Compliance, Risk & Governance Manager

Join to apply for the Compliance, Risk & Governance Manager role at Kodex

About Kodex

Kodex is revolutionizing the way companies handle third-party data requests. As the only secure, modern portal built specifically for this challenge, Kodex enables organizations to manage data requests efficiently, securely, and in full compliance with regulatory requirements.

Trusted by over 15,000 government agencies in 190 countries and industry leaders like Coinbase, Stripe, and AT&T, Kodex combines cutting-edge security with seamless workflows to protect sensitive user data while ensuring transparency and efficiency. Founded by a former FBI agent and a team of technologists, Kodex bridges the gap between private companies and government agencies, addressing the growing volume of data requests with a solution that works for both sides.

The Role

Kodex is looking for a Compliance, Risk & IT Manager to join our team and take ownership of the systems, safeguards, and standards that protect our company and customers. In this role, you’ll be responsible for ensuring that Kodex meets its legal, regulatory, and contractual obligations — especially around how we manage law enforcement requests and sensitive data. You’ll also be responsible for the secure management of our internal IT infrastructure, ensuring that our devices, systems, and access controls are company-managed, compliant, and resilient.

This is a cross-functional role that blends compliance leadership, risk oversight, and hands-on IT operations. You’ll work closely with legal, product, and security teams to guide our compliance strategy, support audits and vendor assessments, and maintain clear internal policies.

This is a mission-critical role: Kodex operates at the intersection of technology, privacy, and public interest. Your work will help uphold our commitments to transparency, security, and accountability — values that are core to our product and our brand.

Responsibilities:

1. Manage Compliance: Lead audits for SOC2, PCI and HIPAA (we use Vanta). Ensuring compliance with certification requirements and managing improvements post-audit.
   • Ensure and maintain compliance with GDPR, CCPA, CPRA and other privacy regulations
   • Work closely with the EU Compliance Officer and Data Protection Officer
2. Vendor Security Questionnaires: Respond to security questionnaires and inquiries effectively in collaboration with Sales, Security and Engineering
3. Manage IT Hardware & Systems: Manage the provisioning, security, and lifecycle of company laptops to ensure all devices are compliant, tracked, and securely maintained.
4. Risk Assessments & Programs: Conduct risk assessments and mitigate data security and compliance risks. Assist in the Development of the Risk programs centered on Vulnerabilities, Enterprise, Vendors, and other areas to proactively address potential threats
5. Represent Kodex: Represent Kodex as the primary point of contact for all compliance-related matters with clients, partners, and regulatory bodies.
6. Ensure employees are trained and educated on compliance and security best practices to maintain a strong security culture within the organization. Lead the development and enforcement of internal compliance policies, frameworks, and best practices aligned with industry standards.
7. Stay updated on cybersecurity trends and threats to ensure effective training and awareness programs for employees
8. Monitor and respond to evolving regulatory landscapes affecting law enforcement data requests, data privacy, and cross-border data governance.

What you bring:

1. 5+ years of experience in compliance, risk management, or IT governance, ideally within a SaaS, security, or privacy-focused environment.
2. Deep knowledge of regulatory frameworks such as GDPR, CCPA, ISO 27001, SOC 2, and experience supporting audits and due diligence processes.
3. Experience completing vendor security assessments with engineering-focused questions and infrastructure-level questions
4. Hands-on experience managing IT systems, employee device provisioning, and endpoint security tools (e.g. MDM, SSO, endpoint protection).
5. Strong understanding of operational risk and compliance in a B2B tech context, or a banking, fintech or credit context
6. Ability to design and implement scalable internal controls, policies, and procedures with clarity and simplicity.
7. Excellent communication and collaboration skills; comfortable working across legal, engineering, and customer-facing teams.
8. A thoughtful, pragmatic approach to balancing risk mitigation with operational efficiency.
9. Ideal/optional - Used Vanta previously for compliance management

What you get:

1. A fast-paced and collaborative environment
2. Remote-first company

For Full Time positions only:

1. Competitive compensation and equity options
2. Flexible PTO, public holidays
3. Comprehensive health, dental and vision plans

Equal Employment Opportunities At The Company