Trust Center.
• Participate in client review meetings and coordinate internal follow-ups as needed.
• Coordinate the full lifecycle of Built’s annual SOC 1 and SOC 2 audits, including evidence collection, stakeholder scheduling, and auditor communication.
• Maintain Built’s control environment within Drata and ensure ongoing audit readiness.
• Administer Built’s Trust Center (Conveyor), ensuring documents, policies, and audit materials are accurate and up-to-date.
• Manage client access requests and support users with navigation and content inquiries.
• Support annual payments compliance activities (e.g., AML/Sanctions training, Nacha audit) in partnership with external consultants and internal stakeholders.
• Conduct periodic internal reviews of payments processes to ensure adherence to policies and partner expectations.
• Manage the lifecycle of Built’s policies and procedures, ensuring updates, annual reviews, and publication to the Trust Center.
• Maintain core compliance documentation, including audit records, incident logs, attestations, and internal reporting.
• Support ongoing monitoring and upkeep of compliance and security controls across the organization.
• Track and coordinate recurring compliance tasks managed through Jira automations.
• Partner with Learning & Development to manage annual and onboarding compliance/security training and ensure completion across the organization.
• Participate in vendor reviews within the procurement process and maintain the Significant Vendor Index.
• Support the annual enterprise risk assessment and track mitigation activities.
• Manage inbound data subject access requests (DSARs) and coordinate responses in alignment with regulatory and internal requirements.

Benefits

• Competitive benefits including: uncapped vacation, health, dental & vision insurance
• 401k with match and expedited vesting
• Robust compensation package, including equity in the form of stock options
• Flexible working hours, paid family leave, ERGs & Mentorship opportunities
• Learning grant program to support ongoing professional development