Head of Legal, Risk & Compliance

Job Description

Job Description

Position Overview

The Head of Legal, Risk & Compliance (who also serves as Chief Risk Officer) is a senior executive accountable for the legal, regulatory, risk management, compliance, and governance obligations of DataCT LLC in its capacity as the independent Administrator of the CT Plan. The role is the principal legal and compliance partner to the Chief Administration Officer and is responsible for protecting the independence of the Administrator function, managing related-party considerations with DataCT subcontractors (including DataBP LLC), and ensuring full compliance with the governance framework of the CT Plan.

This is a hands-on, execution-focused role in a growing organization. The Head of Legal, Risk & Compliance builds and owns DataCT's legal operations, enterprise risk framework, compliance program, audit program, and regulatory engagement strategy, while advising the DataCT Board and the CT Plan Operating Committee on matters of independence, fiduciary conduct, and regulatory obligation.

DataCT operates under the independence, governance, and transparency framework established in the CT Plan and the Administrator RFP. All staff are expected to uphold the independence of the Administrator function, avoid actual or perceived conflicts of interest, and support the governance reporting obligations of the Operating Committee of CT Plan LLC.

Core Responsibilities

Legal and Governance Leadership

• Serve as the senior legal executive of DataCT LLC, providing counsel to the CAO, the DataCT Board, and (as required) the CT Plan Operating Committee.

• Lead drafting, negotiation, and administration of all material agreements, including the Administrator Services Agreement with CT Plan LLC, subcontractor agreements (including DataBP LLC and Deloitte entities), customer licensing agreements, and vendor contracts.

• Own corporate governance for DataCT LLC as a Delaware LLC operating in New York, including Board Books, resolutions, minutes, member consents, Operating Agreement maintenance, and governance charters.

• Manage related-party protocols and conflict-of-interest controls, with particular attention to transactions with DataBP LLC and Vondelpark Capital BV.

• Advise on the C-corporation tax election structure and cross-border ownership considerations (Dutch BV, disregarded-entity status) in coordination with external tax and accounting advisors.

Risk Management and Enterprise Risk Framework

• Design, implement, and maintain DataCT's enterprise risk management framework, including risk identification, measurement, monitoring, and reporting.

• Oversee operational, legal, regulatory, technology, cyber, third-party, and reputational risk programs.

• Produce the quarterly risk report to the DataCT Board and the CT Plan Operating Committee.

• Lead scenario and contingency planning for regulatory, technology, and market-structure disruption events.

• Coordinate insurance program strategy (D&O, E&O, cyber, crime, general liability) aligned to DataCT's risk profile.

Regulatory and Compliance Leadership

• Maintain DataCT's compliance with U.S. securities, SRO, and market-structure regulatory requirements, including the CT Plan, Regulation NMS, and Regulation SCI obligations that flow through the Administrator function.

• Own the control frameworks supporting SOC 1, SOC 2, ISO 27001, GDPR, CCPA, sanctions screening, and related standards as applicable.

• Oversee SOX-aligned financial controls in partnership with the Controller and external auditors.

• Manage regulatory inquiries, subpoenas, litigation holds, and examinations.

• Support policy and filings work with CT Plan counsel and external regulatory counsel as required.

Audit and Control Oversight

• Oversee the Licensing Audit function, which executes subscriber-facing audits of CT Plan licensing compliance.

• Coordinate internal and external audit programs, including SOC audits, financial audits, and independence certifications required under the CT Plan governance framework.

• Approve audit plans, review findings, and ensure timely remediation of control gaps.

• Maintain audit workpapers, management letters, and control attestations in accordance with retention obligations.

Independence, Conflicts, and Governance Integrity

• Serve as the principal custodian of DataCT's independence from individual CT Plan participants and from related parties.

• Maintain the conflicts register, related-party transaction register, and gifts/entertainment policy.

• Pre-clear material transactions, hiring decisions, and subcontractor engagements that implicate independence or related-party considerations.

• Report independence status quarterly to the DataCT Board and the CT Plan Operating Committee.

Information Security, Data Protection, and Privacy

• Partner with the shared CISO to oversee information security governance, security incident response, and regulatory notification procedures.

• Own privacy program design for DataCT, including data-subject rights handling, cross-border data transfer assessments, and records-of-processing.

• Approve data protection impact assessments for new products, subcontractor engagements, and material technology changes.

Organizational Leadership

• Build and lead the Legal, Risk & Compliance team as DataCT scales toward its target operating state in April 2027.

• Develop team operating rhythms, training curricula, and career progression pathways aligned with DataCT's Resourcing Experience and Expertise Classification Framework.

• Foster a culture of integrity, independence, transparency, and accountability consistent with DataCT's public-market role.

Key Performance Indicators

• Zero material breaches of independence, conflicts, or related-party protocols.

• Clean SOC 1, SOC 2, and financial audit opinions; timely remediation of any identified findings.

• Cycle time from intake to executed agreement for customer and vendor contracts.

• Timely closure of enterprise risk items and Board-level risk reporting delivered on calendar.

• Regulatory and examination readiness; no material regulatory findings.

• Compliance training completion across all DataCT staff.

Qualifications

• Juris Doctor (JD) from an accredited U.S. law school and active bar admission in New York (or eligible for admission under New York's in-house counsel or reciprocity rules).

• Fifteen or more years of progressive legal experience, including senior in-house leadership at a financial market infrastructure, SRO, exchange, SIP operator, or regulated market-data entity.

• Deep working knowledge of U.S. securities regulation, Regulation NMS, Regulation SCI, SRO governance, and market-data licensing frameworks.

• Demonstrated experience leading enterprise risk and compliance programs in regulated financial services environments.

• Experience managing related-party and independence matters in a governance-sensitive entity.

• Prior experience advising Boards and Board-equivalent governance bodies.

Skills and Competencies

• Executive legal judgment with ability to operate in a public-market-adjacent, reputation-sensitive environment.

• Strong commercial drafting and negotiation skills across complex services, licensing, and subcontracting agreements.

• Enterprise risk and control framework design; SOC / SOX / Reg SCI fluency.

• Regulatory strategy and engagement, including examinations and inquiries.

• Governance administration, including Board materials, minutes, charters, and resolutions.

• Clear written and verbal communication for executive and Board audiences.

Tools and Systems

• Contract lifecycle management (e.g., Ironclad, DocuSign CLM), eSignature, Board portal tools, GRC platforms, matter management, and secure data-room platforms; Microsoft 365 and collaboration suites.

Location Requirement

This position requires regular, in-person physical presence at DataCT's principal offices in New York City. DataCT's core staff, CT Plan stakeholders, SIP Processors, auditors, and principal service providers are concentrated in the New York metropolitan area, and on-site collaboration is essential to the Administrator function.

Compensation and Benefits

• Base Salary Range - $275,000-325,000 (commensurate with experience, qualifications, skills, education, internal equity, and market data).

• Eligible for performance-based incentives consistent with the role level.

• Compensation is set in accordance with the DataCT Resourcing Experience and Expertise Classification Framework.

• Full benefits package including medical, dental, vision, 401(k) with employer match, life insurance, disability coverage, and paid time off.

Reporting Structure

Reports to: Chief Administrative Officer ( CAO)

About DataCT

DataCT LLC is a Delaware limited liability company headquartered in New York, New York, formed as a single-purpose, independent, member-owned entity to serve as the Administrator of the U.S. Consolidated Tape Plan (the CT Plan). DataCT LLC is responsible for the unified administration of Tapes A, B, and C under the CT Plan, acting on behalf of CT Plan LLC under the Administrator mandate. DataCT is currently engaged under an Interim Services Agreement and is transitioning to the definitive Administrator Services Agreement with CT Plan LLC. The organization is building toward a full operating state of approximately 25 employees and is expected to be fully operational by April 2027.

Equal Opportunity

DataCT LLC is an Equal Opportunity Employer. DataCT is committed to building a diverse and inclusive workforce and does not discriminate on the basis of race, color, religion, sex (including pregnancy, childbirth, and related conditions), sexual orientation, gender identity or expression, national origin, age, disability, genetic information, military or veteran status, marital or familial status, citizenship or immigration status, or any other characteristic protected by applicable federal, state, or local law.

DataCT LLC is committed to building a diverse, accountable, and independent organization in service of the CT Plan, its Operating Committee, and the broader U.S. market-data community. The Head of Legal, Risk & Compliance is a key contributor to that mission.