Head of Compliance
Lehi, Utah, United States
Weave HQWeave brings together a world-class phone system and a suite of communication tools, so it's easy to automate more tasks, keep schedules full, get paid faster, collect more reviews and much more.
Weave’s Head of Compliance is responsible for ensuring compliance with outside regulatory and legal requirements as well as internal policies and bylaws. This includes working with engineering and product leaders to ensure our product meets applicable regulatory standards (i.e., telecommunications and privacy requirements applicable to our industry), working with business leaders to ensure our business processes comply with internal policies and bylaws (i.e., code of conduct and data privacy), working closely with our Head of Security on data privacy and security, and working closely with our Head of Internal Audit on SOX compliance. This person will also be a key member of our Risk Management team and will help us identify, track, and remediate risk.
We are looking for someone local or willing to relocate to the Lehi, Utah area. This position is a hybrid role (minimum 3 days in office / 2 days flexible) reporting to our Chief Legal Officer.
What You Will Own
- Partner with Product and Engineering, Marketing, Finance, Human Resources, and other departments to ensure that our service and internal operations comply with applicable regulatory requirements and best practices (e.g., US and Canadian laws, regulations, and frameworks including HIPAA, CCPA/CPRA, TCPA, CAN-SPAM, SOX, the FCC’s e911 and CPNI rules, STIR/SHAKEN, CTIA Messaging Principles and Best Practices, Securities Exchange Act and SEC rules, AML rules, Americans with Disabilities Act; and Canada’s PIPEDA, provincial privacy laws, CASL, the Accessible Canada Act, and the CRTC’s Unsolicited Telecommunications and e911 rules; and PCI-DSS).
- Act as an internal advisor/partner to departments regarding risk and compliance matters (e.g. controls, best practices, and industry developments.) Assists departments in understanding regulatory responsibilities and best practices.
- Design and implement employee training programs to ensure that employees understand their roles and responsibilities for compliance with laws and regulations, data security and protection, privacy, and adherence to Weave’s Code of Conduct.
- Create and implement risk management processes in conjunction with security, internal audit, and business leaders. Collaborate and partner with stakeholders across Weave to proactively identify legal, compliance, technology, security, and privacy risks and design mitigation solutions that are consistent with Weave’s business strategy and risk tolerance.
- Report to senior leadership and the Audit Committee of the Board of Directors on key risks. Regularly update key risk factors in Weave’s 10K/Q filings.
- Assist with development and implementation of controls in support of SOX compliance and financial statement audits.
- Participates in the strategic planning process.
- Respond to regulatory complaints, government or regulatory requests, customer complaints, incidents.
- Facilitate and respond to Weave customer due diligence and security/compliance inquiries.
- Develop customer-facing materials regarding compliance and security topics.
- Oversee operation of Weave’s vendor risk management program, to include due diligence screening of all new and existing vendors (e.g., ethics, AML, data security and privacy).
- Participate in security incident response and investigations, coordinating with various Weave departments, leadership, and external parties. Assist with management of post-incident reporting to leadership, customers, and external parties.
- Assist Legal team with contract management, corporate governance (US, India, Canada), federal and state-level registrations (Secretary of State, Public Utilities Commissions, etc.) and various other tasks.
- Assist in evaluating compliance and operational requirements for international operations and new markets.
What You Will Need to Accomplish the Job (minimum qualifications- education, experience, certifications, skills)
- Bachelor’s Degree
- 5+ years compliance experience in relevant industry
- Strong Privacy background
- Experience with HIPAA, CCPA/CPRA, and other privacy regulations
- Skilled at working with cross-functional teams including both business leaders & technical leaders on complex projects
- Excellent communication skills (written and verbal)
What Will Make Us Love You (preferred qualifications- including personality traits)
- JD, MBA, or relevant master’s degree
- Privacy, security or risk management certifications such as CIPP, CIPM, CRISC, CISM, CISSP
- Experience with US telecom and communications regulations such as TCPA, CAN-SPAM, the FCC’s e911 and CPNI rules, STIR/SHAKEN
- Understanding of CTIA Messaging Principles and Best Practices and 10DLC SMS text messaging ecosystem
- Experience with Canadian telecom and communications regulations, such as CASL, and the CRTC’s Unsolicited Telecommunications and e911 rules
- Experience with PCI DSS standards
- Experience PIPEDA and other Canadian provincial privacy regulations
- Understanding of accessibility regulations including the Americans with Disabilities Act and the Accessible Canada Act
- Good business acumen and judgment
Weave is an equal opportunity employer that is committed to diversity and inclusion. We welcome anyone who is hungry to learn, problem-solve and progress regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics.
If you have a disability or special need that requires accommodation, please let us know.
* Salary range is an estimate based on our salary survey 💰
Tags: Audits CCPA CIPP CISM CISSP Compliance CRISC Finance Governance HIPAA IAM Incident response PCI DSS Privacy Risk management Strategy
Perks/benefits: Flex hours
More jobs like this
Remote, United States Remote, United States Full TimeExecutive Executive-levelUSD 155K - 334K USD 155K+
Engineering Manager, Product Security (Remote)Application security E-commerce Ecommerce Pentesting Product security Risk management +4
Career development Equity Fertility benefits Flex hours Flex vacation +5
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Operations Analyst jobs
- Open Senior SOC Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open SOC Analyst jobs
- Open Staff Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Manager Pentest H/F jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open IT Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open IT Security Specialist jobs
- Open Infosec Risk Manager jobs
- Open Cyber Program Manager jobs
- Open o365 Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Staff Information Security Engineer jobs
- Open Cyber Hunt SME jobs
- Open Information System Security Officer (ISSO) jobs
- Open Senior Security Operations Engineer jobs
- Open Agile-related jobs
- Open SIEM-related jobs
- Open GCP-related jobs
- Open Clearance-related jobs
- Open Risk assessment-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open Java-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs
- Open Cryptography-related jobs
- Open CISA-related jobs
- Open Encryption-related jobs