Role Description This role will focus on regulatory matters related to payments, fintech, and financial services across multiple jurisdictions. You will work closely with Product, Risk, Compliance, and other business teams to enable compliant product development and well-coordinated international expansion. The ideal candidate will be comfortable operating in a fast-paced, global SaaS enterprise supported by partners in highly-regulated environments. Key Responsibilities - Provide practical legal guidance on the design, development, launch and ongoing support of payment-related products and features that do not fall within the scope of financial services regulations. - Advise on regulatory frameworks applicable to payments, fintech, and financial services. - Monitor and interpret evolving regulatory developments in the UK, EU, U.S., and other geographies with the assistance of outside counsel, and assess their impact on business operations and product strategy. - Support the development, implementation, and oversight of policies and governance frameworks governing payment processing activities, working closely with compliance, risk, and product teams to ensure regulatory alignment. - Support market entry and product expansion in new jurisdictions with regulatory analysis. - Collaborate with compliance, risk, product, and engineering teams to embed regulatory guardrails and requirements into workflows and product design. - Engage with external counsel, regulators, and industry bodies as needed. - Draft, review, and negotiate agreements with vendors and customers, and internal policies related to payments, financial services, and regulatory compliance. Requirements While the job description describes what is anticipated as the requirements of the position, the job requirements are subject to change based upon any changing needs and requirements of the business. Company Description Tungsten Automation is a U.S.-headquartered technology company with subsidiaries and customers around the world. Our core product is a leading SaaS workflow automation platform used by organizations to streamline complex business processes. As part of our continued growth, we are expanding our product portfolio to include innovative payment services functionality, creating new opportunities and regulatory challenges across global markets.

Role Description Jeppesen ForeFlight is seeking a Governance, Risk, and Compliance (GRC) Specialist to drive the operational execution of our risk and control program. This is a multifaceted role performing a host of compliance duties across our software business. The GRC Specialist will work across a variety of national and international frameworks, including NIST 800-53, ISO 27001, and others, ensuring Jeppesen ForeFlight meets and exceeds the security controls supporting these frameworks. The role will analyze security controls across our framework set, assess current state versus required state, identify deficiencies, plan and track corrective actions, and conduct internal reviews of both process and technical control implementation. We have a defined risk and control methodology in place; this role exists to close the gap between methodology and consistent day-to-day execution at scale, while translating control requirements across frameworks into a unified control model that reduces duplication and improves traceability. We’re hiring this role with a GRC engineering mindset. We want someone who treats compliance as an engineering problem, automating evidence collection, instrumenting controls to produce continuous signals, and partnering with engineering and security to make compliance a byproduct of how we already operate, not a separate manual track. This role works across the organization and is expected to communicate effectively with leadership, operations, security, and engineering. 100% remote, US-based. Limited travel may be required to support audit and compliance efforts; not estimated to exceed 10% of the employee’s time. Key Responsibilities - Drive day-to-day execution of the risk lifecycle (intake, assessment, control validation, remediation, tracking) and oversee the ISMS, including the risk register, Statement of Applicability (SoA), and corrective actions. - Lead audit cycles end-to-end across multiple frameworks (NIST 800-53, ISO 27001, CMMC, SOC 2, etc.), scoping, evidence collection, and control testing. - Translate control requirements across frameworks into a unified control model with crosswalks so a single piece of evidence satisfies multiple obligations; identify and remediate deficiencies between control expectations and current implementation. - Administer and extend our compliance automation platform, improving control mapping, evidence workflows, and integrations with cloud infrastructure, identity systems, ticketing, and CI/CD pipelines; translate written policies into enforceable, testable controls to move us toward continuous compliance. - Define, write, and maintain corporate security policies, standards, procedures, and baselines. - Assist with the vendor security risk program, due diligence, technical reviews, and ongoing monitoring. - Communicate effectively from C-Level executives to operations and engineering; demonstrate willingness to speak truth on security compliance and express deficiencies clearly when they exist. - Produce executive reporting on compliance metrics, audit readiness, and risk trends. Qualifications - Bachelor’s degree or equivalent experience in a technical field (e.g., military experience qualifies). - 5+ years in GRC, risk management, IT audit, or security compliance, with hands-on operational ownership of a control program. - Demonstrated experience applying NIST 800-53 or equivalent DoD cybersecurity controls (STIGs, RMF, etc.), including control selection, tailoring, assessment, and evidence generation. - Working knowledge of additional frameworks (ISO 27001, SOC 2, NIS2, COBIT, or similar) and experience harmonizing them into a unified control set. - Hands-on experience administering a GRC or compliance automation platform, including configuring workflows and building integrations. - Comfort with scripting or API integrations for evidence automation, control monitoring, and reporting. - Familiarity with cloud environments (AWS, GCP, or Azure) and how IAM, logging, and configuration management map to compliance requirements. - Experience with vulnerability management, patch management, or system hardening. - Strong written communication, able to translate control language for engineers and engineering language for auditors. - Demonstrated bias toward automation and repeatable systems over manual, periodic effort. - Problem solver with a desire to see problems as challenges to be resolved. Preferred Qualifications - Military or federal background (military cybersecurity, DoD compliance, or government) cloud environments. - Ability to learn / support workloads at DoD Impact Level 5 (IL5) or Impact Level 6 (IL6). - Experience supporting a CMMC certification, FedRAMP authorization, or RMF accreditation package. - Compliance-as-code or policy-as-code experience (OPA, Terraform Sentinel, AWS Config rules, OSCAL). - CI/CD-integrated control testing or automated evidence pipelines. - Security or compliance certification such as CISM, CRISC, CCSP, or ISO27001. - Experience working with Change Control Boards (CCBs) or other oversight groups. - Experience with regulations such as FISMA, ITAR, HIPAA, or GDPR. - Background in technical roles such as security operations, boundary defense, vulnerability management, or systems administration. Benefits - Medical, dental, vision insurance with Employer paid health premiums. - Open PTO Policy. - 401(k) with up to 10% company matching and immediate vesting. - 12 Weeks Paid Maternity Leave. - 4 Weeks Paid Paternity Leave. - Flight Training Rewards.

Role Description This is a remote role that may be hired in several markets across the United States. The Senior Compliance Officer will serve as a senior individual contributor responsible for the design, execution and continuous enhancement of the firm’s Compliance testing program, including supervisory control testing under FINRA Rule 3120. This role will also lead the firm’s testing and retrospective review requirements under Department of Labor Prohibited Transaction Exemption 2020-02. This position requires a high degree of independence, technical expertise, and critical thinking to assess the effectiveness of supervisory controls, identify risks and control gaps, and produce well-supported, defensible regulatory reports (e.g., FINRA Rule 3130, SEC Rule 206(4)7 Annual Review, and the DOL Retrospective Review). The ideal candidate is a strong individual producer with deep rule-based compliance knowledge and the ability to translate regulatory expectations into structured, risk-based testing and reporting frameworks. Responsibilities - Compliance Testing (FINRA Rule 3130/3120, SEC 206(4)7, and DOL PTE 2020-02) - Independently design and execute risk-based compliance testing across Broker-Dealer and RIA activities, including supervisory control testing and fiduciary/Best Interest obligations. - Perform testing across key risk areas (e.g., communications, trading, suitability, disclosures, conflicts) and assess control effectiveness. - Identify, document, and assess control gaps, including root cause and risk severity. - Validate remediation efforts and perform follow-up testing as appropriate. - Regulatory Reporting & Publication - Lead the drafting, coordination, and production of key regulatory reports, including: - FINRA Rule 3130 Annual Certification Report - SEC 206(4)7 Annual Compliance Review - DOL PTE 2020-02 Retrospective Review - Produce clear, comprehensive, and defensible reporting supported by testing results and issue tracking. - Partner with senior leadership to refine, finalize, and present reporting deliverables. - Testing Program Governance & Enhancement - Establish and maintain testing methodologies, standards, and documentation protocols. - Enhance testing coverage, efficiency, and scalability through continuous improvement. - Incorporate regulatory developments, emerging risks, and business changes into testing plans. - Drive consistency and rigor across testing activities. - Regulatory Cross-Functional Engagement - Serve as a subject matter expert on testing and regulatory reporting requirements. - Support regulatory exams, inquiries and internal audits. - Partner closely with Supervision, other Compliance managers, Legal, and other key stakeholders. Qualifications - Bachelor's Degree and 8 years of experience in Compliance, Legal, Audit, Banking or other related experience OR High School Diploma or GED and 12 years of experience in Compliance, Legal, Audit, Banking or other related experience. - FINRA Series 7, 24, and 63/65 or 66 licenses required (or obtained shortly after hire). - Strong working knowledge of FINRA rules, SEC regulations, and Investment Advisers Act of 1940 as well as DOL PTE 2020-02. - Demonstrated ability to independently design and execute risk-based testing programs. - Experience drafting or leading regulatory reporting and certifications. - Strong analytical, documentation and critical thinking skills. - Ability to communicate complex compliance matters clearly. Preferred Qualifications - Prior experience managing dual-registrant compliance risk at a Large Financial Institution. - Active Life and Health Insurance License. - Strong investigative, analytical, and documentation skills. - Ability to work independently and manage shifting priorities in a fast-paced environment. Benefits Benefits are an integral part of total rewards and First Citizens Bank is committed to providing a competitive, thoughtfully designed and quality benefits program to meet the needs of our associates. More information can be found at https://jobs.firstcitizens.com/benefits .

• Perform comprehensive post-entry audits on filed import entries to ensure full IEEPA compliance. • Conduct complete entry validation. • Confirm IEEPA duty calculation and payment accuracy at entry summary level. • Prepare and submit Post Summary Corrections (PSC) and protests via CAPE based on audit findings. • Maintain a centralized tariff recovery tracker. • Reconcile filed duties, corrected duties, and recovered amounts. • Maintain complete audit files.