Role Description Longbridge is excited to be adding to our Compliance Department. This newly created role, Mortgage Compliance Officer, will be responsible for researching compliance with all mortgage banking laws, rules, regulations, and prescribed policies/practices/procedures necessary to reduce risk and uphold ethical standards. - In-depth knowledge of state and federal consumer regulations, including but not limited to: - Licensing - TILA - HMDA - RESPA - UDAAP - Non-bank CRA requirements - SOX - Review regulatory changes and assess how the changes might affect the company. Provides recommendations about necessary policy and procedural changes. - Oversee monthly regulatory compliance weaknesses throughout the organization and work with management to identify root causes, remediation steps, and tracking of the issues. - Contribute to the compliance training program, which may include: - Identifying training courses, webinars, etc. - Creating compliance-related training and providing it through various methods. - Monitor federal and state regulatory sources (CFPB, HUD, TILA, HMDA, RESPA, UDAAP state agencies) for new rules, guidance, and legislative updates affecting mortgage lending. - Draft compliance alerts. - Maintain a regulatory change log and ensure all updates are documented, categorized, and escalated appropriately. - Summarize complex regulatory changes into clear, actionable summaries for operations, sales, and executive leadership. - Design and maintain spreadsheets and tracking tools to document changes made in the Loan Origination System (LOS), including version history and effective dates. - Prepare reports, presentations, and meeting materials for internal and external compliance reviews. - Assist in the implementation of compliance policies and procedures. - Respond to compliance-related inquiries from other departments within the company. - Reverse mortgage experience is a plus but not required. Qualifications - Bachelor’s degree is required with a minimum of five (5) years in a compliance role with a financial institution. - Knowledge in mortgage banking and consumer compliance laws and regulations. - Ability to form effective relationships and achieve influence at the most senior level in the organization. - Proactive, motivated, strong attention to detail, and proven track record in building good working relationships. - Ability to work independently as well as in a team environment. - An understanding of when issues require escalation. - Working knowledge of the Microsoft Office Suite of products. - Analytical writing skills along with strong verbal and written communication skills. Requirements - Working in a growing and dynamic industry. - Full benefits: Medical, Dental, Vision, FSA/HSA, and a wide array of voluntary products and discounts. - 401(k) with company match. - Paid time off. - This is an exempt role. - Target base salary range is $130K - $135K, based on various factors including skills and work experience. - Eligible for a competitive additional compensation program via annual bonus based on individual performance. - LBF is an EEO/AA/Vet/Disabled Employer. - Please note that salaries estimated on various job sites may not reflect the actual compensation.

• Collaborate with peers across the organization to achieve client-centric delivery in a matrix organization. • Oversight and accountability of Regulatory Authority (RA), Independent Review Board (IRB)/Ethics Committee (EC) and Third Body submissions • Manage projects according to the billing guide to ensure the work is performed within budget. • Initiate improvements to enhance the efficiency and the quality of the submission work performed on assigned projects. • Support audits (internal and external) and inspections, as needed.

• Support program teams in the day-to-day management of donor agreements received by IYF, including tracking key award requirements, deliverables, reporting deadlines, budget considerations, compliance obligations, and required approvals. • Support the review, drafting, processing, and administration of subawards, contracts, amendments, and related documentation issued by IYF to partners, vendors, consultants, or other third parties. • Coordinate with program teams, Finance, country offices, and partners to help ensure these agreements are complete, accurate, and aligned with donor requirements, IYF policies, applicable registrations, and approved program activities. • Support compliance reviews and help identify donor requirements, restrictions, approvals, reporting obligations, documentation needs, and potential risks related to donor agreements received by IYF. • Support the development and maintenance of compliance matrices, due diligence records, award files, templates, internal guidance, trackers, and filing structures. • Assist with periodic reviews of award, subaward, and contract records to support data quality, audit readiness, and consistent documentation practices. • Support the use and continuous improvement of IYF’s award management systems and records. • Work collaboratively across program, finance, business development, operations, and other relevant teams to support clear communication, timely follow-up, and practical resolution of award management and compliance matters.

Role Description The Compliance Team Lead is an individual contributor role positioned at the emerging lead level, designed to own the day-to-day execution of Celigo’s security compliance and risk operations. This role enables the Senior Director to operate strategically by taking ownership of core compliance workstreams: - SOC 2 audit coordination - Privacy rights fulfillment - Policy governance - Third-party risk assessments - Security questionnaire responses A significant focus of this role will be supporting Celigo’s ISO 27001 and ISO 42001 certification initiative. Under the direction of the Senior Director, this role will partner with an external advisory firm to build Celigo’s integrated Information Security Management System (ISMS) and Artificial Intelligence Management System (AIMS) and will then own the ongoing management, maintenance, and operationalization of those management systems post-certification. This role also provides task-level guidance to the Security Risk & Compliance Analyst and supports their professional development. Both roles report directly to the Senior Director, Information Security & Compliance. Responsibilities - SOC 2 Audit Readiness & Compliance Operations - Lead day-to-day SOC 2 Type II audit activities, including evidence collection, artifact management, control testing coordination, and auditor liaison for both the Integrator.io and CloudExtend platforms. - Maintain the compliance calendar and ensure all control activities, access reviews, training attestations, and evidence requirements are completed on schedule. - Oversee the administration of the KnowBe4 policy attestation platform; track completion rates and follow up on outstanding attestations to support audit evidence requirements. - Lead the coordination and tracking of compliance evidence requirements across business units; document gaps and escalate to the Senior Director. - Maintain and update the Celigo Risk Register, including open risk items, remediation timelines, and status. - ISO 27001 & ISO 42001 Program Build and Management - Serve as a primary internal resource supporting the build of Celigo’s ISO 27001 ISMS and ISO 42001 AIMS under the leadership of the Senior Director and in partnership with an external advisory firm. - Contribute to gap assessments, control mapping, documentation development, and stakeholder interviews as part of the certification readiness program. - Own the ongoing management and operationalization of the ISMS and AIMS post-certification, including management reviews, internal audit coordination, control monitoring, and annual recertification preparation. - Maintain ISMS and AIMS documentation, ensuring policies, procedures, and evidence repositories remain current and audit-ready. - Serve as the internal subject matter resource for ISO 27001 and ISO 42001 requirements as Celigo’s program matures. - Privacy, DSAR & Regulatory Compliance - Handle Data Subject Access Requests (DSARs) in compliance with GDPR, UK GDPR, CCPA, and other applicable privacy regulations; maintain response logs and ensure timely fulfillment within regulatory deadlines. - Support privacy compliance activities, including PIA coordination for new AI tools, DPA review, and regulatory change tracking. - Monitor emerging regulatory requirements relevant to Celigo’s operating environment, including the Colorado AI Act and other applicable frameworks. - Third-Party Risk Management - Execute third-party vendor risk assessments in alignment with Celigo’s tiered risk framework; review SOC 2 reports, security questionnaires, and DPAs for material gaps. - Maintain the vendor inventory and ensure all assessments are completed within the required cadences. - Lead security review intake for new AI tools and OAuth-connected applications; flag findings and escalate to the Senior Director. - Policy Governance & Documentation - Own Celigo’s security and privacy policy library, managing annual review cycles, stakeholder coordination, tracked-change workflows, and version control. - Identify gaps between policy requirements and current operational practice; develop remediation tracking and monitor progress. - Maintain compliance documentation repositories (Wiki, Google Drive) and ensure accuracy and accessibility of all compliance artifacts. - Customer-Facing Security & Team Coordination - Lead responses to client and prospect security, privacy, and compliance questionnaires; coordinate with the Security Risk & Compliance Analyst on intake and response workflows. - Provide day-to-day task guidance, work assignments, and professional development support to the Security Risk & Compliance Analyst. - Serve as the primary cross-functional point of contact for compliance inquiries from IT, Engineering, HR, Legal, and Finance. Qualifications - Demonstrated ability to manage multiple concurrent compliance workstreams with competing deadlines and limited oversight. - Working knowledge of SOC 2 Trust Services Criteria and audit evidence requirements; experience owning evidence collection for at least one full audit cycle. - Foundational understanding of ISO 27001 requirements; exposure to ISMS implementation or gap assessment work is strongly preferred. - Familiarity with privacy regulations, including GDPR, HIPAA, CCPA, and US state privacy laws; experience handling DSARs is a plus. - Ability to review vendor security documentation, including SOC 2 reports, DPAs, and security questionnaires, and identify material risk gaps. - Strong written communication skills; ability to draft policy language, compliance documentation, and client-facing security responses. - Comfortable working cross-functionally with Engineering, IT, Legal, and Finance stakeholders. - Ability to provide constructive task guidance to a junior team member. - Self-directed with strong organizational skills; ability to operate effectively with minimal supervision. - Proficient in the responsible use of AI tools (e.g., Claude, ChatGPT) to improve the efficiency and quality of compliance work. Education & Experience - 3–5 years of experience in information security, GRC, compliance, privacy, or audit functions. - Hands-on experience with SOC 2 audit cycles, including evidence preparation and auditor coordination. - Experience in auditing a SaaS company, preferably with multi-tenant architecture. - Experience with security policy development, review cycles, and stakeholder management. - Familiarity with third-party risk assessment programs and vendor security review processes. - Experience with GRC or compliance documentation platforms (e.g., Vanta, Drata, Confluence, or equivalent). - Exposure to ISO 27001 framework requirements preferred; ISO 42001 familiarity is a plus. - Relevant certifications preferred but not required: CISA, CRISC, CIPM, CISSP, or equivalent. Benefits - Competitive compensation and benefits, including: - Three weeks of vacation (starting year one) - Wellness days and holidays to recharge - Parental leave and a generous benefits package - Monthly tech stipend - Recognition and career development opportunities Company Description Celigo is proud to be a 2025 Gartner Customers’ Choice for iPaaS. The only vendor to receive this award. Celigo is a Visionary in the Gartner Magic Quadrant for iPaaS for the second consecutive year. Celigo is ranked #1 iPaaS on G2 for multiple quarters and named a Leader in both B2B/EDI and API Management. Celigo is a leading intelligent automation platform that puts the power of automation in the hands of every team, unifying workflows from the predictable to the fully agentic in a single platform.