• Assist in the execution of Array’s Compliance Management Program and related policies, procedures, and controls. • Conduct compliance reviews of marketing materials, consumer-facing content, disclosures, websites, customer journeys, and communications. • Support compliance reviews of new products, features, client use cases, and third-party relationships. • Perform compliance monitoring and testing activities to assess adherence to regulatory requirements and internal policies. • Assist with consumer complaint investigations, root cause analysis, trend reporting, and remediation efforts. • Support regulatory change management efforts by tracking and evaluating new laws, regulations, and supervisory guidance. • Partner with Product, Marketing, Client Success, Operations, Engineering, Legal, and Information Security teams to identify and mitigate compliance risks. • Assist with client due diligence reviews and ongoing oversight activities. • Maintain compliance documentation, risk assessments, issue logs, corrective action plans, and supporting evidence. • Prepare reports and presentations for management, committees, and internal stakeholders. • Support sponsor bank, credit bureau, and third-party compliance obligations as needed. • Research and analyze applicable laws and regulations including FCRA, FACTA, UDAAP, CAN-SPAM, GLBA, ECOA, Reg E, Reg Z, SCRA, and privacy requirements. • Help drive a culture of compliance by providing practical guidance and support to business partners. • Maintain a habit of using AI tools to think, build, and ship faster—it’s your default, not an afterthought.

• Prepare plan documents, amendments, resolutions, policies and procedures, SPDs and SMMs for the DC (Defined Contributions) team. • Prepare certain IRS/DOL filings and corrections. • Research and consulting support on regulatory/legislative and compliance items.

• Serve as the primary evidence coordinator for all PCI-DSS control domains across 2-3 assigned business unit scopes, managing artifact collection from IT, operations, HR, and business unit control owners. • Maintain a continuous, audit-ready evidence repository for each assigned scope - organizing artifacts by control requirement, testing frequency, and assessment cycle. • Develop and distribute standardized evidence request packages to control owners, providing clear instructions on format, retention period, and submission deadlines. • Validate evidence submissions for completeness, accuracy, and alignment to the specific PCI-DSS v4.0 requirement being satisfied before logging in the repository. • Track evidence gaps, follow up on outstanding submissions, and escalate persistent collection failures to the ISA for stakeholder intervention. • Maintain version control and change logs for all compliance artifacts to support QSA review and year-over-year comparison. • Execute the control monitoring calendar for each assigned scope, performing or coordinating scheduled PCI-DSS control tests at daily, weekly, monthly, quarterly, and annual frequencies as defined by the ISA. • Document control test results with supporting evidence, noting pass/fail status, observations, and any exceptions identified during testing. • Track and log control exceptions, working with the ISA to initiate issue tickets and assign remediation owners through established workflows. • Coordinate and document quarterly User Access Reviews (UARs) for cardholder data environment (CDE) systems, collecting attestations from system owners and flagging any orphaned or excess access for remediation. • Support Monthly vulnerability scan cycles by coordinating scan scheduling with IT teams, collecting results, and ensuring risk ratings and remediation tickets are opened within required timeframes. • Maintain the control monitoring log and provide a monthly status summary to the ISA for KPI reporting and dashboard updates. • Support the ISA in executing the annual PCI-DSS recertification process for all assigned scopes - managing logistics, scheduling, evidence packaging, and communication with internal stakeholders throughout the assessment window. • Prepare and maintain structured evidence binders and audit response packages for each control domain, ensuring all artifacts are labeled, indexed, and traceable to specific PCI-DSS v4.0 requirements. • Track all QSA Requests for Information (RFIs) in the team's audit management system, coordinating timely responses from control owners and flagging items at risk of missing SLA to the ISA. • Maintain a master findings tracker for all assigned scopes, logging audit findings, management responses, remediation owners, target dates, and closure evidence across internal and external audit cycles. • Support the ISA in preparing Attestations of Compliance (AOCs), Self-Assessment Questionnaires (SAQs), and Report on Compliance (ROC) documentation by compiling required data and validating input accuracy. • Assist with post-audit retrospectives by compiling evidence submission timelines, RFI logs, and findings summaries for lessons-learned analysis. • Maintain and update CDE boundary diagrams, data flow diagrams, and network segmentation documentation for each assigned scope, initiating updates within 30 days of any environment change. • Maintain the risk acceptance register for assigned scopes, tracking open risk acceptances, expiry dates, residual risk ratings, and required annual reviews. • Track compensating controls for assigned scopes, ensuring each has documented rationale, compensating measures, and a current review date on file. • Monitor policy and procedure currency for assigned scopes, flagging documents approaching their review date and coordinating with the ISA and policy owners to initiate updates. • Maintain the third-party service provider compliance tracking log for assigned scopes, following up annually on AOC renewals and flagging expired certifications to the ISA. • Coordinate annual PCI-DSS awareness training delivery for control owners, IT staff, and business operations personnel within assigned scopes - tracking enrollment, completion rates, and issuing completion certificates. • Develop and maintain training attendance records and completion reports for all assigned scopes to support audit evidence requirements. • Assist the ISA in preparing control owner briefing materials, interview guides, and evidence submission instructions ahead of assessment windows. • Support onboarding of new control owners within assigned business units, walking them through evidence expectations, submission formats, and the compliance calendar.

• Conduct requirements analysis to support program planning, capability development, and strategic decision-making. • Develop and maintain requirements documentation, ensuring traceability from operational needs through implementation. • Perform capability-based assessments and gap analyses to identify opportunities for program improvement. • Support the development of requirements traceability matrices and related program documentation. • Coordinate with stakeholders to gather, validate, and prioritize operational and technical requirements. • Assist with the transition of program capabilities into formal DoD acquisition and governance processes. • Support development of capability documentation, briefing materials, and decision-support products. • Analyze program risks, dependencies, and impacts associated with evolving requirements. • Ensure alignment between program objectives, stakeholder needs, and DoD governance frameworks. • Provide analytical support, technical writing, and reporting to leadership and stakeholders.