Risk and Compliance Manager

AU & NZ /
Business Operations Team /
Full time
/ Remote
We are looking for a Risk and Compliance Manager to help improve all things risk and compliance across Buildkite. As a remote-first company this job may be a bit of a different shape than you might be used to, but we’re super keen to learn how to do it together. Your role will involve you working with all of Buildkite’s teams. You will help us build and maintain programs that drive proactive risk identification and management, and help us scale with rapidly developing global regulatory frameworks.  You will help in bridging gaps and conversations between the engineering/product teams, the operations team, our in-house counsel, and the rest of the organisation to better promote and advocate for risk and security. This role is ideal for someone who enjoys working in technology and wants a blend of strategic and practical work, as the role will require both planning risk and compliance initiatives and doing the day-to-day work to solve the problems that they find.

What your typical week may look like:

Build and drive the company’s Governance, Risk, and Compliance functions, operations, and processes, and continuously improve them.
Provide support and pragmatic advice on the development, improvement, and maintenance of risk management programs.
Develop and implement data-driven analysis of risk to identify trends and insights, and assess, measure, and maintain compliance with existing regulatory and third-party frameworks.
Lead and manage all aspects of SOC II compliance, including risk assessments, control implementation, documentation, audits, and incident response, ensuring continuous compliance with regulatory standards
Drive compliance program remediations and improvements identified from post mortems, investigations, and other assessments.
Meet with our customers to hear and address inquiries related to risk management and compliance; foster transparent relationships to instil trust and confidence in the company's risk and compliance position.
Work closely with other cross-functional teams (especially Product, Engineering, and Chief Technology Officer) to meet ongoing obligations, including training, compliance and privacy operations (such as records of processing activities, audits, disclosures), and developing public documents to build and maintain trust.
Help develop and implement processes and controls to assess risk in the product development life cycle.
Draft, develop, and maintain policies and other governance.
Design and implement company-wide training materials.
Respond to security questionnaires from prospective and existing customers
Ensure our insurance types and levels are appropriate and up to date
Report on compliance to the Leadership Team

This job is for you if you have:

Familiarity and expertise with risk management and governance, risk, and compliance management tools
Experience with legal or compliance teams covering diverse geographic and risk areas (for example: privacy, vendor management, Infosec) in the cloud services landscape.
Clear, collaborative communicator with a proven ability to see the big picture while also understanding the details and navigating to successful outcomes
Skillful drafter, issue-spotter, and problem-solver able to assess both legal and business risks.
Able to lead without formal reporting relationships.
Eager, flexible learner who's confident in handling tasks and answering questions you've never faced
An ability to communicate information clearly to customers, and other non-specialist stakeholders across the business
Team player with the ability to work with all levels of the organization.
Desire to teach and learn.
Willingness to expand the range of job responsibilities as needed, based on the evolution of the Company and the role.
Works independently and takes initiative
Experience working at organisations using cloud-based infrastructure, especially AWS
Love to be uniquely yourself
$130,000 - $160,000 a year