Compliance Operations Specialist

The Compliance Operations Specialist will play a key role in supporting AffiniPay’s compliance and privacy operations, ensuring adherence to regulatory frameworks, privacy laws, and industry best practices. This position will focus on maintaining AffiniPay’s compliance posture across products like LawPay, CASEpeer, Docketwise, and Woodpecker by aligning internal processes with PCI DSS, SOC 2, HIPAA, CCPA, CPRA, and other privacy laws.

This role will work cross-functionally with Legal, Product, IT Ops, and Sales teams to embed compliance requirements into business processes and ensure customer data protection. The Compliance Operations Specialist will also oversee risk management activities, audit preparation, and privacy program initiatives to support AffiniPay business goals.

What You'll Do

• Compliance Management

• Ensure adherence to key regulatory frameworks, including PCI DSS, SOC 2, HIPAA, and privacy laws like CCPA and CPRA.

• Collaborate with internal teams to prepare for and support audits, including PCI DSS, SOC 2, and other assessments.

• Manage compliance obligations related to secure file transfers, customer data handling, and industry-specific guidelines (e.g., ACH for digital payments, Bar association rules for legal service products).

• Privacy Operations

• Manage and respond to Data Subject Access Requests (DSARs) and other privacy-related inquiries in collaboration with Legal.

• Administer privacy tools (e.g., DataGrail) to oversee consent management, data classification, and privacy workflows.

• Work closely with Legal to maintain compliance with privacy laws, ensuring all contractual obligations regarding data privacy are met.

• Risk Management and Governance

• Maintain and update the Risk Register, tracking compliance risks and coordinating timely mitigation with internal teams.

• Conduct regular risk assessments, including Third-Party Risk Management (TPRM) and internal evaluations.

• Align risk management findings with regulatory requirements, implementing improvements to support business operations.

• Cross-Functional Collaboration

• Serve as the primary compliance contact for Legal, Product, IT Ops, and Sales teams, ensuring alignment with compliance objectives.

• Collaborate with Product and Engineering teams to embed compliance and privacy requirements into workflows, particularly during new product development cycles.

• Partner with internal teams to promote a culture of compliance and awareness through training and enablement.

About You

• 3+ years of experience in compliance management, privacy operations, or a related regulatory role.

• Familiarity with regulatory frameworks such as PCI DSS, SOC 2, HIPAA, and privacy laws like CCPA and CPRA.

• Hands-on experience with compliance tools (e.g., DataGrail, Vanta) and risk management processes.

• Proven ability to manage and track compliance obligations, including audit preparation and evidence collection.

• Strong understanding of privacy principles and processes for handling DSARs, consent management, and data classification.

• Strong knowledge of regulatory compliance frameworks and data privacy principles.

• Ability to collaborate cross-functionally and communicate effectively with both technical and non-technical stakeholders.

• Experience managing risk assessment processes and maintaining compliance-related documentation.

• Excellent organizational skills and attention to detail, ensuring readiness for audits and regulatory requirements.

• Strong problem-solving and analytical skills, with the ability to implement practical solutions.

• This position is preferred to sit in Austin, Texas.

Preferred Certifications

• Certified Information Systems Security Professional (CISSP)

• Certified Information Privacy Professional (CIPP)

• Payment Card Industry Professional (PCIP)

• Certified Information Systems Auditor (CISA) or equivalent.