Information Security Compliance Manager
What we do at Codat
Our mission is to make life easier for the lifeblood of economies globally; small and medium-sized businesses. Codat is a universal API for consented business financial data, powering the next generation of products and services for this historically underserved market.
We have offices in London and New York, and a San Francisco office will be opening soon. We are a privately held company, and have recently closed our Series B funding and are funded by Index Ventures, Tiger Global, American Express, PayPal and a line-up of world-class angel investors.
We live by our values of being united as a single team, building a product that is useful to our clients and their customers alike, with a focus and urgency that makes us unstoppable.
What you will be doing
- You will be our first compliance hire responsible for building Codat’s compliance function
- Lead our efforts to develop and maintain all aspects of our information security, privacy and risk compliance programs, from technical and procedural controls to policies and training
- Lead Codat’s SOC 2 Type II and ISO 27001 certifications lifecycle – working with external auditors, pulling together evidence, coordinating with internal teams and maintaining the cadence of activities throughout the year to remain compliant
- Work closely with our internal teams and external service providers to coordinate and complete the incoming due diligence, information security and other regulatory compliance reviews from current and prospective customers and outgoing reviews of technology vendors
- Be the fountain of knowledge for compliance across the business – staying up-to-date on any applicable compliance requirements that may impact our business and working closely with legal, product, finance and IT to evaluate risks and opportunities as we scale
No matter what we’re doing - whether we’re speaking to customers, partners or to each other - we live by our values.
We believe in delivering useful technology that solves real problems for real businesses. We have a real want to do the stuff that isn't always “cool” but makes a difference.
We believe that the people in the best teams push and enable each other to excel. We’re united when we have each other’s backs - when something goes wrong, we don’t blame, we work together to fix it. We embrace differences of opinion to end up with better outcomes. We don’t let our egos win.
We believe that an unstoppable drive towards a single, clearly stated goal is the best way to build great things. We are biased towards action - we make informed decisions and then we act. There is no such thing as an impossible problem, just a great challenge to sink our teeth into.
What excites us
- You may have some experience as a compliance manager or compliance officer or a similar role in a technology or financial services business - primarily dealing with information security and privacy and risk
- Advanced knowledge of and experience building both SOC2 and ISO compliance programs
- Willing to learn and implement other compliance and/or regulatory schemes as required in the future as we scale (could include employment, financial etc)
- Well versed in both the technical cybersecurity and procedural business controls required for a cloud-based software business
- Able to proactively audit, create and implement process and documentation
- Highly analytical with a diligent yet pragmatic approach to compliance
- Strong communication skills to interface with internal and external stakeholders