Staff Compliance Engineer

Summary

Join ASAPP, a Forbes AI 50 recognized company, developing transformative Vertical AI solutions for Fortune 500 companies. We're building a team to solve complex problems and ensure compliance is central to our product development. This Compliance Manager role requires significant experience in compliance, risk management, and technology audit. You will support regulated customers, manage certifications (SOC 2 Type II and PCI), maintain security controls, and execute risk assessments. The ideal candidate will possess strong communication skills and experience with AWS security controls and third-party vendor security assessments. We offer a diverse and inclusive work environment.

Requirements

• At least eight years of cumulative experience in compliance, risk management, technology audit, data protection, technology, or software development, with a minimum of five years in compliance or certification roles
• Proven experience with technology audits, control design or operationalization and scaling
• Ability to exercise good judgment around the balance of compliance and business needs

Responsibilities

• Support regulated customers in maintaining elevated control requirements for regulatory compliance & controls
• Manage certification audits (SOC 2 Type II and PCI) end to end, executing self-assessments, and leading new certification efforts
• Maintain and monitor active security for a few hundred controls in operation, ensuring proper operation and maintaining artifacts
• Execute internal risk assessments and maintain a risk register
• Manage vendor and partner risk assessment programs
• Maintain security policies and documentation
• Enable compliance automation and manage the technology for compliance posture, artifact management, and scaling automation
• Work closely with internal teams to standardize and scale compliance processes and controls across the company
• Provide technical interpretation of framework requirements to key stakeholders for controls implementation

Preferred Qualifications

• CISA, CISSP certifications preferred
• Working experience in AWS security controls from a compliance perspective
• Working experience in evaluating 3rd party vendor security
• Experience working with development/engineering/architecture/technology teams to clearly communicate privacy expectations with engineering teams and contribute beyond the interpretation of privacy laws and regulations
• Experience coordinating with Legal to refine regulatory requirements, contractual obligations, and identify operational gaps to manage risk with regulatory compliance and contractual compliance
• Strong verbal and written communication skills are essential for effective customer interaction