Risk & Compliance Manager

Department: Information Security & Risk

We are seeking a Risk & Compliance Manager who thrives at the intersection of security, compliance operations, risk management, and cross-functional collaboration. This role is both strategic and hands-on, owning key components of Built’s SOC program, client assurance processes, and ongoing governance responsibilities across the organization.

Role Overview

The Risk & Compliance Manager supports and maintains Built’s security and compliance posture by managing external audits, client due diligence engagements, compliance tooling, and recurring risk and controls activities. This highly visible role works closely with teams across Security, IT, Engineering, Product, Payments, HR, and Operations to ensure Built remains audit-ready and aligned to industry and regulatory expectations. This is an individual contributor role with no direct people management responsibilities.

Key Responsibilities

Client Due Diligence & External Assurance

• Respond to and manage client security assessments, questionnaires, and due-diligence requests.
• Provide compliance documentation and evidence through Built’s Trust Center.
• Participate in client review meetings and coordinate internal follow-ups as needed.

SOC 1 & SOC 2 Audit Program Management

• Coordinate the full lifecycle of Built’s annual SOC 1 and SOC 2 audits, including evidence collection, stakeholder scheduling, and auditor communication.
• Maintain Built’s control environment within Drata and ensure ongoing audit readiness.

Trust Center Ownership

• Administer Built’s Trust Center (Conveyor), ensuring documents, policies, and audit materials are accurate and up-to-date.
• Manage client access requests and support users with navigation and content inquiries.

Payments Compliance Support

• Support annual payments compliance activities (e.g., AML/Sanctions training, Nacha audit) in partnership with external consultants and internal stakeholders.
• Conduct periodic internal reviews of payments processes to ensure adherence to policies and partner expectations.

Policy & Documentation Governance

• Manage the lifecycle of Built’s policies and procedures, ensuring updates, annual reviews, and publication to the Trust Center.
• Maintain core compliance documentation, including audit records, incident logs, attestations, and internal reporting.

Compliance Controls & Operational Oversight

• Support ongoing monitoring and upkeep of compliance and security controls across the organization.
• Track and coordinate recurring compliance tasks managed through Jira automations.

Training & Awareness Programs

• Partner with Learning & Development to manage annual and onboarding compliance/security training and ensure completion across the organization.

Vendor & Risk Management

• Participate in vendor reviews within the procurement process and maintain the Significant Vendor Index.
• Support the annual enterprise risk assessment and track mitigation activities.

Privacy & Data Requests

• Manage inbound data subject access requests (DSARs) and coordinate responses in alignment with regulatory and internal requirements.

Qualifications

Required

• 7-8 years of experience in security compliance, audit readiness, or risk management.
• Hands-on experience with SOC 2 or similar frameworks (ISO 27001, PCI, SOX).
• Strong understanding of control requirements and evidence validation.
• Excellent communication and documentation skills.
• Experience with compliance platforms such as Drata, Vanta, AuditBoard, or similar.
• Ability to manage multiple concurrent projects, deadlines, and stakeholders.

Preferred

• Experience in fintech, SaaS, or other regulated industries.
• Knowledge of payments compliance (AML, sanctions, ACH/Nacha).
• Experience supporting client due-diligence engagements.
• Familiarity with security and risk frameworks (NIST, CIS, SOC).
• Experience with Conveyor, Jira, and vendor management tools (Zip).

What You’ll Bring

• Strong organizational and analytical skills with exceptional attention to detail.
• Ability to translate compliance requirements into clear, actionable guidance.
• A collaborative mindset and comfort working across technical and non-technical teams.
• A proactive approach to identifying risks, gaps, and opportunities for improvement

Built’s salary range for this position is $90,000 - $140,000 USD per year. The pay range is designed to accommodate upward mobility in the role, therefore it encompasses the full span of proficiency levels for this role and we believe that the midpoint of the range is competitive in the market. Salary is just one component of Built's total compensation package for employees. Your total rewards package at Built will include equity, top-notch medical, dental and vision coverage, an unlimited PTO policy, and other benefits.