Alkami is a leading cloud-based digital banking solutions provider for financial institutions in the United States that helps clients to transform through retail and business banking, digital account opening and loan origination, payment fraud prevention, and data analytics and engagement solutions. Alkami’s Mobile App Platform has been certified by J.D. Power for providing clients with “An Outstanding Mobile Banking Platform Experience.”
Founded in 2009, we continue to be recognized for our intentional culture and tremendous growth (Best Place to Work in Fintech; Best & Brightest to Work For Nationally; and Comparably’s Best Company Culture, Best Career Growth, Best Engineering Team, and Best Places to Work in Dallas, among others). Through our bold investments in technology and people, we empower our clients to grow confidently, adapt quickly, and build thriving digital banking communities through tailored experiences for over 19.5M users.
As a remote-first company, most of our positions can be remote in the US, except for key roles, which will be indicated in the Job Title.
Follow us on Glassdoor and Linkedin!
Alkami is seeking a Director, Compliance to own the strategy, design, execution, and continuous improvement of the enterprise compliance program and third‑party risk management (TPRM). This leader will drive a lifecycle‑based approach to vendor/partner oversight and a control‑driven compliance management system (CMS) across policy, risk assessment, monitoring/testing, training, issue management, regulatory change, and reporting. The Director will partner closely with Legal, Procurement, Information Security, Finance, Product/Engineering, and Operations to protect Alkami and its clients while enabling innovation and growth. This is a remote role located in the United States with the expectation to travel up to 5% for team meetings and audits/exams. This role reports to the Chief Compliance Officer.Key Responsibilities & Duties:
Program Leadership and Strategy
Build and execute the multi‑year compliance and TPRM strategy aligned to Alkami’s risk appetite, regulatory expectations, and client commitments; define the roadmap for maturity, automation, and scalability.
Own the end‑to‑end TPRM lifecycle (planning, due diligence, contracting, ongoing monitoring, renewals, offboarding) with risk‑based segmentation for vendors, partners, integrators, and critical suppliers.
Establish and maintain compliance and TPRM policies, standards, and procedures; drive consistent adoption across the company and clear accountability for control ownership.
Define and manage compliance and TPRM metrics, KRIs/KPIs, and reporting for executive leadership and the Board; surface inherent/residual risks, trends, exceptions, and remediation progress.
Regulatory Management and Reporting
Lead regulatory exam and inquiry management, including scoping, evidence collection, RFI/ROE responses, remediation plans, and regulator communications, in partnership with Legal and business owners.
Maintain a regulatory obligations inventory and lead regulatory change management (horizon scanning, impact assessment, control design/updates, and timely implementation tracking).
Own periodic management and Board reporting for compliance and TPRM—dashboards, narrative risk summaries, issue status, testing results, and emerging risk themes.
Oversee compliance monitoring and testing activities based on risk assessments; validate control design/operating effectiveness and escalate gaps for timely remediation.
Coordinate complaints, UDAAP, and other conduct risk reviews with relevant stakeholders, and ensure transparent reporting and corrective actions.
Product Compliance (“compliance by design”)
Embed product compliance into the SDLC and go‑to‑market processes: requirements mapping, control design, evidence plans, pre‑launch reviews, and sign‑off gates.
Interpret and operationalize applicable requirements in a fintech/digital banking context (e.g., GLBA data protection, E‑SIGN, privacy and data retention, accessibility/ADA, security/NYDFS 500), partnering with Legal and InfoSec to translate into product and platform controls.
Review new products/features, partnerships, and data uses for compliance risk; ensure documentation, testing, and client‑facing disclosures are accurate and complete.
Support client due diligence and assurance needs (e.g., responses on compliance posture, control narratives), aligned with InfoSec assurances and TPRM artifacts.
TPRM Operations and Execution
Oversee timely, risk‑based due diligence across key domains (information security, compliance/privacy, operational resilience/BCP, financial viability, strategic/reputation, transaction risk).
Ensure contracts include appropriate risk controls (right‑to‑audit, data protection/processing, incident notice, subcontractor/fourth‑party oversight, termination/data return/erasure).
Lead ongoing monitoring (e.g., OFAC/negative news, control refresh, material change reviews), periodic reassessments, issues/exceptions, and executive escalations.
Drive concentration risk and fourth‑party risk assessments for critical dependencies; guide exit and contingency planning.
Partner with InfoSec on third‑party security assessments, incidents, coordinated response, and client communications where appropriate.
People, Tools, and Cross‑functional Influence
Build and lead a high‑performing Compliance and TPRM team; set goals, coach, and develop talent.
Own the tooling strategy (e.g., GRC/TPRM platforms, regulatory change solutions, workflow intake, evidence/document automation, continuous monitoring signals, dashboards).
Champion change management and stakeholder education to strengthen vendor owner and control owner accountability; streamline processes to speed time‑to‑decision with quality.
Orchestrate cross‑functional governance with Legal, Procurement, InfoSec, Finance, IT/Engineering, Product, and Operations to remove friction and maintain control effectiveness.
On‑time, high‑quality regulatory reporting; strong exam outcomes with timely and sustainable remediation.
SLA adherence and time‑to‑decision across intake, due diligence, reviews, and renewals.
Coverage and quality of risk assessments, inherent/residual scoring, and issue closure rates.
Control effectiveness evidenced in internal/external audits, client assessments, and monitoring/testing results.
Reduced exceptions, improved control/owner accountability, and uplift in continuous monitoring signal handling.
Executive‑ready dashboards and narratives that improve risk‑informed decisions and planning.
Qualifications:
12+ years in compliance, risk, or information security, with 7+ years focused on TPRM and/or regulatory compliance in SaaS, fintech, or financial services.
5+ years of people leadership with a track record building programs, teams, and cross‑functional influence.
Bachelor’s degree; advanced degree a plus or equivalent work experience
Deep knowledge of CMS components (policy/governance, risk assessment, monitoring/testing, training, issue management, regulatory change, and reporting) and TPRM frameworks.
Strong familiarity with regulatory and industry frameworks relevant to fintech/digital banking and vendor risk (e.g., FFIEC/OCC/FDIC/NCUA guidance, GLBA, SOC 2, ISO 27001, PCI DSS, NYDFS 500, NIST), and how to evidence compliance in audits, exams, and client assessments.
Demonstrated success implementing or maturing GRC/TPRM tooling, workflow automation, and reporting dashboards.
Excellent communication skills with the ability to synthesize complex risk topics for executive and regulator audiences and drive decisions.
Certifications such as CRCM, CCEP, CTPRP/CTPRA, CISA, CISSP, CRISC
Desired Skills:
Experience with product/feature compliance in a platform or API‑driven environment, including privacy‑by‑design and accessibility.
Experience with AI governance and assessing vendors/products that leverage AI/ML.
Background supporting client due diligence and sales/renewal cycles with defensible compliance/TPRM narratives.
Not Just Any Company: Alkami has an awesome diverse and inclusive environment. We have a FUN culture and offer great benefits, including remote-first environment, unlimited paid time off, 401(k) with employer match, and more.
Work Authorization: We cannot offer employment sponsorship at this time. Candidates must be eligible to work in the US for full-time employment.
Recruiters: We are not looking for outside recruiting firms to help us in this search. Thank you for understanding.
Pay Transparency: As of January 1, 2023, new states and locales have enacted pay equity laws that require more pay transparency by employers in the following states: California, Colorado (effective January 1, 2021), Connecticut, Maryland, Nevada, New Jersey, New York, Ohio, Rhode Island and Washington.
The Important StuffAlkami Technology is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: Alkami is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Alkami are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Alkami will not tolerate discrimination or harassment based on any of these characteristics. Alkami encourages applicants of all ages.
#LI-REMOTE
J.D. Power 2024 Mobile App Platform Certification ProgramSM recognition is based on successful completion of an audit and exceeding a customer experience benchmark through a survey of recent servicing interactions. For more information, visit jdpower.com/awards.
