# Regulatory & Security Compliance Manager

**Company:** [Rain](https://hotfix.jobs/companies/rain)
**Location:** New York, NY
**Role:** Security Engineering
**Experience:** 3+ years
**Skills:** SOC 2, Soc 1, GDPR, PCI, Dora, GRC, Vanta, ISO 27001, Kyb, Kyc, AML
**Posted:** 2026-01-15

> Leads compliance programs for fintech regulations like SOC 2, GDPR, PCI, and DORA. Manages audits, policies, risk remediation, and cross-team adherence with 3+ years experience in regulated industries.

## Job Description

## Responsibilities
- Own Rain’s compliance program across DORA, SOC 2, SOC 1, GDPR, and PCI, ensuring we meet and exceed regulatory and audit requirements
- Lead all compliance audits and certifications end-to-end — including renewals, observation periods, and new certifications
- Maintain and evolve Rain’s policies, keeping them up-to-date, consistent across entities, and aligned with regulatory expectations
- Ensure operational adherence by partnering with engineering, security, legal, and operations
- Build a proactive compliance culture, helping the team understand obligations and embedding compliance into day-to-day decision making
- Identify gaps and risks early, then drive remediation plans to keep Rain audit-ready at all times
- Assist the team in other compliance-related activities, including actionalize and refine KYB, KYC, and AML processes and procedures based on best practices informed by operational data

## Requirements
- 3–7+ years of compliance, GRC, or security assurance experience, ideally in fintech, payments, SaaS, or other regulated industries
- Deep familiarity with **SOC 2**, **SOC 1**, **GDPR**, **PCI**, and other compliance frameworks, with a proven track record of leading successful audits
- Excellent program management skills — you can coordinate across teams, manage timelines, and keep multiple compliance workstreams moving
- Strong attention to detail with the ability to turn complex requirements into clear, actionable tasks
- Strong communication and influence skills, able to work with everyone from engineers to executives to external auditors

## Nice to Have
- Experience in card issuing, stablecoins, payments, or cross-border fintech products
- Familiarity with **ISO 27001**, **DORA**, or other emerging global regulations
- Experience with tools like **Vanta**

## Benefits
- Unlimited time off (minimum 10 days required)
- Flexible working (remote or office)
- Comprehensive health, dental, vision plans
- 401(k) with 4% company match
- Equity plan
- Health and wellness spending
- Team summits

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/c272f7d9-bfea-43f5-849f-355c622fa672
**Canonical:** https://hotfix.jobs/jobs/c272f7d9-bfea-43f5-849f-355c622fa672