Role Description The Risk & Compliance Specialist is responsible for supporting the organization's compliance framework with a focus on contracts, licenses, and state and federal regulatory requirements. This role ensures the company operates in alignment with applicable laws, contractual obligations, and internal policies, while proactively identifying and mitigating risk across the business. The ideal candidate is detail-oriented, highly organized, and comfortable working cross-functionally with Legal, HR, Finance, Operations, and external advisors. Key Responsibilities - Workers' Compensation - Analyzing and assessing potential risks related to workers' compensation claims - Identify trends, evaluate loss exposure and develop strategies to mitigate risks - Ensure compliance with workers' compensation regulations - Collaborate with cross-functional teams, reviewing and analyzing workers' compensation policies, and providing guidance on safety programs and initiatives - Contracts & Obligations - Review, track, and manage contractual compliance obligations, including key terms, renewals, and regulatory requirements tied to agreements - Partner with Legal and business stakeholders to ensure contracts align with company policies and risk tolerance - Maintain centralized contract and compliance documentation and reporting - Licensing & Regulatory Compliance - Manage and monitor required state and federal licenses, registrations, and filings, ensuring timely renewals and accuracy - Track regulatory requirements across jurisdictions in which the company operates - Coordinate with external counsel or regulatory agencies as needed - Risk Management - Identify compliance risks related to contracts, licensing, and regulatory obligations - Support internal risk assessments, audits, and compliance reviews - Assist in developing and maintaining controls to mitigate identified risks - Policy & Compliance Support - Support the development, maintenance, and communication of internal compliance policies and procedures - Monitor regulatory changes and assess potential impact to the business - Help ensure policies are aligned with applicable laws and contractual commitments - Reporting & Documentation - Maintain compliance calendars, logs, and evidence for audits or due diligence - Prepare compliance reports for leadership, Legal, or external stakeholders - Support responses to regulatory inquiries, audits, or diligence requests Qualifications - Required: - Bachelor's degree in Business, Legal Studies, Risk Management, Compliance, or a related field - 3-6 years of experience in compliance, risk management, contracts administration, or regulatory support - Working knowledge of state and federal regulatory frameworks relevant to corporate operations - Strong attention to detail and ability to manage multiple deadlines - Excellent written and verbal communication skills - Excellent time management skills specifically with response time - Preferred: - Experience working closely with Legal, HR, or Finance teams - Familiarity with regulated industries (e.g., healthcare, financial services, education, multi-state operations) - Experience supporting audits, due diligence, or regulatory examinations - Knowledge of contract lifecycle management (CLM) or compliance tracking systems Requirements - Seldom: Stationary Position -- Sitting or Standing - Occasionally: Active Position -- Walking, jogging, running - Frequently: Use of hands/fingers -- Operate, Use, Inspect, Place, Detect, Position, Prepare, activate - Frequently: Climb/Balance -- Stairs, ladders, ropes, equipment, beams - Frequently: Stoop/kneel/crouch or crawl -- Position self, move - Frequently: Talk/hear -- communicate, detect, converse with, discern, convey, express oneself, exchange information - Frequently: See -- Detect, determine, perceive, identify, recognize, judge, observe, inspect, estimate, assess - Frequently: Carry weight, lift -- Move, transport, position, put, install, remove -- 50 lbs or less - Occasionally: Carry weight, lift -- Move, transport, position, put, install, remove -- 50 lbs or more - Occasionally: Exposure to -- Exposed, work around, chemicals, odors, smells, noise, indoors or outdoors, heat, cool. Company Description Arch Amenities Group is the leading provider of amenity management, consulting, and wellness services for commercial real estate, residential communities, and hospitality properties. Formed through the strategic acquisition of top hospitality and wellness-led providers, Arch brings together decades of experience and forward-thinking innovation to deliver unmatched lifestyle and hospitality experiences. We partner with owners, operators, and developers to transform spas, fitness centers, meeting and event spaces, pools, clubs, and residential amenities into vibrant destinations that foster connection, wellness, and belonging. Our mission is to create spaces where people thrive. With a North American footprint, a diverse client portfolio, and a highly trained service team, we help properties unlock the full potential of their amenity spaces by improving satisfaction, increasing retention, and driving ROI through thoughtful programming, operational excellence, and seamless service. The Arch in our name reflects the connections we build between people and spaces, guests and experiences, and teams and technology. Everything we do is designed to create lasting value and measurable impact. If you're looking to grow with an organization that leads in hospitality, wellness, and lifestyle services, Arch is a place to do what you love and build a career with purpose. Join the team shaping the future of the amenity experience.

Role Description - Verificar el cumplimiento de la regulación aplicable al SPEI - Interpretar la regulación aplicable a SPIN - Apoyar a las distintas áreas para el asegurar el cumplimiento a la regulación - Comunicar a las distintas áreas de SPIN los cambios en la regulación - Elaborar las matrices de cumplimiento - Coordinar con las distintas áreas de SPIN la información a ser entregada a la Autoridad - Revisar los manuales de procedimientos y políticas Qualifications - Experiencia en atención a Autoridades, atención de oficio y desahogo de requerimientos. - Conocimiento de la regulación aplicable a los Sistemas de Pagos, en específico la normativa aplicable al SPEI. - Constante actualización en la regulación para poder apoyar al resto de las áreas de SPIN. Requirements - Elaborar el informe anual (julio), dirigido al Director General de Spin by OXXO, que contenga los hallazgos y, en su caso, irregularidades e incumplimientos a las normas internas del SPEI identificados en el periodo de junio del año anterior a junio del año en curso, así como a la demás normativa aplicable al SPEI, las acciones adoptadas para corregirlos y el grado de avance y eficiencia de tales acciones. - Elaborar un informe por escrito cuando detecte cualquier irregularidad o incumplimiento a las normas internas del SPEI, a más tardar el Día Hábil Bancario siguiente a aquel en que se detecte dicha irregularidad o incumplimiento. - Trabajar en conjunto con el área de Continuidad para que sean notificadas las contingencias conforme lo establece la regulación del SPEI. - Monitorear los cambios en la regulación aplicable a SPIN en materia del SPEI, con la finalidad de dar a conocer a las distintas áreas de SPIN nueva/cambios/derogación de la regulación y se evalúen los impactos. - Supervisar el adecuado cumplimiento de la regulación aplicable, mediante la elaboración y ejecución de matrices de cumplimiento, con la finalidad de identificar posibles incumplimientos, comunicarlos a la Administración y dar seguimiento al plan de remediación. - Asegurar que los manuales de procedimientos y políticas cumplan con la regulación aplicable al SPEI, mediante la revisión de estos, con la finalidad de evitar incumplimientos u observaciones por parte de las Autoridades. - Coordinar la respuesta y seguimiento a los oficios de cualquier procedimiento administrativo referentes al SPEI, incluyendo (i) Visitas de inspección, Observaciones y Medidas Correctivas; (ii) Sanciones Administrativa y; (iii) Recursos de Revisión. - Elaborar las distintas comunicaciones y/o notificaciones solicitadas por la regulación de Banxico referentes al SPEI que deban ser firmadas por el Responsable de Cumplimiento Normativo del SPEI. - Coordinar con las distintas áreas que deban proporcionar los insumos para las referidas comunicaciones y/o notificaciones, que la información proporcionada o actividades ejecutadas cumplan con los requisitos y/o características solicitadas por la normativa aplicable al SPEI. Benefits - En Spin estamos comprometidos con construir un lugar de trabajo diverso e inclusivo. - Creemos en la igualdad de oportunidades y promovemos un entorno libre de discriminación por motivos de raza, origen nacional, género, identidad de género, orientación sexual, discapacidad, edad o cualquier otra condición legalmente protegida.

Role Description The GRC Manager will operate at the intersection of Legal, IT, Security, and Business Operations, serving as a central point of coordination for governance, risk, and compliance initiatives across the organization. The Governance, Risk & Compliance Manager will work closely with Corporate Counsel to align compliance strategy with regulatory obligations and legal risk considerations. The GRC Manager partners heavily with IT and Information Security teams to translate technical controls and security frameworks into business-aligned processes and documentation. Collaboration with Product and Engineering may be required to ensure that data handling, system controls, and security practices align with compliance requirements. In addition, the position supports client-facing teams including Sales, Account Management, and Customer Success by: - Responding to due diligence requests, security questionnaires, and audit inquiries. - Helping to build trust with lender clients and external stakeholders. The role will also coordinate with Operations and Data functions to support data quality auditing and integrity initiatives. Externally, the GRC Manager will interact with third-party auditors, vendors, and client stakeholders to support audits, vendor risk management, and compliance assurance activities. The GRC Manager will mature and scale the company’s GRC capabilities during a period of growth, offering the opportunity to: - Build structure, drive process improvements, and enhance the company’s compliance posture in a highly regulated environment. - Establish and maintain audit readiness (including SOC 2 Type II). - Strengthen vendor risk management practices. - Improve the efficiency and quality of client-facing due diligence responses. - Translate evolving regulatory and security requirements into actionable, business-aligned controls. This is a highly cross-functional and visible role with the opportunity to influence how compliance, risk, and security practices are operationalized across the organization. The ideal candidate will bring both strategic thinking and hands-on execution, helping F&I Sentinel continue to build credibility with financial institution partners while supporting scalable, sustainable growth. Specifically, the GRC Manager will have responsibility in: - Audit & Certification - Drive SOC 2 Type II audit readiness end-to-end: evidence collection, auditor coordination, and remediation tracking. - Execute internal audit procedures across operations for accuracy, completeness, and compliance. - Document audit findings, develop corrective action plans, and track remediation to closure. - Maintain GRC documentation including control narratives, procedures, and supporting artifacts for continuous audit readiness. - Support BCP, DR, and IR programs, including tabletop exercises and plan testing. - Due Diligence & Security Questionnaire Management - Own and optimize the end-to-end Due Diligence Questionnaire (DDQ) response workflow. - Draft, review, and deliver responses to security questionnaires, Request For Proposals (RFP), and vendor assessments. - Partner with IT, infosec, operations, and leadership to serve as the liaison between technical teams and client-facing engagements. - Exercise sound judgment in determining how to frame sensitive topics and present the company’s security posture accurately. - Develop efficiencies through process improvements, implementation of automation and tools, and standardizing responses. - Vendor Risk Management - Manage and continuously improve the vendor risk program. - Maintain a current inventory of third-party providers with data access or critical dependencies. - Apply and refine risk tiering based on data sensitivity, business impact, and regulatory exposure. - Conduct periodic reviews of critical and high-risk vendors; track remediation of findings and ensure contractual compliance. - Maintain vendor risk documentation that supports audit readiness and DDQ responses. - Risk Management Support - Assist in maintaining the risk register; identify emerging risks and document mitigating controls. - Assist with risk assessments; operationalize mitigation strategies and validate controls. - Data Quality Auditing - Partner with the Data Analyst to define data quality audit criteria and compliance-focused reporting requirements. - Review data quality results for accuracy and completeness; identify and escalate data integrity issues. - Design data checks and guardrails that ensure operational data integrity across products. Qualifications - 3–6+ years of professional working experience. - Hands-on experience with SOC 2 audits, either managing or as a key contributor. - Working knowledge of security frameworks such as NIST CSF, ISO 27001, FTC Safeguards Rule, or similar. - Proven ability to draft and manage security questionnaire responses for enterprise clients. - Strong written communication skills. - Ability to operate independently, manage multiple workstreams, and escalate appropriately. - Comfort working in a fully remote environment with a distributed team. Requirements - Experience in fintech, insurtech, automotive finance, or another regulated industry (preferred). - Familiarity with F&I (Finance & Insurance) products or the automotive dealer ecosystem (preferred). - Exposure to vendor/third-party risk management programs (preferred). - Understanding of basic data privacy requirements (CCPA, state privacy laws) (preferred). - Experience with data quality analysis and reporting tools (preferred). - Bachelor's degree in Information Systems, Business, Accounting, Risk Management, or a related field; relevant certifications such as CISA, CRISC, or GRCP are a plus (preferred). Benefits - Opportunity to build and shape foundational GRC processes and programs. - High visibility role with direct impact on client trust, audit outcomes, and enterprise risk posture. - Exposure to a unique intersection of fintech, automotive finance, and regulatory compliance. - Collaborative, cross-functional environment with access to leadership and influence on strategic decisions. - Hybrid/remote culture offering flexibility and autonomy. - Competitive compensation and benefits, with opportunity for growth as the company scales. Company Description F&I Sentinel is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national origin, gender, sexual orientation, gender identity, age, physical or mental disability, genetic factors, military/veteran status, or other characteristics protected by law.

• Act as the first line of contact and engagement with relevant regulators to proactively manage and mitigate the potential impact of new regulations. • Drive and/or support the establishment of horizon scanning activities and early warning signals of upcoming changes in relevant regulations. • Support the Head of Regulator Affairs & Compliance and Regulatory Compliance Managers in matters related to Regulatory Affairs & Compliance strategy. • Understand relevant laws and regulations and monitor company compliance. • Support the Regulatory Compliance Managers in performing structured assessments of our regulatory compliance. • Support the implementation of a robust regulatory compliance governance framework, including training activities. • Develop marketing materials and training programs to ensure alignment with regulatory compliance guidelines. • Perform various general administrative duties in response to regulatory compliance queries. • Support the business in responding to queries related to compliance with legal obligations. • Be a business partner to local commercial teams to facilitate the go-to-market process.