Bill.com is a leader in financial process automation for small businesses and mid-size companies. Making it simple to connect and do business, the Bill.com Back Office Cloud digitizes, automates and simplifies legacy payment and financial processes. With an integrated, end-to-end platform, Bill.com leverages artificial intelligence to reduce manual work, and provides a cloud workspace to help run your business anytime, anywhere. The company partners with four of the largest U.S. financial institutions, more than 70 of the top 100 U.S. accounting firms, and major accounting software providers. Bill.com manages more than $70B in annual payment volume across ACH, virtual cards, checks, and international payments. The company has offices in Palo Alto, California and Houston, Texas. For more information, visitwww.bill.com or follow @billcom.
Mission: Ensure that Bill.com remains compliant with all applicable laws, regulations and regulatory guidance.
This hands-on leader will be responsible to ensure that Bill.com remains compliant with all applicable laws, regulations and regulatory guidance by planning, providing oversight, coordination, and delivering the activities to support successful internal audits and external compliance, and regulatory activities. The Director of GRC is responsible for managing enterprise-wide compliance requirements that include vendor management, regulatory developments, risk assessments and compliance monitoring/testing. Areas of focus include ongoing internal audits, annual compliance and regulatory activities with Security Assessors, Technology Risk, and Enterprise Risk.
● Provide leadership and oversight for compliance programs
● Design and build regulatory compliance risk assessments
● Lead 3rd party and internal audits
● Advise management on risk assessment processes and provide guidance in design and development of processes and controls to manage risks
● Present assessments of risk, controls, and overall strategy to senior engineering leaders and executives.
● Partner with business leaders to ensure timely identification, reporting, mitigation and resolution and of existing and emerging compliance risks and issues
● Oversee, develop and track various compliance monitoring metrics, key performance indicators, and key risk indicators to ensure consistent framework, standards and risk tolerances are followed. Continuously evaluate both business and compliance processes and procedures to drive effectiveness and efficiencies.
Monitor regulatory changes and track plans to implement new regulatory requirements across the organization
● Work with cross-functional leaders to ensure appropriate and timely changes are made in a consistent and company-wide fashion.
● Maintain a broad compliance skill set, with particular focus on consumer regulations and best practices for the management of compliance risk
● Oversee compliance of Third Party Suppliers/Vendors
Professional Experience/Background to be successful in this role:
● Compliance and regulatory knowledge in the banking, technology and software industry
● Leadership roles in Cybersecurity, Audit, Risk, and/or Compliance
● Participation and experience across various regulations and common industry security policy areas
● Demonstrated compliance and regulatory knowledge in the banking, technology and software industry
● Excellent communication skills, both written and verbal. Able to present to senior executives, engineers and the company.
● Demonstrated ability to translate regulatory standards into technical requirements
● Bachelor’s Degree in Information Systems Management (or a related field) or equivalent work experience
● Must have 10+ years of overall work experience with at least 3 years in leadership roles in Cybersecurity, Audit, Risk, and/or Compliance
● Must have 5+ years direct participation and experience across various regulations and common industry security policy areas, including, but not limited to ISO, NIST, COSO, COBIT, PCI, FFIEC, SOX, SSAE16, GDPR and others
● CISSP, CISA Certifications preferred
● Some travel to visit partners may be required.
Competencies (Attributes needed to be successful in this role):
● Values - Ethical & Principled, Fair & Modest, Diligent & Proactive
● Ability to translate regulatory standards into technical requirements
● Must have great people and communication skills
● Staying on top of constantly changing regulatory landscape
● Tech savviness and learning agility
● Firm grasp of the company's business, goals and cultureAbility to make good judgements
Expected Outcomes in 12 months:
● Transition into leading current compliance efforts and program
● Diagnose compliance infrastructure: Identify compliance risks to business and classify them as well managed, not managed at all, or in between with effort/controls to fill the gaps. Identify the most risky practices at Bill.com that can have the biggest effect on business. Prepare a plan to address identified gaps in compliance & risk
● Present and achieve alignment with Bill.com leadership team on the gaps and purpose of this role
● Achieve alignment across leadership on the gaps and purpose of this role
● Achieve alignment on priority, controls and responsibilities
● Start executing on the plan to address identified gaps by building and improving upon the current compliance program
● Accelerate and proactively start planning for upcoming regulations that can have significant impact on business
● Regularly measure and report progress showing a gradual reduction of compliance risk