Corporate Counsel - Regulatory & Compliance



Lehi, UT, USA
Posted on Thursday, May 25, 2023

Weave’s Head of Compliance is responsible for ensuring compliance with outside regulatory and legal requirements as well as internal policies and bylaws. This includes working with engineering and product leaders to ensure our product meets applicable regulatory standards (i.e., telecommunications and privacy requirements applicable to our industry), working with business leaders to ensure our business processes comply with internal policies and bylaws (i.e., code of conduct and data privacy), working closely with our Head of Security on data privacy and security, and working closely with our Head of Internal Audit on SOX compliance. This person will also be a key member of our Risk Management team and will help us identify, track, and remediate risk.

We are looking for someone local or willing to relocate to the Lehi, Utah area. This position is a hybrid role (minimum 3 days in office / 2 days flexible) reporting to our Chief Legal Officer.

What You Will Own

  • Maintenance and implementation of a wide variety of company internal policies including Weave’s Global Code of Conduct, privacy policy, data classification, vendor risk management, identity and access management, acceptable use, breach notification, and incident response and investigation, and personnel security, as well as external documentation such as Terms of Service and related documentation.
  • Partner with Product and Engineering, Marketing, Finance, Human Resources, and other departments to ensure that our service and internal operations comply with applicable regulatory requirements and best practices (e.g., US and Canadian laws, regulations, and frameworks including HIPAA, CCPA/CPRA, TCPA, CAN-SPAM, SOX, the FCC’s e911 and CPNI rules, STIR/SHAKEN, CTIA Messaging Principles and Best Practices, Securities Exchange Act and SEC rules, AML rules, Americans with Disabilities Act; and Canada’s PIPEDA, provincial privacy laws, CASL, the Accessible Canada Act, and the CRTC’s Unsolicited Telecommunications and e911 rules; and PCI-DSS).
  • Act as an internal advisor/partner to departments regarding risk and compliance matters (e.g. controls, best practices, and industry developments.) Assists departments in understanding regulatory responsibilities and best practices.
  • Design and implement employee training programs to ensure that employees understand their roles and responsibilities for compliance with laws and regulations, data security and protection, privacy, and adherence to Weave’s Code of Conduct.
  • Create and implement risk management processes in conjunction with security, internal audit, and business leaders. Collaborate and partner with stakeholders across Weave to proactively identify legal, compliance, technology, security, and privacy risks and design mitigation solutions that are consistent with Weave’s business strategy and risk tolerance.
  • Report to senior leadership and the Audit Committee of the Board of Directors on key risks. Regularly update key risk factors in Weave’s 10K/Q filings.
  • Assist with development and implementation of controls in support of SOX compliance and financial statement audits.
  • Participates in the strategic planning process.
  • Respond to regulatory complaints, government or regulatory requests, customer complaints, incidents.
  • Facilitate and respond to Weave customer due diligence and security/compliance inquiries.
  • Develop customer-facing materials regarding compliance and security topics.
  • Oversee operation of Weave’s vendor risk management program, to include due diligence screening of all new and existing vendors (e.g., ethics, AML, data security and privacy).
  • Participate in security incident response and investigations, coordinating with various Weave departments, leadership, and external parties. Assist with management of post-incident reporting to leadership, customers, and external parties.
  • Assist Legal team with contract management, corporate governance (US, India, Canada), federal and state-level registrations (Secretary of State, Public Utilities Commissions, etc.) and various other tasks.
  • Assist in evaluating compliance and operational requirements for international operations and new markets.

What You Will Need to Accomplish the Job (minimum qualifications- education, experience, certifications, skills)

  • Bachelor’s Degree
  • 5+ years compliance experience in relevant industry
  • Strong Privacy background
  • Experience with HIPAA, CCPA/CPRA, and other privacy regulations
  • Skilled at working with cross-functional teams including both business leaders & technical leaders on complex projects
  • Excellent communication skills (written and verbal)

What Will Make Us Love You (preferred qualifications- including personality traits)

  • JD, MBA, or relevant master’s degree
  • Privacy, security or risk management certifications such as CIPP, CIPM, CRISC, CISM, CISSP
  • Experience with US telecom and communications regulations such as TCPA, CAN-SPAM, the FCC’s e911 and CPNI rules, STIR/SHAKEN
  • Understanding of CTIA Messaging Principles and Best Practices and 10DLC SMS text messaging ecosystem
  • Experience with Canadian telecom and communications regulations, such as CASL, and the CRTC’s Unsolicited Telecommunications and e911 rules
  • Experience with PCI DSS standards
  • Experience PIPEDA and other Canadian provincial privacy regulations
  • Understanding of accessibility regulations including the Americans with Disabilities Act and the Accessible Canada Act
  • Good business acumen and judgment

Weave is an equal opportunity employer that is committed to diversity and inclusion. We welcome anyone who is hungry to learn, problem-solve and progress regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics.

If you have a disability or special need that requires accommodation, please let us know.