• Structure and ensure the quality of regulatory reports such as DLO and DLI, and internal presentations, with a focus on regulatory capital. • Develop, update, and document internal policies related to Basel capital requirements. • Lead the preparation and maintenance of Pillar 3 reports in accordance with Central Bank requirements. • Collaborate with technical teams to automate processes and optimize report generation. • Support initiatives for compliance with new Central Bank (BACEN) regulations, acting with urgency and precision.

• Serve as a day-to-day partner of the compliance team. • Maintain the Compliance Manual, BCP, and overall policies for the firm. • Execute and document ongoing compliance testing, including fee billing audits. • Contribute to the annual Rule 206(4)-7 review process. • Review financial planning engagements and compliance of fee-for-service arrangements. • Participate in onboarding new advisors, including filings and training. • Deliver training materials and guidance to advisors and staff. • Edit, recommend, and amend compliance policies as needed. • Monitor TAMP operations and document vendor reviews. • Support Form ADV preparation and assist with regulatory filings. • Serve as a compliance resource for advisor questions. • Administer personal trading monitoring and employee certifications. • Help ensure the firm’s audit-readiness prior to examinations. • Review marketing materials for compliance with Rule 206(4)-1.

Role Description We’re looking for a Compliance Officer to own Dispel’s FedRAMP authorization and steward our broader portfolio of compliance certifications. You’ll be the primary interface with our agency sponsor and internal engineering teams—translating complex federal requirements into actionable work while maintaining rigorous evidence collection and documentation practices. This role is critical to unlocking the federal market and sustaining customer trust across regulated industries. You’ll have the opportunity to shape the program from the ground up at a pivotal moment of growth. FedRAMP Authorization (Primary Focus) - Own the FedRAMP authorization lifecycle from SSP development through continuous monitoring. - Serve as primary liaison with our agency sponsor and their FedRAMP AODR. - Coordinate with our 3PAO on assessment readiness, evidence collection, and remediation tracking. - Manage SSP, SAR, POA&M, and all FedRAMP deliverables in OSCAL formats. - Track control implementation across all FedRAMP controls and maintain the Control Responsibility Matrix (CRM). - Prepare for annual assessments and significant change requests; monitor PMO guidance and Rev 5 requirements, adapting documentation accordingly. Continuous Monitoring & POA&M (FedRAMP) - Manage POA&M items end-to-end through remediation. - Coordinate monthly ConMon deliverables and vulnerability scanning cadence. - Track deviation requests and risk acceptances with agency authorizing officials. - Ensure timely submission of significant change requests and security impact analyses. Multi-Framework Compliance - Coordinate SOC 2 Type II audits and evidence collection via Drata. - Support ISO 27001, ISO 9001, and IEC 62443 certification efforts. - Manage CMMC Level 2 compliance for DoD contract support. - Map controls across frameworks to reduce duplication and streamline evidence collection. - Maintain the compliance calendar and a continuous audit-ready posture. OSCAL & Compliance Automation - Lead adoption of OSCAL (Open Security Controls Assessment Language) for machine-readable compliance. - Implement component-based documentation for reusable control narratives. - Partner with engineering on internal OSCAL tooling and evidence-collection workflows. - Define requirements for continuous-compliance automation. Policy, Stakeholders & Security Program - Maintain security policies aligned with NIST 800-53 Rev 5; keep corporate and FedRAMP boundary documentation consistent. - Develop and exercise Contingency Plan (ISCP), DRP, and BCP with annual testing. - Prepare compliance briefings for leadership and the board; interface with federal agency stakeholders. - Support customer security questionnaires and due diligence requests. - Partner with the SOC team on audit-log retention, incident response documentation, and playbook alignment. Qualifications - 5–8 years in cybersecurity compliance, GRC, or information security. - Direct experience with the FedRAMP authorization process (Moderate or High). - Strong working knowledge of NIST 800-53 Rev 5 and FedRAMP requirements. - Hands-on experience with SSP development, POA&M management, and 3PAO coordination. - Familiarity with compliance platforms (Drata, Vanta, Archer, or similar). - Cloud security compliance experience (AWS required). - Excellent technical writing, project management, and stakeholder communication skills. - Ability to translate technical controls into business-understandable terms. Requirements - FedRAMP authorization experience specifically. - Background with federal civilian agencies (Department of State, DHS, etc). - Knowledge of IEC 62443 and OT/ICS security standards. - CMMC and DoD compliance experience. - Hands-on OSCAL experience (catalogs, profiles, component definitions, SSP models). - AWS GovCloud compliance experience. - Working knowledge of SOC 2, ISO 27001, and ISO 9001 frameworks. - Prior startup or high-growth company experience. Certifications (Preferred, Not Required) - CISA, CISM, or CISSP. - FedRAMP 3PAO experience. - ISO 27001 Lead Auditor or Lead Implementer. - AWS Certified Security – Specialty. - CompTIA Security+ or equivalent. Eligibility - Must be a U.S. citizen. - Ability to obtain and maintain a security clearance preferred. - Public Trust or higher clearance is a plus for agency interactions. Benefits - 122-151K base + equity and performance bonus eligible. - Full medical, vision, and dental insurance. - Generous PTO. - Remote-first culture with flexible hours. - Opportunity to protect critical infrastructure at scale. - Work with patented, cutting-edge security technology. - Direct ownership of SOC maturation. - Collaborative team with military, federal, and private sector expertise. Security Clearance - Due to federal customer and FedRAMP requirements, this role requires US Person status (citizen or permanent resident) under ITAR/EAR regulations. - Ability to obtain and maintain a security clearance preferred. Dispel is an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, veteran status, or any other protected characteristic. We are committed to building a diverse team and encourage applicants from all backgrounds to apply.

• The Compliance Specialist position involves being a liaison between various internal departments and stakeholders for compliance considerations in projects and business initiatives. • The role includes identifying risks and implementing controls to mitigate them, managing and maintaining written clinical communications, ensuring adherence to compliance, regulatory, and accreditation standards, leading cross-department communication process change initiatives, and creating and maintaining a mental health parity information repository and task delivery tracking system. • Compliance Program Oversight & Risk Management: Lead the annual compliance workplan, auditing and monitoring activities to ensure continuous alignment with regulatory, accreditation, and policy requirements. • Regulatory Execution & Business Integration: Represent compliance in business initiatives and new account implementations, ensuring adherence to UM standards, regulatory requirements, accreditation standards, and customer‑specific needs. • Stakeholder, Vendor & Systems Collaboration: Maintain SME‑level expertise in written communications systems, oversee vendors and delegate audits, and manage IT change requests and prioritization.