Join our constellation

M13 and our portfolio of tech startups are building the future. Join us in this purposeful work.
companies
Jobs
Search 
jobs
Explore 
companies
Join talent network
Talent
My job alerts

Compliance Program Manager

Openfx

Openfx

Legal, Operations
Bengaluru, Karnataka, India · Remote
Posted on Feb 24, 2026

Job Description

The Problem

OpenFX is expanding globally in a heavily regulated financial environment. As we scale into new regions, regulators, auditors, and enterprise partners expect provable, continuously operating security controls - not slide decks or one-off audits.

Right now, compliance requirements (DORA, GDPR, SOC 2, ISO 27001, and region-specific regulations) are increasing faster than our ability to operationalize them in production systems. If we don’t solve this, we risk:

  • Slowing down market expansion
  • Failing audits or regulatory exams
  • Shipping security controls that look good on paper but don’t actually work

We need someone who can turn regulatory requirements into real, running controls - and then prove to auditors that they work.

This role has been created to support OpenFX as we continue expanding our institution-grade, regulator-facing infrastructure.

What You’ll Actually Do & Own (First 6–12 Months)

You will own the security controls and evidence that regulators and auditors care about, end to end.

Specifically, you will:

  1. Own audit-ready security controls
    • Design, implement, and maintain technical and operational controls for SOC 2, ISO 27001, GDPR, DORA, and future regional requirements
    • Ensure controls are not just documented, but actually enforced in AWS, Kubernetes, and application layers
  2. Be the technical counterpart to Legal, Compliance & Risk
    • Translate regulatory language into concrete security mechanisms
    • Partner with Legal/Compliance to monitor new regulations and assess technical impact
    • Decide what is “good enough” vs. over-engineered for compliance
  3. Run audits instead of reacting to them
    • Own audit preparation, evidence collection, walkthroughs, and remediation tracking
    • Build repeatable, automated evidence pipelines instead of last-minute scrambles
    • Be the person auditors trust when they ask, “Show me how this actually works”
  4. Embed compliance into the platform
    • Work with engineering to design systems that are secure by default and defensible to regulators
    • Ensure logging, access controls, encryption, monitoring, and change management meet regulatory expectations
  5. Automate compliance wherever possible
    • Build tooling/scripts to continuously validate controls (access reviews, logging coverage, config drift, etc.)
    • Reduce manual compliance work over time by pushing checks into code and infrastructure

What Success Looks Like

You’ll know you’re succeeding if:

  • SOC 2 / ISO 27001 audits complete with zero high-severity findings
  • Establish control ownership, governance cadence, and compliance roadmap as the company scales
  • GDPR and DORA compliance readiness, including regulator-facing engagement and response
  • Regulatory requests are answered with evidence, not explanations
  • New regional regulatory requirements are implemented without blocking launches
  • Audit prep time decreases quarter-over-quarter due to automation
  • Engineering teams ship features without creating compliance debt

If audits feel boring and predictable, you’re doing the job well.

Requirements

Required (Non-Negotiable)

  • 6+ years in security engineering, cloud security, or compliance-focused security roles
  • Hands-on experience supporting SOC 2, ISO 27001, GDPR, DORA, or similar regulatory frameworks
  • Ability to translate regulatory requirements into technical controls
  • Strong working knowledge of AWS security fundamentals (IAM, logging, encryption, networking)
  • Comfortable owning auditor interactions and explaining systems clearly
  • Experience building or automating security/compliance processes (Python, Bash, Go, etc.)

If you’ve never been accountable for an audit outcome, this role is not a fit.

Preferred (Nice to Have)

  • Experience securing Kubernetes environments
  • Familiarity with AppSec tooling (SAST/DAST, manual testing)
  • Experience with AWS security services (GuardDuty, Config, Security Hub)
  • Prior work in fintech, payments, or regulated infrastructure
  • Security or compliance certifications (CISSP, CISA, ISO 27001 Lead Implementer, AWS Security)

Why This Role

This is not a checkbox compliance role.

In this role, you will:

  • Shape how OpenFX proves trust to regulators, banks, and institutions
  • Decide how security controls are implemented - not just documented
  • See the immediate impact of your work on global expansion

You’ll learn how to build compliance that scales, not compliance that slows teams down - a skillset that’s rare and extremely valuable in fintech.

This Role Is Not For You If:

  • You prefer compliance as primarily coordinating between teams rather than owning control execution end-to-end
  • You approach audits by repeatedly pulling time and evidence from engineering instead of building scalable, audit-ready processes
  • You are not comfortable driving documentation, evidence automation, and regulator-facing accountability
  • You prefer compliance to remain a distributed responsibility rather than taking full ownership of outcomes
See more open positions at Openfx
Privacy policyCookie policy