VP of Compliance

At LegitScript, we are passionate about making the internet and payment ecosystems safer and more transparent. We help companies of all sizes keep their services legal and safe for consumers. To do this, LegitScript combines big data with the world’s leading team of experts skilled in highly regulated and complex sectors, including transaction laundering detection, pharmaceuticals, online gambling, and more.

The result? Unmatched accuracy and deep risk analysis that identifies which commercial entities play by the rules, and which do not. Our diverse industry partnerships provide unique insights that keep businesses and governments at the forefront of emerging trends. That’s why LegitScript is trusted by the world's largest search engines, internet platforms, payment companies, and regulatory agencies.

Overview:

The VP of Compliance is responsible for LegitScript’s Governance, Risk and Compliance program.  Working across all our teams, you’ll use your expertise to  lead our team through risk identification, tolerance and management while partnering to define best practices in designing, building and maintaining solid security controls that drive our core business. You will lead, teach and grow with us as we drive to a safer environment experience for all.

What You'll Do:

• Responsible for all Governance, Risk and Compliance (GRC) for LegitScript including leading the information Security Management Committee meetings with the Company’s executive leadership and running the annual risk assessment. 
• Responsible for the development of an annual compliance plan. This plan includes cross functional input and partnership and is presented to the Board on at least an annual basis. 
• Responsible for developing and maintaining our Incident Response process in partnership with the Executive Leadership and others in the organization. This should include our process, template, and rating of security incidents. Responsible for running point on any identified security incident including follow up and remediation. 
• Develop, maintain, and publish corporate-level information security policies, standards, procedures, and guidelines to obtain and maintain company certifications.
• Responsible for identifying areas of mandatory compliance - including privacy and other regulatory requirements. 
• Responsible for designing, implementing and leading compliance training for employees and contractors that leads to increased security and compliance knowledge across LegitScript. 
• Identification of missing controls and process issues and tracking and reporting of deficiencies or remediation needed and partnering with key stakeholders across the organization on a path for remediation. 
• Design and documentation of key security, risk, and compliance controls and policies and compliance framework.  Also, responsible for reporting on the implementation and management of the testing and overall process for the SOC-2 audit process.
• Manage the annual penetration studies, threat analysis, vulnerability assessments, and security audit activities to ensure controls and security are effective and partnering with IT, Security, and Engineering to resolve any audit findings. 
• Manage Vendor compliance requirements and evaluation. 
• Verify relevant third-party attestations and perform risk assessments to validate the necessary safeguards are in place to protect our information assets.
• Collaborate with Legal and sales to pragmatically support the sales effort with prospects and customers by championing the security value of LegitScript including leading risk and compliant calls and completion of security questionnaires.
• Responsible for adjusting and building out the compliance program in alignment with the growth and strategy of the company. 
• Have a lot of fun while making a difference in the world by enabling a safer internet for everyone

What You'll Bring:

• Must have significant experience with owning the development of a company’s  security and related regulatory compliance frameworks including but not limited to SOC 2 and ISO 27001
• Expert experience developing and implementing information security practices
• Experience actively governing risks and threats and managing security events
• High confidence working in the AWS ecosystem or ability to learn quickly
• Must possess and consistently exhibit the competencies relative to the position
• Strong interpersonal and communication skills including the ability to lead discussions in diverse groups of varying size including internal and external parties
• Excellent time management and problem solving skills as well as the ability to use good judgment and make strong independent decisions
• Demonstrates an inspirational attitude that contributes to a positive team environment
• Ability to build and maintain effective working relationships with team members along with willingness to set and maintain high standards of performance
• Well developed ability to speak, read, comprehend, and write English

In addition to competitive salaries, full-time employees enjoy a great benefits package:

• Multiple Medical plans (one with $0 employee premium option), Dental & Vision plans
• 401k with company match and immediate vesting
• Generous paid time off package and 11 paid holidays
• And much more!

If you got to this point, we hope you're feeling excited about the job description you just read. Even if you don't feel that you meet every single requirement, we still encourage you to apply. We're eager to meet people that believe in LegitScript’s mission and can contribute to our team in a variety of ways.

This job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.

Please note that visa sponsorship is not available for this position. We cannot support international remote work.

**We do not accept unsolicited applications from third-party recruiters or agencies for this job posting. Any candidate submission without a prior agreement will be considered the property of our company, and we will not be responsible for any fees or obligations related to such submissions. We encourage interested candidates to apply directly through our official channels.**