Compliance Manager
Remote, US•United StatesNorth America•April 30, 2024
Podium exists to help local businesses win. Using Podium’s technology, local businesses are able to simplify the way they build their business and modernize the way they communicate with their customers – from collecting payments, facilitating online reviews, launching marketing campaigns, and much more.
Our work and focus on local business and helping them to build thriving businesses has been recognized across the industry, including Forbes’ Next Billion Dollar Startups, Forbes’ Cloud 100, the Inc. 5000 (#13), and Fast Company’s World’s Most Innovative Companies. For more about our product, watch this video. Podium has a positive, inclusive, and supportive culture and was recently named one of Inc. Magazine’s Best Workplaces for 2021 (4 years in a row). We look for people who are curious, creative and are willing to do the work to be a little better every day. We also embody our company values in all that we do, which always starts with being Customer Obsessed, followed by Be a Founder, Zero Drama, and Enjoy the Ride.
As a Compliance Manager, you will ensure the company's compliance with industry standards and best practices while maturing the controls and processes in place to protect Podium. You'll also partner with various groups including Engineering, Product, Legal, and Human Resources to prepare for audits as well as ongoing improvement of Podium’s compliance program. This is an individual contributor role.
What you will be doing:
- Manage and update security technology policies
- Collaborate with various teams to implement and improve existing controls and processes
- Establish and manage security audits (HIPAA, SOC2, and ISO 27001)
- Manage the relationship and with external auditors
- Establish an effective cadence for reviews of common controls and practices with the appropriate internal groups
- Work with the appropriate groups to gather evidence for compliance audits
- Help drive the maturity of our compliance program while maintaining Podium’s unique culture and core values
- Conduct regular internal audits and report on progress as well as gaps needing further attention and improvement
- Assist in building roadmaps and long-term vision in partnership with the security and privacy team
- Partner with Sales and Legal teams to respond to security questions and contractual provisions
- Partner with Marketing teams to create customer materials describing security and audit programs
- Participate in Vendor and Partner relationships to conduct security reviews
- Maintain and update Podium’s Disaster Recovery documents and conduct tabletop tests
- Document non-conformities and follow up with business leaders to address
What you should have:
- Bachelor's degree in Information Systems or a related field, or equivalent training, fellowship, (or equivalent work experience)
- Experience leading SOC2, ISO 27001, HIPAA, PCI and other industry audits
- Familiarity with SaaS businesses
- Experience leading assurance engagements from planning, walk-throughs, evidence gathering, testing, and reporting.
- Strong written and oral communication skills
- Familiarity with AWS and its services
- Ability to partner with groups to find innovative solutions that meet requirements
- Creatively seek out issues and implement solutions
- Passionate about compliance and cybersecurity
- Weigh several, often conflicting, constraints and make decisions
- Strong collaborative and communicative skills in fast-paced company environment
BENEFITS
- Open and transparent culture
- Unlimited (untracked) vacation
- Medical, dental, vision benefits
- Life insurance, long and short-term disability coverage
- Paid maternity and paternity leave
- For local employees, weekly free lunch, and access to CrossFit gym
- For remote employees, monthly DoorDash credits
Podium is an equal opportunity employer. Podium provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status or veteran status.