Compliance Program Manager

About Us

OpenFX is on a mission to move money as freely as data, unrestricted by time zones, banking hours, or legacy systems. We are building the infrastructure that will power the next generation of cross-border payment systems for institutions. The teams execution has been exceptional, and were scaling at a remarkable pace. Our stellar early team comes with experience in companies like J.P. Morgan, Goldman Sachs, FalconX, Paypal, Affirm, Polygon, Kraken, Nium & others. Were backed by Accel, Faction, NfX, Accomplice, and other top-tier investors.

Role Overview

OpenFX is expanding globally in a heavily regulated financial environment. As we scale into new regions, regulators, auditors, and enterprise partners expect provable, continuously operating security controls. We need someone who can turn regulatory requirements into real, running controls—and then prove to auditors that they work. You will own the security controls and evidence that regulators and auditors care about, end to end, ensuring compliance is built into the platform rather than bolted on after the fact.

Key Responsibilities

• Design, implement, and maintain technical and operational controls for SOC 2, ISO 27001, GDPR, DORA, and future regional requirements
• Ensure controls are not just documented, but actually enforced in AWS, Kubernetes, and application layers
• Translate regulatory language into concrete security mechanisms in partnership with Legal and Compliance
• Own audit preparation, evidence collection, walkthroughs, and remediation tracking
• Build repeatable, automated evidence pipelines instead of last-minute scrambles
• Work with engineering to design systems that are secure by default and defensible to regulators
• Ensure logging, access controls, encryption, monitoring, and change management meet regulatory expectations
• Build tooling and scripts to continuously validate controls (access reviews, logging coverage, config drift)
• Reduce manual compliance work over time by pushing checks into code and infrastructure
• Monitor new regulations and assess technical impact across the platform
  
  

Required

What Were Looking For

• 6+ years in security engineering, cloud security, or compliance-focused security roles
• Hands-on experience supporting SOC 2, ISO 27001, GDPR, DORA, or similar regulatory frameworks
• Ability to translate regulatory requirements into technical controls
• Strong working knowledge of AWS security fundamentals (IAM, logging, encryption, networking)
• Comfortable owning auditor interactions and explaining systems clearly
• Experience building or automating security/compliance processes (Python, Bash, Go, etc.)
  
  

Preferred

• Experience securing Kubernetes environments
• Familiarity with AppSec tooling (SAST/DAST, manual testing)
• Experience with AWS security services (GuardDuty, Config, Security Hub)
• Prior work in fintech, payments, or regulated infrastructure
• Security or compliance certifications (CISSP, CISA, ISO 27001 Lead Implementer, AWS Security)
  
  

What We Offer

• Competitive salary and benefits package.
• Equity in a rapidly growing company.
• Opportunity to work in a fast-paced startup at the forefront of fintech innovation.
• Opportunity to make a significant impact on global financial infrastructure.
• Collaborative work culture with emphasis on personal and professional growth.
  
  

We are committed to building a diverse and inclusive workplace. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

---