Role Description The Compliance Manager plays a critical role in safeguarding the organization’s adherence to regulatory requirements and industry standards by overseeing regulatory monitoring, managing rate and form filings, audit preparation, and compliance readiness. This role involves actively identifying compliance needs, coordinating and delivering necessary training, and ensuring that all employees understand relevant regulations. As part of Risk Management and Corporate Governance, the Compliance Manager assesses and mitigates potential risks, ensuring alignment with internal policies and legal standards. This role requires a proactive, detail-oriented approach to continuously improve compliance processes, reduce risk, and support the organization’s commitment to ethical and compliant operations. Qualifications - A bachelor’s degree in business administration, finance or a related field is preferred. Advance degree a plus. - An Institutes or AICP designation preferred (ARM, ARC, ACP, CCP). - 5+ years of professional experience in insurance operations and compliance/risk management. - 3+ years of experience researching state insurance laws, regulations and state license requirements and facilitating state insurance department filings. Requirements - Serve as administrator for MEM’s Code of Conduct hotline. - Maintain MEM’s web portal page and investigator data with third party vendor and ensure reports of concern are received and investigated. - Oversee submissions of all state regulatory filings by coordinating and submitting all, annual rate, rule and form filings, business entity filings with the Secretary of State, NAIC license/expansion filings, biographical affidavits for directors and officers, and corporate governance annual disclosures. - Prepare or facilitate responses to regulator inquiries and objections to filings. - Draft and edit policy forms, endorsements, notices and related correspondence for regulatory filing and approval. - Monitor and communicate status of filings to internal business partners. - Collaborate with internal departments to develop, implement, and maintain regulatory compliance policies and procedures. - Lead the Compliance Committee and ensure the Committee regularly updates and maintains compliance with the Compliance Calendar. - Ensure legal and regulatory changes are monitored and any business impacts are understood. - Provide compliance research and support to MEM for various regulatory jurisdictions as required. - Respond to or coordinate responses to regulatory inquiries as required, such as complaints and market conduct inquiries. - Maintain required logs and documentation. - Maintain relationships with associations or industry groups to stay abreast of regulatory requirements and industry compliance trends. - Conduct regular compliance audits and risk assessments to identify potential regulatory issues. - Resolve issues arising from audits and refer serious or contentious issues to the Director of Legal and Compliance. - Work with IT in the development of compliance training and education for MEM employees related to data security. - Participate as a member of the Business Continuity Team actively contributing in matters related to Records and Information Management. - Maintain an active role in the corporate governance model throughout the year. - Serve as member of the Business Continuity and Corporate Data Security Incident Response Team. - Conduct risk assessments to evaluate product, compliance, or operational risks. - Coordinate an annual data security breach exercise with relevant stakeholders to drive readiness. - Serve on the Emerging Risks Team to identify and mitigate new and emerging risks. Benefits - Health Plans: Medical, Dental, and Vision, including fertility benefits, fully paid preventative care, and adult orthodontia. - Annual Performance Based Bonus. - Employer-Paid Life and Disability Benefits: Life Insurance (3x base salary), AD&D, Short and Long-term Disability. - Wellness and Recognition Program: Employer-paid incentives for employees and spouses. - Flexible Spending Account and Dependent Care options. - Health Savings Account: Generous employer contribution. - Generous PTO, 11 Holidays + 4 Early Releases, 16 Hours Volunteer Time Off, 20 Days Paid Parental Leave, Marriage, Bereavement, and Jury Duty leave. - Employee Assistance Programs. - 401k Retirement Plan: Employer match and profit sharing. - Adoption Assistance and Tuition Assistance.

• Lead and execute CMMC Level 2 gap assessments against all 110 NIST SP 800-171 Rev 2 practices across the 14 control domains. • Conduct readiness reviews and deliver findings with prioritized remediation roadmaps. • Author and maintain SSPs, POA&Ms, policies, procedures, and implementation narratives using the NIST SP 800-171A examine, test, and interview methodology. • Build CMMC-scoped network diagrams, data flow diagrams, and CUI boundary documentation. • Evaluate client environments scoped to CUI systems, including Microsoft 365 GCC and GCC High, Intune and Microsoft Defender for Endpoint, and specialized platforms such as PreVeil. • Serve as the primary technical point of contact for assigned DIB accounts across the compliance lifecycle. • Facilitate interviews with client staff to validate controls and gather evidence, and present status and executive readouts with clarity. • Own data integrity in the GRC platform (e.g., IntelliGRC) for SSP management, POA&M tracking, and evidence management. • Improve internal CMMC methodologies, templates, and tooling. Mentor junior consultants, and track CMMC Program rule changes (32 CFR Part 170, DFARS 252.204-7021) and Cyber AB guidance updates so the practice stays current.

• Lead the coordination and ongoing enhancement of RWWA’s enterprise risk management framework, ensuring risks are identified, assessed, monitored and reported in line with organisational risk appetite. • Partner with business areas to embed risk awareness and ownership into operational planning, decision making and change initiatives. • Support the identification and mitigation of strategic, operational, regulatory and reputational risks across the organisation. • Coordinate risk reporting, analysis and insights for senior management, committees and governance forums, escalating material risks where required. • Oversee the development and maintenance of risk registers, key risk indicators, control assurance processes and risk treatment plans. • Provide day‑to‑day leadership of the risk and compliance function, supporting specialist roles within the team.

• Research and verify carriers using multiple online platforms to ensure legitimacy and compliance with company standards. • Document our internal system to keep accurate records of carrier qualifications and compliance status. • Analyze data and make informed decisions regarding carrier approval and risk assessment. • Process requests efficiently in a fast-paced environment while maintaining accuracy and meeting established service levels. • Collaborate with internal teams to address and resolve any carrier compliance issues or discrepancies. • Prioritize and multitask effectively while handling a high volume of carrier approvals.