Senior Compliance Officer (US EST/EMEA - Remote)

tldr; We build software for short-term rentals to rent themselves, with a state-of-the-art product and user experience.We have crafted an Applicant Handbook, which we highly recommend you check out, where you can find out more about the company, culture, how we recruit, what we do, and how we do it.Hospitable is a remote-only, global, and trust-based company. We believe exceptional work comes from exceptional people - no matter their background, geography, or path. Our team spans continents, cultures, and experiences, and that diversity is one of our biggest advantages. We move fast, think boldly, and build with intention.Our product is loved. Our customers are vocal. Our roadmap moves fast.Feel free to join one of our upcoming public, bi-weekly Town Halls on YouTube to get a glimpse of it for yourself: https://hsptb.com/twnhllAbout The RoleHospitable processes over $6 billion in annual reservation value for more than 20,000 customers. As we scale, so does the trust our customers, partners, and future acquirers place in us. Compliance isn't a checkbox exercise here - it's a core part of how we protect that trust and accelerate the business.We're hiring our first dedicated Senior Compliance Officer to own and mature our compliance program. You'll be building on a solid foundation - we already hold SOC 2 Type II and use Vanta as our GRC platform - but there's a big roadmap ahead. PCI DSS (Service Provider Level 1), GDPR formalisation, and potentially ISO 27001 are all on the horizon. This role is about designing the program, driving it forward, and making compliance a competitive advantage rather than a burden.You'll work cross-functionally with engineering, product, infrastructure, and customer-facing teams. This is a high-agency role where you'll need to be comfortable operating independently, making judgment calls, and getting your hands dirty with evidence collection and control management on a daily basis.What You Will Be Working OnOwn and operate our SOC 2 Type II compliance program end-to-end - managing the annual audit cycle, maintaining controls in Vanta, coordinating evidence gathering across teams, and remediating gaps before they become findingsDesign and lead the rollout of PCI DSS Service Provider Level 1 compliance, working with a QSA and internal engineering teams to scope the assessment, implement required controls, and prepare for auditBuild out our GDPR compliance posture - formalising data processing records, ensuring DSAR processes are robust, and working across departments to close gaps in our data protection practicesManage our GRC tooling (Vanta) day-to-day - configuring tests, maintaining integrations, triaging failing checks, and keeping evidence fresh and audit-readyRespond to customer and partner security questionnaires, due diligence requests, and trust-related inquiries. You'll be the face of Hospitable's security posture externallyWork with Sam whose favourite fruit is MangoPartner with engineering and infrastructure to translate compliance requirements into actionable technical work - writing clear tickets, not vague mandatesIdentify where compliance automation can reduce manual effort and implement it. We're a tech company; we should act like one when it comes to compliance tooEvaluate and recommend additional frameworks or certifications that strengthen our market position as we scaleRequirementsHospitable is a remote-only and distributed company. For this position, your location is not a requirement. The ideal fit would work under US Eastern or EMEA timezones.Don't tick all the boxes? Talk to us about why you're still an amazing fit. In the meantime, here's what we're paying attention to:Significant hands-on experience running compliance programs in a SaaS or technology company - you've been through multiple audit cycles and know what great looks likeDeep working knowledge of SOC 2 and PCI DSS frameworks. You understand controls at a practical level, not just a theoretical oneExperience with GRC platforms, ideally Vanta. You should be comfortable configuring tests, managing integrations, and using the platform as a source of truth rather than a reporting afterthoughtFamiliarity with GDPR and data protection requirements. Formal DPO experience is a plus but not requiredThe ability to work cross-functionally with engineering teams - you can read an architecture diagram, understand what a Kubernetes cluster is, and translate compliance requirements into language engineers actually want to act onAvid user of AI to improve and automate your workflows, knowing when to reach for it and when to step in - we don't want to be the next Delve-likeStrong written communication. We're remote-first and async-heavy. Most of your influence will come through clear documentation, well-written tickets, and persuasive Slack messages rather than meetingsSelf-motivated and able to operate with high autonomy. You won't have a compliance team around you (yet). You need to be comfortable owning the function solo and knowing when to pull others inExperience working with external auditors and QSAs. You know how to prepare for and manage an audit without it becoming a fire drillEverything else is a lovely bonus that we're excited to hear about!BenefitsThe company itself is also a product, one that we iterate on. We're always improving and creating an environment where we all love to work.A supportive, radically transparent, and caring team environment, where you are trusted, not managed—and a culture that is focused on results and outputThe total budget for this role is within $148,000 - $184,800.00 depending on the cost of living in your location. We can hire talent internationally as contractors—or employees if you are based in the United States, the European Union, or Australia, taking into account payroll taxes to determine your gross compensation. This means that for US employees, the gross salary could be anywhere between $136,492.34 to $170,430.97We also offer options into the company equity through (RSU's) with a current grant value of up to $50,400.00 to share in the long-term upside value of the companyFor US employees: healthcare (including EPO, PPO and HSA), 401(k)35 days off per year, encouraged (including self-serve public holidays) and parental leaveComplimentary mental health and emotional support with therapists on call through Slack by Spill. Earn virtual coins through our peer recognition platform and redeem them through gift cards, donations, or monetary rewards