Cantaloupe Inc. Atlanta , GA 30301
Posted 1 week ago
Director of IT Compliance
Cantaloupe, Inc. is a software and payments company that provides end-to-end technology solutions for self-service commerce. Cantaloupe is transforming the self-service commerce industry by offering one integrated solution for payments processing, logistics, and back-office management. The Company's enterprise-wide platform is designed to increase consumer engagement and sales revenue through digital payments, digital advertising, and customer loyalty programs, while providing retailers with control and visibility over their operations and inventory. As a result, customers ranging from vending machine companies to operators of micro-markets, car charging stations, laundromats, metered parking terminals, kiosks, amusements and more, can run their businesses more proactively, predictably, and competitively.
The Director of IT Compliance will report to the CIO and will be responsible for ensuring IT compliance across Cantaloupe's portfolio of applications for Sarbanes-Oxeley, PCI, and SOC-2 systems. This is a new position where you roll up your sleeves, dive in, and make a difference to own, grow, and shape Cantaloupe's compliance posture during the next phase of the company's rapid growth.
Essential Duties and Responsibilities:
Partner with Management (IT and Business) and Internal Audit to
Participate in SOX Scoping for in-house developed, purchased, or external IT systems and service providers
Identify key controls that could impact Cantaloupe's IT System reporting
Manage and rationalize overlap of various compliance and regulatory frameworks (SOX, PCI, SOC2, etc.) so to minimize duplicative language and control activities across the frameworks
Manage, design, and optimize Cantaloupe's SOX ITGC framework to align with business controls, IT system capabilities, adjusted for Cantaloupe's risk profile
Ensure all control risk exceptions are documented and maintained
Ensure all control activities are completed on time, consistently, and with quality IPE that is complete and accurate
Evaluate overall ITGC coverage, overall control-design effectiveness, and implement necessary adjustment
Participate (and lead) IT General Control walkthroughs with internal and external auditors
Review and resolve any ITGC deficiencies by identifying corrective action and driving mitigation
Serve as the Technical SME that oversees/drives change management and SoD log reviews
Oversee quarterly user access reviews and insure
Plays key role in annual, semi annual and quarterly risk assessments
Work closely with the IT, Security, Engineering, Data and Compliance teams to ensure IT General Control documentation and monitoring programs are consistent with SOX requirements
Work closely with IT and Engineering teams to ensure Change Management and SDLC processes are optimized, that the teams are aligned to Cantaloupe's published policies
Prepare materials and SOX compliance updates for Leadership and Audit Committee meetings
Continuously improve the SOX program to become more efficient and effective through optimization and automation
Recommend to CIO / CTLP Leadership any gaps in controls, control language, automation tools, etc. that will simplify and automate ITGC compliance performance and reporting
Required Qualifications/Skills:
15+ years of experience, ideally with Big 4 and public company experience working on SOX compliance. Experience working in a rapid growth environment in financial services, payments, SaaS or technology companies a plus
CPA and CIA/CISA or equivalent required. Practical and deep knowledge of US GAAP, SOX, PCI, and SOC 2 requirements
Significant skills as a technical generalist that will enable you to perform log reviews and change management assessments
An organized, detailed, proactive, self-motivated, and collaborative work style.
Excellent oral and written communication skills
Proven ability to work cross functionally and adapt to change are extremely important
Ability to prioritize workloads and ensure deadlines are consistently met
High integrity and ability to handle confidential information
Preferred Qualifications:
Familiarity with new PCI-4 compliance requirements and other relevant payment regulations
Knowledge of IT compliance best-practices, both processes and tools
Familiarity with the capabilities of modern cloud ecosystems (e.g. Azure, AWS) and the technologies that power them
Knowledge of fraud detection and prevention techniques in payment systems
Familiarity with mobile payments and other emerging payment technologies
Familiarity with analytics and data visualization tools such as Tableau or Google Analytics
Interpersonal Skills:
Why choose Cantaloupe:
We offer competitive benefits not just limited to compensation but also offer:
Medical, Dental, & Vision Benefits coverage, plus additional benefits (Life Assistance Program, Financial Wellness, and Nutritional Counseling)
401(K) with employer match effective upon the first day of employment
18 days PTO + (9) Observed Company Holidays
Tuition Reimbursement
Cantaloupe Inc.