Head of Risk and Compliance

Head of Risk and Compliance

Anonyome Labs is creating a world in which people have exclusive control over their personal data.We’re changing the identity, privacy and cyber safety paradigm—and resolving the greatest challenges consumers and enterprises face.

Through the Sudo Platform products, we provide businesses with identity and privacy toolkits. We demonstrate these toolkits through our MySudo consumer reference applications empowering everyday users to decide when, where and with whom they share their personal information, and we help enterprises rapidly develop and deploy branded identity, privacy and cyber safety solutions for their customers.

In developing the Sudo decentralized digital identity at the heart of our products, we wanted to do something that hasn’t been done before — because that’s what the global fight for data privacy will demand from us all: out of the box thinking and privacy by design.

If you want to join us at the leading edge of data privacy, apply to join our team now. There’s never been a better time.

This is a fantastic opportunity to work at a well-established global start-up, working with global leaders in the security and privacy space.

Role

The Head of Risk and Compliance ensures Anonyome Labs remains compliant with business-critical external compliance objectives and leads the business risk management program.

Responsibilities

Data Protection and Privacy

Our customer trust hinges on the responsible handling of sensitive information, including regulated personal data. The Head of Risk and Compliance ensures compliance with data protection laws like EU GDPR, U.S. state privacy laws including California Consumer Privacy Act, while implementing best practices for consumer privacy. Responsibilities include:

• Establishing robust controls for data storage, transfer, and disposal
• Coordinating regular audits to ensure compliance with relevant data protection regulations
• Monitoring access to sensitive customer and corporate data    

Risk and Compliance Leadership

From external compliance objectives to third-party vendor agreements, this role ensures compliance while minimizing risk. Specific duties include:

• Driving our programs for SOC 2 certification, PCI DSS compliance, EU-U.S. Data Privacy Framework self-certification and others as determined by business need.
• Owning and maintaining disaster recovery and business continuity plans

Collaboration with Other Departments

The Head of Risk and Compliance must work closely with other C-suite executives and their teams to ensure an understanding of risk management and compliance is present:

• Partnering with the Head of Engineering and Head of Product to integrate compliance measures into systems design, implementation and operation
• Working alongside People team to ensure compliant handling of employee and candidate data
• Coordinating with internal SMEs and external legal counsel to align policies and operations with compliance regulations

Keeping Up with Changing Regulations and Compliance Obligations

The regulatory environment and supply chain of service providers in which Anonyome Labs operates is never static. Compliance today does not imply compliance in the future:

• Monitor changes in the regulatory environments critical to our products, including telecommunications, payments and fintech, consumer privacy, and data protection laws
• Identify product or internal improvements to reduce the risk of becoming non-compliant

Reporting to Stakeholders

Providing regular updates about the company’s risk posture and compliance status are essential duties. They must:

• Offer actionable insights to reduce risks while aligning compliance with the company's long-term goals
• Advocate for necessary budget approvals to invest in risk management and compliance initiatives

Core Skills and Competencies

Leadership and Strategic Planning

Risk Management Strategy Design

• Ability to develop and implement a comprehensive risk management strategy that addresses current and emerging risks across business units.

Business Alignment

• Skills to align initiatives with overall business goals and objectives, ensuring risk management measures contribute to organizational success.

Risk Management and Compliance

Regulatory Compliance

• Familiarity with data protection laws such as EU GDPR, California Consumer Privacy Act, and industry certifications frameworks such as SOC 2, PCI DSS, and the EU-U.S. Data Privacy Framework.

Risk Assessment

• Ability to conduct risk assessments of internal systems and third-party vendors to identify and mitigate vulnerabilities.

Disaster Recovery Planning

• Competence in creating robust disaster recovery and business continuity plans.

Data Protection

Sensitive Data Handling

• Design strict controls for data storage, access, transfer, and disposal to ensure the integrity of sensitive customer and corporate information.

Privacy Best Practices

• Advocate for user privacy by adopting and enforcing best practices for data protection.

Incident Response

Crisis Management

• Experience leading incident response efforts to evaluate breaches, assess damage, and communicate with stakeholders like customers and regulatory bodies

Post-Incident Analysis

• Ability to supervise reviews after cybersecurity incidents and ensure lessons are applied to future defenses

Communication and Reporting

Stakeholder Engagement

• Strong communication skills to prepare and deliver detailed reports to stakeholders

Budget Advocacy

• Ability to secure budget approval for critical risk and compliance initiatives

Employee Training and Awareness

Training Development

• Develop and conduct employee training sessions on risk management and compliance topics such as payments compliance.

Fostering a Data Protection Culture

• Own the culture of shared responsibility for risk management across all departments

Collaborative Skills

Cross-Department Coordination

• Proficient in collaborating with Information Systems, Product, Engineering and Finance departments to ensure regulatory and external compliance where required
• Supporting Sales by reviewing contracts and agreements for compliance requirements and devising how they can be achieved

Stakeholder Partnerships

• Partner with C-suite executives to embed risk management and data protection policies into every aspect of the organization.

Personal Attributes

Analytical Thinking

• Sharp analytical skills to assess risks and the effectiveness of risk management measures.

Decision-Making

• The ability to make sound, quick decisions.

Adaptability

• Resilience and adaptability in navigating the dynamic nature of the digital threat landscape.

Finally, we expect you to score extremely high on our "Stuff That Matters":

Enhancing Privacy

      Privacy is at Our Core

Growing as One team

      Work Inclusively, Embrace Diversity, Succeed Together

Sharing Insights

      Information empowers our decision making

Taking Ownership

     Own it, enjoy it, learn from it

Feeding Curiosity

      Always learning

We offer health, dental, vision & life insurance plans, unlimited PTO, cool office space, equity, catered lunches, and an exciting and innovative atmosphere. If you’re interested in changing the world, we’d love to talk to you.