Risk and Compliance Manager

Security and Compliance Seattle, Washington Durham, North Carolina

Job Summary

The Risk and Compliance Manager reports into the Corporate Security Team and will manage, and help grow, our Risk Management team.  You and your team will be responsible for developing and supporting global risk initiatives by proactively monitoring and managing risks that impact our business.  This includes plans and strategies for business continuity, data privacy, vendor due diligence, and other risk management functions.  Successful candidates need the skills to translate internal policies to concrete technical action plans.

Job Duties

  • Manage a team of 5 to 8 security and risk management professionals
  • Drive compliance related initiatives with teams across the organization: Security, Legal, Finance, Customer Support, Engineering, HR, etc.
  • Communicate regularly with leaders and senior management (reports, dashboards, and PowerPoint)
  • Participate in internal and external audits and properly articulate the business function risk profile, risk management strategies and controls appropriateness
  • Interact with customers and business partners to understand and respond to their compliance and assurance needs and concerns
  • Own the Business Continuity Management efforts for assigned business units
  • Collaborate with the Application Security and Engineering Operations teams to implement risk management & privacy projects
  • Implement Vendor data privacy risk assessments
  • Develop and provide training to teams across the company
  • Develop FAQs and documentation
  • Track, investigate, and assist in responding to privacy incidents
  • Identify gaps in technical and policy documentation which impact Risk Management functions


  • Minimum of 3 years managing technical teams
  • 6+ years of risk management or compliance experience
  • Bachelor's degree in computer science or a related field
  • Strong project/ program management skills
  • Excellent written, verbal, and presentation skills
  • Experience working Amazon Web Services or other public cloud providers
  • Experience translating legal or contractual requirements into technical controls
  • Operating knowledge of GDPR or other privacy legislation
  • Experience with audit process and methodologies

Preferred Qualifications

  • Previous hands on experience with risk discovery and assessment, with followup on appropriate mitigation and controls
  • Professional experience participating in IT audits (Sarbanes Oxley, SOC 1, SOC 2, ISO 27001)
  • General familiarity with CI/CD, Docker, Kubernetes, and related devops tools
  • Experience with HIPAA
  • Knowledge or experience with any of the following areas: identity and access management, cloud hosting providers, database administration
  • Professional certifications such as CISSP, CIPP, OSCP


About Avalara

Avalara helps businesses of all sizes achieve compliance with transaction taxes, including sales and use, VAT, excise, communications, and other tax types. The company delivers comprehensive, automated, cloud-based solutions designed to be fast, accurate, and easy to use. The Avalara Compliance Cloud® platform helps customers manage complicated and burdensome tax compliance obligations imposed by state, local, and other taxing authorities throughout the world. Avalara offers more than 600 pre-built connectors into leading accounting,

ERP, ecommerce and other business applications, making the integration of tax and compliance solutions easy for customers. Each year, the company processes billions of indirect tax transactions for customers and users, files more than a million tax returns, and manages millions of tax exemption certificates and other compliance documents. Headquartered in Seattle, Avalara has offices across the U.S. and overseas in the U.K., Belgium, Brazil, and India. More information at www.avalara.com Avalara is an Equal Opportunity Employer. All qualified candidates will receive consideration for employment without regard to race, color, creed, religion, age, gender, national orientation, disability, sexual orientation, US
Veteran status, or any other factor protected by law.