Join our community of growth stage businesses

Objective

The Director of Risk & Compliance is a strategic leadership role at Mixbook, responsible for designing, implementing, and overseeing a global risk and compliance program that enables Mixbook to scale responsibly while maintaining trust with customers, employees, vendors, and regulators.

This role will ensure Mixbook has the right frameworks, policies, and controls in place to proactively manage risk across all jurisdictions in which we operate while enabling smart, compliant, and scalable decision-making across the business. This leader will build the infrastructure that ensures Mixbook’s systems, partners, and people can thrive in a global environment while staying aligned with evolving legal, regulatory, and audit standards (eg, SOC 2, GDPR, vendor risk, security protocols, and internal controls).

The Director of Risk & Compliance will serve as the connective tissue between operational execution and executive decision-making, delivering the transparency, governance, and accountability that ensures risk doesn’t become a blocker, but a competitive advantage.

Essential Functions

Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.

1. Establish and Maintain a Global Risk Management Framework: Design and continuously evolve Mixbook’s enterprise-wide approach to identifying, assessing, and mitigating risk, spanning strategic, operational, technological, financial, reputational, and compliance categories.
2. Own Business Continuity and Disaster Recovery (BC/DR): Develop, test, and maintain resilient business continuity and disaster recovery plans to ensure Mixbook can sustain critical operations and recover quickly from potential disruptions.
3. Own Global Compliance Strategy and Execution: Ensure Mixbook’s policies, practices, and infrastructure meet and anticipate regulatory requirements (eg, SOC 2, GDPR, SOX etc.) across our global footprint - including employees, contractors, vendors, and customers. This includes maintaining comprehensive data protection and privacy compliance programs, conducting privacy impact assessments, and ensuring lawful processing of personal data across all jurisdictions.
4. Drive Risk Visibility and Executive Readiness: Deliver clear and consistent risk reporting to the Executive Team and Board, including quarterly business reviews and proactive recommendations tied to business priorities.
5. Translate Risk into Scalable Policy: Author and steward durable policies that clarify expectations, roles, and controls, enabling teams to move fast without compromising compliance or security.
6. Operationalize Controls and Accountability: Ensure risk mitigation efforts are embedded into day-to-day operations, with clear ownership, documented controls, and auditable evidence across relevant functions.
7. Lead Audit and Certification Readiness: Serve as the internal lead for risk-related audits (eg, SOC 2), ensuring timely preparation, aligned scope, and credible response to findings or recommendations. Manage privacy-related audits, regulatory inquiries, and data protection authority interactions, including breach notifications and remediation efforts.
8. Partner Across Functions to Enable Smart Decisions: Work cross-functionally with Legal, Security, People Ops, Finance, Data, and others to embed risk thinking into business decisions, vendor management, and growth strategies. Serve as the privacy advisor to product, engineering, and marketing teams, ensuring privacy considerations are integrated into all customer-facing initiatives and data processing activities.
9. Build a Culture of Risk Awareness and Proactive Ownership: Elevate risk as a shared responsibility across Mixbook by driving education, self-assessments, and a culture of transparency, trust, and continuous improvement. Develop and deliver enterprise-wide training programs to ensure employees at all levels understand risk management, compliance obligations, and their role in mitigating organizational risks.

Key Skills

• Risk Framework Expertise: Deep understanding of risk management standards (eg, NIST, ISO 31000), SOC 2, internal audit, and enterprise risk frameworks.
• Privacy and Data Protection Expertise: Comprehensive knowledge of global privacy laws (GDPR, CCPA, etc.), data governance frameworks, and privacy program management.
• Policy Leadership: Experience crafting high-trust, globally applicable policies that stand up to audits and support business growth.
• Audit + Control Readiness: Proven ability to build control environments with appropriate documentation, evidence, and accountability.
• Strategic Business Fluency: Strong ability to translate technical risk language into executive-level business implications and decisions.
• Cross-Functional Influence: Capable of aligning diverse stakeholders and establishing systems of accountability and clarity across departments.
• Project Management Excellence: Skilled in leading initiatives end-to-end, from design through implementation and continuous improvement.
• Global Perspective: Adept at managing across multiple regulatory regimes, cultural contexts, and partnership types (employees, contractors, vendors).
• Sound Judgment: Ability to manage sensitive information and navigate risk-based decision-making with maturity and credibility.
• Crisis Management & Scenario Planning: Experience identifying high-risk issues early and facilitating coordinated responses and mitigation strategies.

Competencies + Experience

• 8+ years of progressive experience in risk management, compliance, internal audit, legal, or governance roles, preferably within fast-scaling or global organizations.
• 3 - 5 years in a senior leadership role with direct accountability for enterprise-wide risk or compliance programs, ideally reporting to or advising C-level executives or Boards.
• Track record of designing and operationalizing risk frameworks, policies, and controls that meet external audit standards (eg, SOC 2, ISO) while enabling business agility.
• Demonstrated success building privacy programs from the ground up and managing privacy compliance in high-growth environments.
• Hands-on experience leading complex audits and managing certification readiness (eg, SOC 2, GDPR, third-party risk assessments).
• Demonstrated success building cross-functional alignment across Finance, People, Engineering, Security, and Operations functions.
• Experience managing risk and compliance across multiple geographies, legal frameworks, and partner ecosystems (employees, contractors, vendors, and customers).

Other duties

Please note that this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job. Duties, responsibilities, and activities may change at any time, with or without notice.

#LI-Remote