We are seeking a highly motivated and resourceful Data Compliance, Security & Resilience Lead to spearhead our global data compliance efforts, third-party risk management, and security audit readiness. This role is pivotal in ensuring compliance with international data protection laws (e.g., GDPR, LGPD, UK GDPR) and maintaining operational resilience through ownership of Disaster Recovery (DR) exercises, penetration testing, and open source license compliance. You will also lead SOC 1 and SOC 2 audits, manage subprocessors, and coordinate customer-facing privacy communications.

Key Responsibilities

Data Compliance & Residency

- Monitor and ensure ongoing compliance with GDPR (EU), UK GDPR, LGPD (Brazil), and similar privacy laws across the UK and South America.

- Guide teams on data residency and cross-border transfer obligations.

- Partner with Legal and Engineering to embed compliance in product and infrastructure decisions.

Subprocessor Oversight

- Maintain the company’s subprocessor inventory.

- Coordinate risk assessments for new subprocessors.

- Manage the customer notification process for subprocessor updates.

Audit & Certification Management

- Own the full lifecycle of SOC 1 Type II and SOC 2 Type II audits.

- Coordinate across teams and external auditors to ensure audit readiness.

- Maintain documentation of controls and process owners.

Security Resilience

- Lead planning and execution of Disaster Recovery (DR) tests.

- Oversee penetration testing programs.

- Drive continuous improvement in security measures.

Open Source & Copyleft Compliance

- Monitor the codebase for copyleft license exposure.

- Work with Engineering and Legal to remediate risks.

- Maintain guidelines for the use of open source software.

Qualifications

Mindset & Capability

- Deep curiosity about data privacy and security frameworks.

- Ability to figure things out independently and take action.

- Comfortable leading cross-functional projects.

- Strong communication and documentation skills.

- Tenacity in following through with compliance efforts.

Preferred but Not Required

- Exposure to relevant laws or compliance frameworks.

- Familiarity with DR planning, pen testing, or license compliance.

- Experience with compliance tooling.

- Certifications are a plus, but not required.

What Success Looks Like

- A robust, compliant subprocessor program with clear communications.

- Regularly conducted DR tests, pen tests, and license reviews.

- Smooth, well-documented SOC 1 and SOC 2 audits.

- A strong culture of continuous improvement in compliance and security.

- Trusted guidance and effective action across teams.