The Role

You build and run Harper's compliance program from the ground up. You own producer licensing and market conduct. You own the clearance workflow for every outbound channel, lifecycle sequence, and partner program before it goes live. You own communication-channel policy, DOI complaint intake and escalation, surplus lines tax operations, and the incident-notification playbook. You partner with finance on customer-funds handling. You partner with engineering on wiring clearance gates and licensing checks into the systems operators actually use. You partner directly with the CEO when judgment calls escalate.

You sit at the intersection of Operations, Growth, Finance, and Engineering. You don't write engineering, but you specify it. You don't replace outside counsel, but you decide when to use them and when to decide.

You're willing to own the rule so frontline managers don't have to be the bad guy. "Not cleared yet" comes from you. So does "here's what you need to launch."

This is not a generalist legal role. This is not pure privacy/DPO. This is not big-carrier committee governance. This is a hands-on operator role for someone with deep insurance regulatory experience who has built, rebuilt, owned, or scaled a meaningful compliance function-and who would rather ship a working clearance gate than draft a memo about one.

What You'll Do

• Audit the full regulatory surface - Map every channel where regulated activity happens. Channels, lists, sequences, licensing matrix, open complaint exposure. No new policies until you know what's live.
• Own producer licensing & market conduct - State licensing matrix by producer and authority level. Enforcement mechanism with sales and intake leadership. Appointments, DRLP designations, continuing education. Licensing is not optional, and you're the one who makes that real.
• Clear growth before it ships - Sign-off workflow for every new outbound channel, list source, lifecycle sequence, dialer, and partner economics. TCPA, state mini-TCPAs, CAN-SPAM, DPPA, license-list usage, anti-rebating, RESPA lanes, E-SIGN/UETA. Default-deny on gray areas, ship clearance on the cleared ones.
• Own surplus lines operations - Tax filings, diligent search, stamping office workflows, multi-state surplus lines posture
• Set communication & E&O guardrails - Approved-channel policy. Claims, cancellation-save, and renewal-messaging guardrails for both AI-assisted and human reps. Document retention and call-recording standards.
• Run DOI complaint intake & escalation - Triage, response coordination, root-cause feedback into the operating teams. Catch problems through systems, not through complaints.
• Own incident & examination readiness - Multi-state regulatory notification playbook. Examination response coordination. The runbook exists before the next incident, not after.
• Prevent, don't react - Identify regulatory risk before it surfaces as a complaint or exam. Stand up the leading indicators-licensing drift, scrub failure rates, communication-channel hygiene-and act on them weekly.
• Engage regulators proactively - Build and maintain working relationships with state DOIs, stamping offices, and surplus lines regulators. Open dialogue ahead of issues, not after them. Position Harper as a known, credible operator in every jurisdiction we touch.
• Instrument the program - Single clearance register. Licensing dashboard by state and producer. Open DOI items, scrub pass rates, time-to-clearance. Weekly review with the CEO.
• Use counsel surgically - Outside regulatory counsel for judgment calls, not for basic discovery. You know when to escalate and when to decide.

You Might Be a Fit If...

• You've built, rebuilt, owned, or scaled a significant compliance function-not just maintained one at a mature carrier
• E&S and surplus lines is in your bones-diligent search, tax, stamping offices, state-by-state quirks
• You write policies people actually follow and build sign-off workflows that don't kill velocity
• You're proactive by instinct. You'd rather instrument a leading indicator than respond to a complaint, and you'd rather pick up the phone with a regulator than wait to receive a letter.
• You're an operator first, lawyer-adjacent second
• You take the friction so operators don't have to. You're comfortable owning "not cleared yet" so sales and growth leads aren't improvising on regulatory gray areas.
• You think in dashboards, not memos. If you can't answer "what's cleared, what's exposed, who's licensed where" in one view, that's the first thing you build.
• You've cleared high-volume outbound under TCPA and state mini-TCPAs in a real revenue environment
• You're comfortable with AI-assisted operations and set guardrails for automated comms instead of pretending automation isn't happening
• You manage outside counsel efficiently and know exactly when to use them
• You earn trust quickly with a founder. Low ego, high judgment, fast to action.

Backgrounds That Could Work

Strong candidates might come from compliance leadership at a brokerage or MGA (E&S preferred), regulatory affairs at a carrier with significant surplus lines exposure, a fintech or insurtech control function with multi-state licensing and TCPA depth, a financial-services control function paired with insurance regulatory experience, or outside regulatory counsel ready to step into the operator seat.

The exact title matters less than the ability to walk in, audit the surface, consolidate fragmented controls, ship gates that hold, and instrument the program weekly.

Requirements

• 5+ years in insurance compliance, regulatory affairs, or a control function-brokerage or agency experience strongly preferred
• Multi-state P&C licensing fluency; demonstrated surplus lines experience
• Track record building, rebuilding, owning, or scaling a meaningful compliance function (or a material part of one)
• Hands-on with TCPA, CAN-SPAM, state telemarketing rules, and high-volume outbound enforcement
• Experience with DOI complaints, market conduct exams, and E&O posture
• Track record of proactive regulator engagement-working with state DOIs and surplus lines authorities before issues arise, not just after
• Comfortable working directly with a founder/CEO and earning trust quickly
• Strong written communication; you write policies people read once and follow
• Bias to ship, low ego, high judgment

Nice to Have

• Surplus lines tax, premium finance, and FBO/trust account familiarity
• Financial-services or fintech control-function background paired with insurance regulatory depth
• Experience clearing dataset-driven outbound (public-records, license lists, DPPA-covered data)
• Experience setting guardrails for AI-assisted customer communications
• Multi-state incident notification experience
• SOC 2 or security-compliance coordination
• Anti-rebating, RESPA lane analysis, and partner/referral economics review

Compensation

• Salary: $150,000-$220,000 + performance bonuses & equity
• Location: San Francisco Bay Area preferred; remote considered for the right candidate-either way, you're embedded with the teams you're protecting
• Schedule: Monday-Friday. The hours are long. The people who thrive here wouldn't have it any other way.

Benefits

• Health, dental, and vision insurance
• Commuter benefits (SF) or remote-work stipend
• Team meals and snacks (SF)
• Direct reporting to the CEO; high ownership, high visibility

The Process

1. One to two screening calls - Alignment on mission, pace, and scope
2. On-site super day - Audit a live regulatory surface with the team, meet ops, finance, and engineering, show how you think

To Apply

Send your resume and tell us about a time you saw a regulatory risk coming, stood up the controls before it surfaced, and let the business keep moving.