• Support the development and execution of a healthcare compliance program. • Report to the SVP/Head of Legal. • Work cross-functionally to lead key elements of a pre-commercial compliance program—including policy and SOP development, transparency and aggregate spend reporting, training, and commercial and promotional compliance review. • Support future field engagements following potential product approval. • Conduct regular compliance audits, monitoring and risk assessments to identify potential areas of compliance vulnerability and risk. • Assist in the completion of activities related to federal and relevant state transparency-driven compliance requirements. • Manage the Company’s whistleblower hotline. • Collaborate with legal, regulatory, and operational teams to provide compliance guidance and support for new initiatives and projects. • Investigate compliance-related issues and coordinate with relevant stakeholders to ensure appropriate corrective actions are taken. • Stay current with industry trends, regulatory changes, and best practices in compliance. • Engage in such other activities as directed by the Senior Vice President, Legal.

• Support the development and execution of regulatory strategies to ensure FDA authorization and global compliance for IVD and Software as a Medical Device (SaMD) products. • Prepare and contribute to regulatory submissions, including FDA pre-submissions, 510(k), De Novo, and EU IVDR Technical Documentation. • Collaborate with cross-functional teams to ensure regulatory requirements are integrated throughout the product lifecycle. • Provide regulatory input during design and development activities, including risk management, change control, verification/validation, and labeling. • Monitor and interpret evolving regulatory requirements and standards (e.g., ISO 13485, ISO 14971, IEC 62304, IEC 62366) and assess impact on product development and compliance. • Support internal audits and regulatory inspections, including preparation of documentation and development of CAPAs related to regulatory findings. • Deliver regulatory training and guidance to internal teams to support ongoing compliance and foster a strong quality and regulatory culture. • Contribute to continuous improvement initiatives within the Regulatory Affairs function.

• Develop, implement, and continuously enhance the company’s enterprise-wide compliance program. • Draft, maintain, and improve compliance policies, procedures, and internal controls. • Establish governance frameworks to ensure consistent compliance across products, operations, and jurisdictions. • Monitor, interpret, and proactively translate federal and state laws and regulations impacting all Fliff verticals. • Serve as the primary point of contact for regulators and gaming authorities. • Manage regulatory filings, licensing, audits, and investigations. • Proactively assess regulatory changes and advise leadership on business impact and risk. • Oversee and continuously improve AML, fraud prevention, and Know Your Customer (KYC) programs. • Ensure compliance with applicable AML laws, sanctions requirements, and reporting obligations. • Partner with internal teams to investigate suspicious activity and manage escalations. • Oversee privacy compliance, including data protection, security practices, and user consent frameworks. • Ensure compliance with consumer protection laws, advertising standards, and related requirements. • Collaborate with product and engineering teams to embed compliance-by-design principles. • Identify, assess, and mitigate compliance and regulatory risks across the organization. • Develop risk assessment methodologies and reporting for executive leadership. • Lead internal compliance reviews and support external audits. • Support contracting efforts related to compliance, regulatory obligations, and risk allocation. • Partner closely with Legal, Product, Operations, Payments, Marketing, and Finance teams. • Provide compliance training and guidance to employees and leadership.

• Document security controls and architectures that satisfy FedRAMP High baseline requirements and DoD Cloud Computing Security Requirements Guide (SRG) overlays for Impact Level 5 (including handling of high-sensitivity CUI and unclassified National Security Systems). • Oversee continuous monitoring (ConMon) programs including vulnerability scanning, configuration monitoring, log aggregation/analysis, boundary protection validation, and monthly/ongoing reporting to meet FedRAMP and DoD expectations. • Translate NIST 800-53 Rev. 5 controls and DoD-specific enhancements into operational requirements; partner with engineering, DevOps, and product teams to embed compliance into their processes. • Lead preparation, evidence collection, and remediation for FedRAMP reassessments, 3PAO audits, DoD Provisional Authorizations, Significant Change Requests (SCRs), and contribute to Plan of Action & Milestones (POA&M) management. • Automate compliance validation for control implementation verification and drift detection. • Conduct technical risk assessments, root-cause analysis on compliance findings, and provide guidance for implementation of compensating controls or hardening measures in cloud environments. • Support incident response and boundary protection activities in IL5 environments, ensuring alignment with DoD policies for mission-critical workloads. • Maintain and update compliance documentation including System Security Plans (SSP), control implementation descriptions, architectural diagrams, and boundary definitions. • Collaborate cross-functionally with legal, product, engineering, and federal customer teams to scope new features/services while preserving authorization boundaries. • Mentor others on FedRAMP/DoD compliance best practices and contribute to internal training programs. • Align and coordinate complex, cross-functional federal programs/projects which include FedRAMP and/or DoD authorizations and/or the operational process requirements needed to meet ongoing operational requirements.