HiringCafe
Posted 5d ago

Senior Compliance Officer (US EST/EMEA - Remote)

@ Hospitable
View All Jobs
Remote, Oregon, United States
$148k-$185k/yrRemoteFull Time
Responsibilities:Own program, Design rollout, Manage tooling
Requirements Summary:Extensive hands-on experience with SOC 2 and PCI DSS; strong GRC platform knowledge (preferably Vanta); GDPR expertise; cross-functional collaboration; proactive automation; excellent written communication; autonomous work style; experience with external audits.
Technical Tools Mentioned:Vanta, SOC 2, PCI DSS, GDPR
Save
Mark Applied
Hide Job
Report & Hide
Job Description

tldr; We build software for short-term rentals to rent themselves, with a state-of-the-art product and user experience.

We have crafted an Applicant Handbook, which we highly recommend you check out, where you can find out more about the company, culture, how we recruit, what we do, and how we do it.

Hospitable is a remote-only, global, and trust-based company. We believe exceptional work comes from exceptional people - no matter their background, geography, or path. Our team spans continents, cultures, and experiences, and that diversity is one of our biggest advantages. We move fast, think boldly, and build with intention.

Our product is loved. Our customers are vocal. Our roadmap moves fast.

Feel free to join one of our upcoming public, bi-weekly Town Halls on YouTube to get a glimpse of it for yourself: https://hsptb.com/twnhll

About the role

Hospitable processes over $6 billion in annual reservation value for more than 20,000 customers. As we scale, so does the trust our customers, partners, and future acquirers place in us. Compliance isn't a checkbox exercise here - it's a core part of how we protect that trust and accelerate the business.

We're hiring our first dedicated Senior Compliance Officer to own and mature our compliance program. You'll be building on a solid foundation - we already hold SOC 2 Type II and use Vanta as our GRC platform - but there's a big roadmap ahead. PCI DSS (Service Provider Level 1), GDPR formalisation, and potentially ISO 27001 are all on the horizon. This role is about designing the program, driving it forward, and making compliance a competitive advantage rather than a burden.

You'll work cross-functionally with engineering, product, infrastructure, and customer-facing teams. This is a high-agency role where you'll need to be comfortable operating independently, making judgment calls, and getting your hands dirty with evidence collection and control management on a daily basis.

What you will be working on

  • Own and operate our SOC 2 Type II compliance program end-to-end - managing the annual audit cycle, maintaining controls in Vanta, coordinating evidence gathering across teams, and remediating gaps before they become findings.
  • Design and lead the rollout of PCI DSS Service Provider Level 1 compliance, working with a QSA and internal engineering teams to scope the assessment, implement required controls, and prepare for audit.
  • Build out our GDPR compliance posture - formalising data processing records, ensuring DSAR processes are robust, and working across departments to close gaps in our data protection practices.
  • Manage our GRC tooling (Vanta) day-to-day - configuring tests, maintaining integrations, triaging failing checks, and keeping evidence fresh and audit-ready.
  • Respond to customer and partner security questionnaires, due diligence requests, and trust-related inquiries. You'll be the face of Hospitable's security posture externally.
  • Work with Sam whose favourite fruit is Mango.
  • Partner with engineering and infrastructure to translate compliance requirements into actionable technical work - writing clear tickets, not vague mandates.
  • Identify where compliance automation can reduce manual effort and implement it. We're a tech company; we should act like one when it comes to compliance too.
  • Evaluate and recommend additional frameworks or certifications that strengthen our market position as we scale.