This position is for a Senior Counsel - REMOTE, where you will join a dynamic Legal and Compliance department, providing high-caliber legal advice to internal stakeholders. Support business units across the company with diverse legal needs. Develop and improve processes for the Legal and Compliance Department. Ensure that legal obligations are met and the company is fully protected. Identify and propose solutions to complex legal challenges. Navigate data privacy legislation to keep policies up-to-date.

• FedRAMP Ownership: Own the entire process for maintaining and managing FedRAMP/GovRamp authorizations, including control implementation, documentation (e.g., System Security Plan - SSP), continuous monitoring, and annual audits (A&A). • Audit Management: Serve as the primary point of contact for all external security and compliance audits (including SOC 2 Type II), coordinating efforts between auditors, legal counsel, and technical teams to ensure successful outcomes and high-quality evidence collection. • Compliance Program Management: Design, implement, and lead the corporate security compliance program, ensuring adherence to the specific controls required by all key frameworks. • Security-by-Design Review: Collaborate closely with the Product Management and Engineering teams, reviewing product roadmaps, features, and architectures to ensure security and government compliance (especially FedRAMP/GovRamp controls) are integrated from the initial design phase (Security-by-Design). • Product Requirements Translation: Translate complex regulatory and certification controls into clear, actionable technical requirements and user stories for product development teams. • Risk Mitigation: Conduct risk assessments on product features, third-party integrations, and new technologies to proactively identify and mitigate compliance and security risks before product launch. • Contractual Review: Support the Legal Team by critically reviewing and negotiating security and privacy clauses in customer contracts, RFPs, vendor agreements, and data processing addendums (DPAs), specifically pertaining to government and regulated clients. • Policy & Training: Develop, document, and enforce comprehensive security, privacy, and data governance policies. Conduct targeted training for teams involved in government-facing products. • Executive Reporting: Provide regular, executive-level reports to the Chief Legal Counsel on the status of compliance efforts, identified risks, and strategic security posture.

• Help design, create, and implement systems for Cloud Security on our SaaS platform • Monitor, analyze, and respond to security threats • Shape and enforce security policies, standards, and best practices • Work independently to define strategies and solutions that align with security • Provide technical and security engineering support during pre-sales and post-sales phases • Be the technical liaison for customers regarding security-related topics • Assist with managing disaster recovery and penetration test projects • Support AWS security processes, blueprints, and documentation

• create a relationship with clients as a trusted cybersecurity advisor • develop and implement cybersecurity risk management strategies tailored to the needs of financial services and government clients in various regions • advise clients on compliance with regulatory frameworks and global standards like ISO 27001, NIST, and CIS • conduct security assessments and gap analyses to identify weaknesses and recommend actionable improvements • collaborate with client stakeholders, including CISOs and IT leadership, to align cybersecurity initiatives with business objectives • stay current with evolving cyber threats, regulatory updates, and industry trends across various regions • support clients during internal and external audits, including preparation of documentation and remediation planning • collaborate with team members and contribute to the continuous improvement of internal methodologies and knowledge sharing • respond to ad hoc client queries related to cybersecurity, risk, and compliance