Director, Compliance job at Alkami Technology in US National

Director, Compliance locations US Remote time type Full time job requisition id JR-000456 As a remote-first company, most of our positions can be remote in the US, except for key roles, which will be indicated in the Job Title. Alkami is seeking a Director, Compliance to own the strategy, design, execution, and continuous improvement of the enterprise compliance program and third‑party risk management (TPRM). This leader will drive a lifecycle‑based approach to vendor/partner oversight and a control‑driven compliance management system (CMS) across policy, risk assessment, monitoring/testing, training, issue management, regulatory change, and reporting. The Director will partner closely with Legal, Procurement, Information Security, Finance, Product/Engineering, and Operations to protect Alkami and its clients while enabling innovation and growth. This is a remote role located in the United States with the expectation to travel up to 5% for team meetings and audits/exams. This role reports to the Chief Compliance Officer. Key Responsibilities & Duties: Program Leadership and Strategy Build and execute the multi‑year compliance and TPRM strategy aligned to Alkami’s risk appetite, regulatory expectations, and client commitments; define the roadmap for maturity, automation, and scalability. Own the end‑to‑end TPRM lifecycle (planning, due diligence, contracting, ongoing monitoring, renewals, offboarding) with risk‑based segmentation for vendors, partners, integrators, and critical suppliers. Establish and maintain compliance and TPRM policies, standards, and procedures; drive consistent adoption across the company and clear accountability for control ownership. Define and manage compliance and TPRM metrics, KRIs/KPIs, and reporting for executive leadership and the Board; surface inherent/residual risks, trends, exceptions, and remediation progress. Regulatory Management and Reporting Lead regulatory exam and inquiry management, including scoping, evidence collection, RFI/ROE responses, remediation plans, and regulator communications, in partnership with Legal and business owners. Maintain a regulatory obligations inventory and lead regulatory change management (horizon scanning, impact assessment, control design/updates, and timely implementation tracking). Own periodic management and Board reporting for compliance and TPRM—dashboards, narrative risk summaries, issue status, testing results, and emerging risk themes. Oversee compliance monitoring and testing activities based on risk assessments; validate control design/operating effectiveness and escalate gaps for timely remediation. Coordinate complaints, UDAAP, and other conduct risk reviews with relevant stakeholders, and ensure transparent reporting and corrective actions. Product Compliance (“compliance by design”) Embed product compliance into the SDLC and go‑to‑market processes: requirements mapping, control design, evidence plans, pre‑launch reviews, and sign‑off gates. Interpret and operationalize applicable requirements in a fintech/digital banking context (e.g., GLBA data protection, E‑SIGN, privacy and data retention, accessibility/ADA, security/NYDFS 500), partnering with Legal and InfoSec to translate into product and platform controls. Review new products/features, partnerships, and data uses for compliance risk; ensure documentation, testing, and client‑facing disclosures are accurate and complete. Support client due diligence and assurance needs (e.g., responses on compliance posture, control narratives), aligned with InfoSec assurances and TPRM artifacts. TPRM Operations and Execution Oversee timely, risk‑based due diligence across key domains (information security, compliance/privacy, operational resilience/BCP, financial viability, strategic/reputation, transaction risk). Ensure contracts include appropriate risk controls (right‑to‑audit, data protection/processing, incident notice, subcontractor/fourth‑party oversight, termination/data return/erasure). Lead ongoing monitoring (e.g., OFAC/negative news, control refresh, material change reviews), periodic reassessments, issues/exceptions, and executive escalations. Drive concentration risk and fourth‑party risk assessments for critical dependencies; guide exit and contingency planning. Partner with InfoSec on third‑party security assessments, incidents, coordinated response, and client communications where appropriate. People, Tools, and Cross‑functional Influence Build and lead a high‑performing Compliance and TPRM team; set goals, coach, and develop talent. Own the tooling strategy (e.g., GRC/TPRM platforms, regulatory change solutions, workflow intake, evidence/document automation, continuous monitoring signals, dashboards). Champion change management and stakeholder education to strengthen vendor owner and control owner accountability; streamline processes to speed time‑to‑decision with quality. Orchestrate cross‑functional governance with Legal, Procurement, InfoSec, Finance, IT/Engineering, Product, and Operations to remove friction and maintain control effectiveness. How You’ll Measure Success On‑time, high‑quality regulatory reporting; strong exam outcomes with timely and sustainable remediation. SLA adherence and time‑to‑decision across intake, due diligence, reviews, and renewals. Coverage and quality of risk assessments, inherent/residual scoring, and issue closure rates. Control effectiveness evidenced in internal/external audits, client assessments, and monitoring/testing results. Reduced exceptions, improved control/owner accountability, and uplift in continuous monitoring signal handling. Executive‑ready dashboards and narratives that improve risk‑informed decisions and planning. Qualifications: 12+ years in compliance, risk, or information security, with 7+ years focused on TPRM and/or regulatory compliance in SaaS, fintech, or financial services. 5+ years of people leadership with a track record building programs, teams, and cross‑functional influence. Bachelor’s degree; advanced degree a plus or equivalent work experience Deep knowledge of CMS components (policy/governance, risk assessment, monitoring/testing, training, issue management, regulatory change, and reporting) and TPRM frameworks. Strong familiarity with regulatory and industry frameworks relevant to fintech/digital banking and vendor risk (e.g., FFIEC/OCC/FDIC/NCUA guidance, GLBA, SOC 2, ISO 27001, PCI DSS, NYDFS 500, NIST), and how to evidence compliance in audits, exams, and client assessments. Demonstrated success implementing or maturing GRC/TPRM tooling, workflow automation, and reporting dashboards. Excellent communication skills with the ability to synthesize complex risk topics for executive and regulator audiences and drive decisions. Certifications such as CRCM, CCEP, CTPRP/CTPRA, CISA, CISSP, CRISC Desired Skills: Experience with product/feature compliance in a platform or API‑driven environment, including privacy‑by‑design and accessibility. Experience with AI governance and assessing vendors/products that leverage AI/ML. Background supporting client due diligence and sales/renewal cycles with defensible compliance/TPRM narratives. The salary range for this position is: $125,000 - $165,000 Cool Things to Know Not Just Any Company: Alkami has an awesome diverse and inclusive environment. We have a FUN culture and offer great benefits, including remote-first environment, unlimited paid time off, 401(k) with employer match, and more. Work Authorization: We cannot offer employment sponsorship at this time. Candidates must be eligible to work in the US for full-time employment. Apply tot his job