Compliance & Risk Manager
Blossom
FLSA Classification: Exempt Reports To: Chief Financial Officer (CFO) Job Summary: The Compliance & Risk Manager is responsible for managing and executing Blossom’s compliance and risk management programs. Reporting to the CFO, this role oversees day-to-day compliance operations across all regulatory, security, and audit functions—including SOC 2 Type II, PCI DSS, and all compliance obligations associated with Blossom’s hardware and software products while maintaining a risk management framework that identifies, tracks, and mitigates operational, financial, regulatory, and strategic risks. This role collaborates closely with Engineering, Product, Legal, HR, and Operations to support a culture of compliance and risk awareness across the organization. This role works in close partnership with the IT and Infrastructure function, which retains ownership of technical security controls, HSM/key management, and PCI Security; the Compliance & Risk Manager owns program management, audit coordination, the enterprise risk framework, and policy. Supervisory Responsibilities: Support the recruitment and onboarding of compliance and risk staff; provide day-to-day guidance and oversight to any direct reports within the function. Duties & Responsibilities: Audit & Certification Management Own the end-to-end SOC 2 Type II audit lifecycle: scope definition, control design, evidence collection, auditor coordination, and remediation tracking. Lead PCI DSS compliance efforts across applicable business units, including scope management, gap assessments, and coordination with Qualified Security Assessors (QSAs). Manage relationships with external auditors, assessors, and certification bodies; serve as primary point of contact during audit engagements. Maintain a comprehensive controls inventory; ensure all controls are documented, tested, and operating effectively. Track and manage audit findings and remediation plans through to closure in collaboration with control owners. Enterprise Risk Management Manage and maintain the enterprise risk management (ERM) framework, ensuring risks across operational, regulatory, financial, strategic, and technology domains are identified, assessed, prioritized, and tracked. Maintain and update the company-wide risk register; coordinate with risk owners to ensure mitigation and remediation plans are tracked to resolution. Conduct periodic enterprise risk assessments; summarize findings and risk trends for CFO review. Collaborate with Product, Engineering, Finance, HR, and Operations to identify and flag risks associated with new initiatives, product launches, and process changes. Support operational risk programs including business continuity planning (BCP), disaster recovery readiness, and incident response protocols in coordination with IT and Engineering. Administer the third-party and vendor risk assessment process, evaluating vendors for security, financial stability, regulatory alignment, and contractual risk. Monitor the evolving risk landscape—including emerging cyber threats, regulatory changes, and market developments—and flag potential impact to leadership. Support the CFO in maintaining the company’s risk appetite and tolerance thresholds; help ensure business decisions align with established risk parameters. Respond to credit union client risk and security due diligence requests, including vendor questionnaires and risk assessments. Maintain required risk documentation including the risk register, risk appetite statements, and reporting artifacts in a manner that supports executive review and external audit. Regulatory & Policy Compliance Monitor and interpret federal, state, and credit union-specific regulatory requirements applicable to Blossom’s software and hardware products (e.g., NCUA guidance, FFIEC frameworks, GLBA, applicable state laws). Maintain and update company-wide compliance policies, standards, and procedures; ensure alignment with regulatory requirements and industry best practices. Conduct regular internal audits and control testing to evaluate compliance with applicable laws, regulations, and internal policies. Hardware & Software Product Compliance Ensure Blossom’s hardware and software products comply with applicable regulatory standards, including security and interoperability requirements for financial technology solutions used by credit unions. Collaborate with Product and Engineering teams to embed security and compliance requirements into the SDLC and hardware release processes. Advise on compliance and risk implications of new product features, APIs, and data integrations with credit union core systems and third-party platforms. Ensure the organization meets all data privacy requirements, including applicable provisions of state privacy laws and any credit union member data obligations. Security Awareness & Training Oversight Partner with HR to support compliance training integration into onboarding and ongoing employee development. Promote a compliance- and risk-aware culture by supporting cross-functional teams with guidance on regulatory obligations and risk. Oversee training completion tracking across mandatory platforms (e.g., NINJIO, Udemy Business) and ensure role‑specific training obligations are met, including Swipe team PCI requirements. Develop and deliver compliance communications, training materials, and policy updates to employees across all departments. Coordinate with HR and department heads to ensure annual policy acknowledgments and required compliance certifications are completed on schedule. Own the enterprise Security Awareness Training program, ensuring compliance with PCI DSS Requirement and other applicable mandates. Reporting & Executive Partnership Serve as a key point of contact for compliance and risk-related questions and escalations across the organization. Provide regular updates to the CFO on the status of the compliance and risk programs, including audit outcomes, risk register updates, and remediation progress. Prepare compliance metrics, risk dashboards, and audit findings summaries for CFO and executive review. Coordinate with external auditors, regulators, and credit union compliance and risk stakeholders as the day-to-day point of contact. Identify and escalation emerging compliance and risk issues to the CFO, with recommended mitigation steps and timelines. Collaborate with Legal, Finance, HR, and Operations to support alignment of the compliance and risk programs with company strategy and growth objectives. Performs other related duties as assigned. Required Skills / Abilities: Deep knowledge of SOC 2 Trust Services Criteria (TSC) and experience leading or managing SOC 2 Type II audit engagements from preparation through report issuance. Working knowledge of PCI DSS requirements and experience applying them within a fintech, payments, or software organization. Familiarity with financial services regulatory frameworks including FFIEC, GLBA, NCUA guidelines, and applicable state consumer protection and data privacy laws. Experience developing, implementing, and managing enterprise compliance policies, procedures, risk registers, and controls inventories. Demonstrated experience building or managing an enterprise risk management (ERM) framework, including risk registers, risk appetite statements, and risk reporting. Strong organizational and project management skills; able to manage multiple compliance and risk workstreams simultaneously with attention to detail. Exceptional written and verbal communication skills; able to translate complex regulatory requirements into clear, actionable guidance for technical and non-technical audiences. Experience partnering with Engineering and Product teams to embed compliance into software and product development processes. Comfort with GRC platforms and risk management tools (e.g., Drata, Vanta, LogicGate, ServiceNow GRC, or similar). High integrity, strong judgment, and the ability to operate as a trusted advisor to senior leadership. Ability to navigate ambiguity and execute within a fast-growing fintech environment with evolving compliance and risk needs. Proficiency with Google Workspace or Microsoft 365 and standard business productivity tools. Education and Experience: Bachelor’s degree in Business, Finance, Legal Studies, Information Systems, or a related field required; Master’s degree a plus. Minimum 4+ years of progressive experience in compliance, risk management, audit, or related fields; experience within fintech, payments, or financial services strongly preferred. 2 or more years of hands‑on experience with SOC 2 audits (as preparer, auditee, or program contributor); experience with PCI DSS compliance strongly preferred. 2 or more years of experience in a compliance, risk, or audit role with increasing responsibility, preferably in a growth‑stage or mid‑market company. Prior experience working with or supporting credit unions, community financial institutions, or regulated financial services clients strongly preferred. Experience supporting fintech, SaaS, or B2B technology companies serving regulated industries is a plus. Relevant professional certifications strongly preferred: CISA, CISM, CRISC, CCEP, CIPP, CFE, or equivalent. Physical Requirements: Prolonged periods sitting at a desk and working on a computer. Must be able to lift up to 15 pounds at times. What We Offer: Health, fully covered: Company-paid medical, dental, and vision insurance. Life & AD&D: Company-paid life and accidental death & dismemberment coverage. Income protection: Company-paid short- and long-term disability. 401(k) with match: Save for the long run, and we’ll match. Remote allowance: Cell phone and internet connectivity expenses support. Flexible spending: FSA and Dependent Care (DCSA) accounts to stretch your pre‑tax dollars. Unlimited PTO: Take the time you actually need. Employee Assistance Program (EAP): Confidential support for life’s harder moments. Supplemental coverage: Voluntary insurance options to round out your plan. #J-18808-Ljbffr Blossom
- Blossom is seeking a Compliance & Risk Manager to oversee our compliance and risk programs. Reporting to the CFO, this role manages SOC 2 Type II and PCI DSS audits and collaborates with Engineering, Product, Legal, HR, and Operations to embed regulatory controls across...SuggestedRemote job
- Jewish Family Service of Colorado is seeking a Compliance Coordinator to manage compliance activities and ensure adherence to ethical standards and regulations. The role involves working with leadership to implement effective compliance programs and maintaining critical...SuggestedWork at office
- ...Risk Manager (RN/LPN)-Multi-Facility Coverage Catholic Health Services (CHS), one of South Florida's leading faith-based healthcare organizations... ...a critical role in promoting a culture of safety, regulatory compliance, and risk reduction across our healthcare facilities. Key...SuggestedWork at officeLocal area
- ...potential problems before they occur so that risk‑handling activities may be planned and... ...the time spent working in this class. Management may assign additional functions related... ...the essential functions of this job. In compliance with the ADA, the City of Riviera Beach...SuggestedFull time
$98.7k - $164.5k
...health today, we want to hear from you. Join McKesson’s Global Risk Management Team as a Risk Manager supporting Florida Cancer Specialists... ...of insurance, policy records, schedules, and related compliance materials. Support risk reporting, data analytics, and risk...SuggestedWork at officeRemote work- Power Financial Credit Union is seeking a Director of Risk Management in Florida to lead strategic risk management initiatives. In this role, you will oversee the credit union's Enterprise Risk Program, manage multiple risk management functions, and collaborate with executive...
- ...dedicated and experienced Registered Nurse to join our team as a Risk Manager at North Dade Nursing & Rehabilitation Center. As a valued... ...management policies, procedures, and protocols to ensure compliance with regulatory requirements and industry standards Collaborate...
- Florida Cancer Specialists & Research Institute is looking for a candidate to assist in handling healthcare risk management. The role involves engaging with both external callers and internal contacts, requiring independent judgment to prioritize tasks effectively. The...
- ...are seeking a highly motivated, detail-oriented Privacy and Compliance Program Manager to support the operational aspects of the company’s privacy... ...of privacy compliance, including privacy impact and risk assessments, data subject requests, and records of processing...Contract workFlexible hours
$83.7k - $155.69k
...Location: 900 HOPE WAY, ALTAMONTE SPRINGS, FL 32714 Schedule: Full time. Shift: Day (United States) Job Description Facilitates risk management education for facilities. Prepares and presents risk management content. Plans the annual Risk Management Workshop and...Full timeWork experience placementLocal areaShift work- ...organization in New York seeks a Prevention of Sexual Abuse Manager to ensure compliance with abuse prevention standards for Unaccompanied Children... ...include liaising with regulatory bodies, assessing risks, and providing staff training. This role offers a competitive...
- McKesson Corporation is seeking a proactive Risk Manager to support Florida Cancer Specialists. In this role, you will lead a broad range of risk management activities, collaborate with healthcare leaders, legal teams, and insurance partners, and drive business-focused...Remote job
- ...leading pharmaceutical company based in New York is seeking a Quality Assurance (QA) Manager to maintain oversight of cGMP processes. The role includes managing QA staff, ensuring compliance with regulatory standards, and conducting investigations into quality deviations....
- ...leading safety solutions provider seeks an experienced Business Manager to oversee administrative and operational functions in the... ...includes coordinating between office and field operations, managing compliance, and leading a small team. Ideal candidates will have a...Work at office
- McKesson, a Fortune 10 healthcare company, invites applications for a Risk Manager supporting Florida Cancer Specialists. You will advise on risk, insurance programs, and claims management while collaborating with healthcare leaders, legal teams, and operations. The role...Remote job
$67.9k - $199.14k
...Health has an exciting opportunity for a Senior Informatics Manager to join our dynamic Risk Adjustment Analytics team! In this role, you will lead... ...both technical and non‑technical stakeholders Support compliance with CMS and state Medicaid requirements through...Remote jobHourly payFull timeTemporary workWork experience placementLocal area$90k - $110k
...in New York is seeking an Environmental Programs Manager to oversee all environmental initiatives and compliance across multiple locations. The role requires 8-12... ...experience and a Bachelor's degree. Candidates will lead risk management activities, provide training, and act...$102k - $177.1k
Johnson & Johnson is seeking an Operations Risk and Capacity Manager to join the VELYSTM Enabling Tech Supply Chain team. This role involves orchestrating supplier risk and capacity health and ensuring adherence to supply chain processes. The ideal candidate will have at...- Description Position Overview We are seeking an IT Security & Compliance Manager to oversee, maintain, and defend our digital infrastructure... ...Management: Conduct regular internal audits, vulnerability scans, and risk assessments. Prioritize and remediate vulnerabilities across...Contract workFor subcontractorRemote work
- ...programs, policies, and training to ensure compliance with federal, state and local regulations. In collaboration with Transportation management, directs safety and compliance systems... ...' to identify and respond to higher risk drivers. Conduct audits and assistance visits...Local areaShift workDay shift
- ...company. We are currently looking for an Information Security & Compliance Manager - REMOTE. This role is crucial in leading the security... ...governance, making this an impactful position for the organization's risk management efforts. Overview This position is posted by...Remote jobFlexible hours
- IT & COMPLIANCE MANAGER Salary to be discussed at interview. Relocation package is available to qualified candidate. POSITION SUMMARY The IT... ...regular security assessments, penetration testing, and risk analyses. Manage endpoint protection, network security, access...Fixed term contractLocal areaRelocation package
- Comp-Ai is seeking a Senior Technical Product Manager to lead product strategy and execution in a rapidly growing AI-native compliance platform. This role is key in transforming compliance processes utilizing AI technology. You will define product roadmaps, collaborate...
- ...We are seeking a proactive and experienced National Safety & Compliance Manager to join our Retail business unit. In this site-based role, you... ...and load restraint Conduct site audits, inspections, and risk assessments to ensure compliance with WHS legislation and internal...Full timeFlexible hours
- Centene Corporation seeks an Actuarial Manager to lead analytics and risk assessment across health plans, driving value through VBC strategies and contract design. You will supervise a small team and collaborate with Medicare, marketplace and Medicaid teams to assess policy...Remote jobContract work
- Risk Manager Responsibilities General Responsibilities Residents Rights Safety Risk Management Responsibilities Demonstrates knowledge of Infection Control practices in a healthcare setting Understands, participates and assists in implementing the Quality Improvement...Daily paidShift workNight shiftWeekend work
$102k
...Johnson’s Family of Companies, is recruiting for an Operations Risk and Capacity Manager to form part of the VELYSTM Enabling Tech Supply Chain... ...applicable. Responsible for ensuring personal and Company compliance with all Federal, State, local and Company regulations,...Temporary workLocal areaImmediate start- Responsibilities Lead actuarial support for statutory reserve reporting and financial reporting requirements for life and health insurance entities Support preparation of statutory actuarial opinions and memoranda Monitor and analyze experience, profitability, and reserve...
- The Public Risk Management Association is looking for an experienced professional in risk management to help reduce financial losses for the City. Key responsibilities include administering insurance programs, analyzing data related to employee injuries, and developing...
- ...Overview First Merchants Bank is seeking a 2nd Line Technology Risk & Governance Sr Manager to join our team. This position will support independent... .... Partner across ERM, IT, Cyber/InfoSec, Legal/Compliance, Internal Audit, and SOX to provide second line technology...Flexible hours
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Compliance & Risk Manager. Be the first to apply!
- compliance director Florida, NY
- director quality compliance Florida, NY
- quality regulatory manager Florida, NY
- senior director regulatory affairs Florida, NY
- senior regulatory manager Florida, NY
- quality compliance manager Florida, NY
- sr. manager regulatory compliance Florida, NY
- corporate compliance manager Florida, NY
- compliance manager Florida, NY
- training and compliance manager Florida, NY

