Compliance & Risk Manager

Blossom

$90K — $120K *
US-AnywhereRemote in United States
Finance & Insurance
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Business, Finance, Legal Studies, Information Systems, or related field; Master's preferred.
  • 4+ years of experience in compliance, risk management, or audit, preferably in fintech or financial services.
  • 2+ years of direct experience managing SOC 2 audits; PCI DSS compliance experience preferred.
  • Experience in a compliance or risk role within growth-stage companies or mid-market companies.
  • Familiarity with financial services regulatory frameworks, including FFIEC, GLBA, and NCUA guidelines.
  • Relevant professional certifications such as CISA, CISM, or CRISC preferred.

Responsibilities

  • Manage SOC 2 Type II audit lifecycle including evidence collection and remediation tracking.
  • Lead PCI DSS compliance efforts across business units and manage relationships with external assessors.
  • Oversee the company's enterprise risk management framework and maintain the risk register.
  • Conduct periodic enterprise risk assessments and summarize findings for executive review.
  • Monitor regulatory requirements and update compliance policies and procedures.
  • Ensure compliance of hardware and software products with relevant standards.
  • Coordinate compliance training and foster a culture of risk awareness across the organization.

Benefits

  • Fully covered company-paid medical, dental, and vision insurance.
  • Company-paid life and accidental death & dismemberment coverage.
  • Company-paid short- and long-term disability insurance.
  • 401(k) with matching contributions.
  • Remote allowance for cell phone and internet connectivity expenses.
  • Unlimited Paid Time Off (PTO).
  • Employee Assistance Program (EAP) for confidential support services.
Full Job Description
Job Description

FLSA Classification: Exempt

Reports To: Chief Financial Officer (CFO)

Job Summary:

The Compliance & Risk Manager is responsible for managing and executing Blossom's compliance and risk management programs. Reporting to the CFO, this role oversees day-to-day compliance operations across all regulatory, security, and audit functions-including SOC 2 Type II, PCI DSS, and all compliance obligations associated with Blossom's hardware and software products while maintaining a risk management framework that identifies, tracks, and mitigates operational, financial, regulatory, and strategic risks. This role collaborates closely with Engineering, Product, Legal, HR, and Operations to support a culture of compliance and risk awareness across the organization. This role works in close partnership with the IT and Infrastructure function, which retains ownership of technical security controls, HSM/key management, and PCI Security; the Compliance & Risk Manager owns program management, audit coordination, the enterprise risk framework, and policy.

Supervisory Responsibilities:
  • Support the recruitment and onboarding of compliance and risk staff; provide day-to-day guidance and oversight to any direct reports within the function.


Duties/ Responsibilities:

Audit & Certification Management
  • Own the end-to-end SOC 2 Type II audit lifecycle: scope definition, control design, evidence collection, auditor coordination, and remediation tracking.
  • Lead PCI DSS compliance efforts across applicable business units, including scope management, gap assessments, and coordination with Qualified Security Assessors (QSAs).
  • Manage relationships with external auditors, assessors, and certification bodies; serve as primary point of contact during audit engagements.
  • Maintain a comprehensive controls inventory; ensure all controls are documented, tested, and operating effectively.
  • Track and manage audit findings and remediation plans through to closure in collaboration with control owners.

Enterprise Risk Management
  • Manage and maintain the enterprise risk management (ERM) framework, ensuring risks across operational, regulatory, financial, strategic, and technology domains are identified, assessed, prioritized, and tracked.
  • Maintain and update the company-wide risk register; coordinate with risk owners to ensure mitigation and remediation plans are tracked to resolution.
    • Conduct periodic enterprise risk assessments; summarize findings and risk trends for CFO review.
    • Collaborate with Product, Engineering, Finance, HR, and Operations to identify and flag risks associated with new initiatives, product launches, and process changes.
    • Support operational risk programs including business continuity planning (BCP), disaster recovery readiness, and incident response protocols in coordination with IT and Engineering.
    • Administer the third-party and vendor risk assessment process, evaluating vendors for security, financial stability, regulatory alignment, and contractual risk.
    • Monitor the evolving risk landscape-including emerging cyber threats, regulatory changes, and market developments-and flag potential impact to leadership.
    • Support the CFO in maintaining the company's risk appetite and tolerance thresholds; help ensure business decisions align with established risk parameters.
    • Respond to credit union client risk and security due diligence requests, including vendor questionnaires and risk assessments.
    • Maintain required risk documentation including the risk register, risk appetite statements, and reporting artifacts in a manner that supports executive review and external audit.

Regulatory & Policy Compliance
  • Monitor and interpret federal, state, and credit union-specific regulatory requirements applicable to Blossom's software and hardware products (e.g., NCUA guidance, FFIEC frameworks, GLBA, applicable state laws).
  • Maintain and update company-wide compliance policies, standards, and procedures; ensure alignment with regulatory requirements and industry best practices.
  • Conduct regular internal audits and control testing to evaluate compliance with applicable laws, regulations, and internal policies.

Hardware & Software Product Compliance
  • Ensure Blossom's hardware and software products comply with applicable regulatory standards, including security and interoperability requirements for financial technology solutions used by credit unions.
  • Collaborate with Product and Engineering teams to embed security and compliance requirements into the SDLC and hardware release processes.
  • Advise on compliance and risk implications of new product features, APIs, and data integrations with credit union core systems and third-party platforms.
  • Ensure the organization meets all data privacy requirements, including applicable provisions of state privacy laws and any credit union member data obligations.

Security Awareness & Training Oversight
  • Partner with HR to support compliance training integration into onboarding and ongoing employee development.
  • Promote a compliance- and risk-aware culture by supporting cross-functional teams with guidance on regulatory obligations and risk.

Oversee training completion tracking across mandatory platforms (e.g., NINJIO, Udemy Business) and ensure role-specific training obligations are met, including Swipe team PCI requirements.
  • Develop and deliver compliance communications, training materials, and policy updates to employees across all departments.
  • Coordinate with HR and department heads to ensure annual policy acknowledgments and required compliance certifications are completed on schedule.
  • Own the enterprise Security Awareness Training program, ensuring compliance with PCI DSS Requirement and other applicable mandates.

Reporting & Executive Partnership
  • Serve as a key point of contact for compliance and risk-related questions and escalations across the organization.
  • Provide regular updates to the CFO on the status of the compliance and risk programs, including audit outcomes, risk register updates, and remediation progress.
  • Prepare compliance metrics, risk dashboards, and audit findings summaries for CFO and executive review.
  • Coordinate with external auditors, regulators, and credit union compliance and risk stakeholders as the day-to-day point of contact.
  • Identify and escalate emerging compliance and risk issues to the CFO, with recommended mitigation steps and timelines.
  • Collaborate with Legal, Finance, HR, and Operations to support alignment of the compliance and risk programs with company strategy and growth objectives.
  • Performs other related duties as assigned.


Required Skills/ Abilities:
  • Deep knowledge of SOC 2 Trust Services Criteria (TSC) and experience leading or managing SOC 2 Type II audit engagements from preparation through report issuance.
  • Working knowledge of PCI DSS requirements and experience applying them within a fintech, payments, or software organization.
  • Familiarity with financial services regulatory frameworks including FFIEC, GLBA, NCUA guidelines, and applicable state consumer protection and data privacy laws.
  • Experience developing, implementing, and managing enterprise compliance policies, procedures, risk registers, and controls inventories.
  • Demonstrated experience building or managing an enterprise risk management (ERM) framework, including risk registers, risk appetite statements, and risk reporting.
  • Strong organizational and project management skills; able to manage multiple compliance and risk workstreams simultaneously with attention to detail.
  • Exceptional written and verbal communication skills; able to translate complex regulatory requirements into clear, actionable guidance for technical and non-technical audiences.
  • Experience partnering with Engineering and Product teams to embed compliance into software and product development processes.
  • Comfort with GRC platforms and risk management tools (e.g., Drata, Vanta, LogicGate, ServiceNow GRC, or similar).
  • High integrity, strong judgment, and the ability to operate as a trusted advisor to senior leadership.
  • Ability to navigate ambiguity and execute within a fast-growing fintech environment with evolving compliance and risk needs.
  • Proficiency with Google Workspace or Microsoft 365 and standard business productivity tools.


Education and Experience:
  • Bachelor's degree in Business, Finance, Legal Studies, Information Systems, or a related field required; Master's degree a plus.
  • Minimum 4+ years of progressive experience in compliance, risk management, audit, or related fields; experience within fintech, payments, or financial services strongly preferred.
  • 2 or more years of hands-on experience with SOC 2 audits (as preparer, auditee, or program contributor); experience with PCI DSS compliance strongly preferred.
  • 2 or more years of experience in a compliance, risk, or audit role with increasing responsibility, preferably in a growth-stage or mid-market company.
  • Prior experience working with or supporting credit unions, community financial institutions, or regulated financial services clients strongly preferred.
  • Experience supporting fintech, SaaS, or B2B technology companies serving regulated industries is a plus.
  • Relevant professional certifications strongly preferred: CISA, CISM, CRISC, CCEP, CIPP, CFE, or equivalent.


Physical Requirements:
  • Prolonged periods sitting at a desk and working on a computer.
  • Must be able to lift up to 15 pounds at times.


What We Offer:
  • Health, fully covered: Company-paid medical, dental, and vision insurance.
  • Life & AD&D: Company-paid life and accidental death & dismemberment coverage.
  • Income protection: Company-paid short- and long-term disability.
  • 401(k) with match: Save for the long run, and we'll match.
  • Remote allowance: Cell phone and internet connectivity expenses support.
  • Flexible spending: FSA and Dependent Care (DCSA) accounts to stretch your pre-tax dollars.
  • Unlimited PTO: Take the time you actually need.
  • Employee Assistance Program (EAP): Confidential support for life's harder moments.
  • Supplemental coverage: Voluntary insurance options to round out your plan.

Similar Jobs

More Jobs at Blossom

More Finance & Insurance Jobs

Find similar Compliance & Risk Manager jobs: