Global Director, Risk & Compliance

About the role

We are looking for a Director, Global Risk & Compliance to establish and lead the firm's first centralized risk management and compliance function. This role will build the enterprise risk framework, develop and implement global policies (AI governance, data privacy, vendor risk management, ESG compliance), manage the corporate insurance program, and coordinate compliance execution across all regions. This role will serve as the client-facing risk leader, engaging directly with enterprise clients on compliance questionnaires, security assessments, and risk governance. The role partners closely with the VP of IT and Sr. Security Engineer to ensure the enterprise risk framework reflects both business and technology dimensions. This is a governance and framework role, not a technical security engineering role. The Director defines risk policy and requirements ("what" and "why"); the Sr. Security Engineer implements at the infrastructure level ("how"). The two roles operate as complements with a clear boundary. Core Responsibilities Risk Management & Oversight Partner with executive leadership to define Blend360's risk appetite and tolerance thresholds; translate those into a practical risk management framework with clear escalation protocols across all the global enterprise. Create and maintain a master risk register that tracks business, operational, regulatory, and technology risks; record who owns each risk, its likelihood and potential impact, and how we'll address it Run annual risk reviews across all regions and business units; use the external Global Risk Assessment (expected Q3 2026) to benchmark our findings Design incident response procedures and lead after-incident reviews to track fixes to completion Brief senior leadership quarterly on our risk position, new threats, and progress on mitigation efforts AI Governance & Technology Risk Create and maintain policies for how Blend360 uses AI, manages data, handles information security, and maintains business continuity Partner with the AI Steering Committee to ensure AI is used responsibly both for client work and internal operations Set standards for building and using AI models: establish rules around data quality, model performance, bias detection, and responsible use; translate regulatory requirements (EU AI Act, NIST AI RMF) into Blend360 standards Work with the VP of IT and Sr. Security Engineer to assess risks in our technology infrastructure (AWS, Snowflake, client systems); document findings in the risk register and present to leadership Track data safety across the company, from how it's collected and processed to how it's shared and moved across borders (for both client and internal data) Review client projects for risks related to cloud, data, and AI components; provide risk-based recommendations to support legal review and deal decisions Vendor & Third-Party Risk Management Establish standards for evaluating vendor and partner risks; assess key technology providers (AWS, Snowflake), subcontractors, regional partners and any data processors Set rules for how we safely integrate with and share data with vendors Review the technical side of partnerships, acquisitions, and client solutions working with the VP of IT Review all policies at least annually and maintain an update process when policies change Insurance & Compliance Program Manage Blend360's global insurance programs: professional liability, cyber, directors & officers, general liability, and any client-specific coverage Manage broker relationships and lead annual insurance renewals Lead SOC 2 compliance: own the audit relationship, framework, and track remediation; work with the Sr. Security Engineer on technical requirements Oversee ESG compliance, including Mastercard requirements and sustainability reporting (SBTi, CDP) Track regulatory changes across North America, Europe, and Latin America that affect Blend360 (GDPR, EU AI Act, data privacy laws, employment law) Cross-Regional Coordination Coordinate compliance across regions with legal leads: North America, Latin America, and EMEA Work with VP Ops in Uruguay and India on compliance, employment law, and data protection at each office Fill the EMEA compliance gap until dedicated legal resources are in place; own EMEA policies in the meantime Partner with legal lead on Latin American regulatory issues; work with Legal & Compliance Analyst for on-the-ground support Run quarterly compliance reviews with each region; track fixes and report status to the SVP Finance Client-Facing Risk & Compliance Represent Blend360 on risk and compliance matters with enterprise clients; engage directly with their security, procurement, and compliance teams Handle client compliance questionnaires (security, privacy, ESG, AI governance) in partnership with IT, Security, and delivery teams Create standard checklists for reviewing client contracts and define when to escalate Support high-risk contract reviews; assess insurance, liability, indemnificatio

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Blend360? Share your experience