Compliance Manager at YouCanBookmePosted on: 05/27/2021
*“The big print giveth and the small print taketh away."* (Tom Waits). This was the quote our CEO used at the top of our terms and conditions, back in 2013, when we were building our first corporate ‘version’ of YCBM. Our [Terms and Conditions](https://youcanbook.me/terms/), and sister page [Privacy and Data Protection](https://youcanbook.me/privacy/) have been our legal and compliance bedrock ever since. We aim to follow the spirit, as well as the letter of our agreements with our customers. **We are now looking for a legally experienced compliance officer, to take forward all our work in this area - from security and data protection to commercial agreements - to make sure our obligations and compliance are met.** **The Compliance Manager’s job will be to drive our compliance strategy and manage all key activities, including managing our ISO27001 and SOC2 internal and external audits and delivering our GDPR obligations. You will also be supporting our sales team with contract adjustments to balance our clients' requests against commercial risk and financial goals.** In short, we need someone to be the guardian, that **we do what we say we do.** Our perfect Compliance Manager will want to immerse themselves in data protection (it’s at the heart of every agreement), will have the people skills to enthuse and train colleagues on compliance, and the legal skills to spot contractual red lines or moot points. Things we can give way on, things we will hold the line on. Our new colleague will love contracts, any kind of contracts, will love regulation, will love a good checklist. But more importantly, they will love helping their teammates and our customers and suppliers navigate the data, compliance, security and regulation world. We will be expecting the successful candidate to have a legal background and at least 5 years working compliance or risk management-related role at a mid /senior level, ideally in the SaaS industry. **The Compliance Manager at YouCanBook.me will:** * be in charge of all risk, security & compliance projects in the company (incl. drafting and reviewing documentation and policies, implementing new processes, preparing risk assessments, conducting internal audits, and rolling out corrective actions) * working alongside the CISO, be responsible for external security and compliance accreditations (ISO27001, SOC2, etc.). Investigate requirements, maintain accreditations and manage the end-to-end process * ensure we’re consistently meeting the GDPR and e-Privacy obligations and drive continual improvements * be the business Data Protection Officer and compliance POC. You will manage, respond to and address any data requests, external audits, and escalations * regularly audit company procedures, practices, and documents to identify possible weaknesses or risks * review, edit, draw-up and advise on a range of commercial contracts and documents balancing our commercial risk against our financial goals * drive a culture of information security and compliance within the whole YCBM team * create and deliver engaging and practical training/materials ensuring the YCBM team understands and is adhering to the best practices, compliance, and security requirements * provide guidelines and support on compliance, local policies, legislation, and corporate and ethical standards to colleagues within YCBM, as well as our 3rd party partners * coordinate with external legal partners for any matters which cannot be resolved in-house * manage all YCBM insurance policies, including claims reporting * control disaster recovery and business continuity planning * stay abreast of the latest legal and regulatory developments which may impact our business **Our expectations that the successful candidate will have:** * university degree in law, compliance management, IT security, business, or similar * at least 5 years practical experience in compliance/information security * at least 2 years practical experience in drafting/reviewing commercial contracts * excellent knowledge of international privacy laws, incl. the GDPR and ePrivacy Directive * previous experience with Information Security Management Systems (ISMS), incl. compliance frameworks (minimum one of the following: SOC2, ISO27001, PCI DSS) * skills in interpreting legal jargon and requirements into day to day practical, implementable actions * love for assisting customers and colleagues in compliance/contract queries * practical ability to balance commercial contract negotiations with achieving ideal legal outcomes * nice to have: previously worked for a SaaS or software company **What you would be benefitting from in return:** * 100% remote, your equipment, wifi/office or co-working space all covered * Salary £50K - £65K - this is for a senior-level post; we try and keep things in 'bands,' and everything is internally published. * 'Unlimited' holiday (plus public holidays). We expect everyone to be taking 5-6 weeks leave a year * Fully funded private health / dental insurance (in UK / Spain) * 5% employer contribution to private pension (in the UK) * Fully funded leave policies for parents * Participation in profit share after 1.5 years * International travel / company retreats **What do you need to do to get this job?** * We’re big fans of cover letters from applicants who have done their homework on us. We want to see that you’re passionate about what we do and interested in how we got here * Tell us why you would want to work for a company like ours, the value you would bring, and how you’d learn along the way * We’d love to hear what you’ve achieved and what you’re most proud of. In particular, we want to see your strengths and qualities that make you a great fit for this role * And most importantly, think about how you will stand out from other applicants. We’re absolutely only looking for candidates who are serious about their desire to work for us - this means generic cover letters/CVs are a big no-no for us, so please don’t expect much progress if you send us one of these.