Director of IT Compliance

                                                                                                                                      Director of IT Compliance

Cantaloupe, Inc. is a software and payments company that provides end-to-end technology solutions for self-service commerce. Cantaloupe is transforming the self-service commerce industry by offering one integrated solution for payments processing, logistics, and back-office management. The Company’s enterprise-wide platform is designed to increase consumer engagement and sales revenue through digital payments, digital advertising, and customer loyalty programs, while providing retailers with control and visibility over their operations and inventory. As a result, customers ranging from vending machine companies to operators of micro-markets, car charging stations, laundromats, metered parking terminals, kiosks, amusements and more, can run their businesses more proactively, predictably, and competitively.

The Director of IT Compliance will report to the CIO and will be responsible for ensuring IT compliance across Cantaloupe’s portfolio of applications for Sarbanes-Oxeley, PCI, and SOC-2 systems.   This is a new position where you roll up your sleeves, dive in, and make a difference to own, grow, and shape Cantaloupe’s compliance posture during the next phase of the company's rapid growth.  

Essential Duties and Responsibilities:

• Partner with Management (IT and Business) and Internal Audit to
  • Participate in SOX Scoping for in-house developed, purchased, or external IT systems and service providers
  • Identify key controls that could impact Cantaloupe’s IT System reporting
• Manage and rationalize overlap of various compliance and regulatory frameworks (SOX, PCI, SOC2, etc.) so to minimize duplicative language and control activities across the frameworks
• Manage, design, and optimize Cantaloupe’s SOX ITGC framework to align with business controls, IT system capabilities, adjusted for Cantaloupe’s risk profile
• Ensure all control risk exceptions are documented and maintained
• Ensure all control activities are completed on time, consistently, and with quality IPE that is complete and accurate
• Evaluate overall ITGC coverage, overall control-design effectiveness, and implement necessary adjustment
• Participate (and lead) IT General Control walkthroughs with internal and external auditors
• Review and resolve any ITGC deficiencies by identifying corrective action and driving mitigation
• Serve as the Technical SME that oversees/drives change management and SoD log reviews
• Oversee quarterly user access reviews and insure
• Plays key role in annual, semi annual and quarterly risk assessments
• Work closely with the IT, Security, Engineering, Data and Compliance teams to ensure IT General Control documentation and monitoring programs are consistent with SOX requirements
• Work closely with IT and Engineering teams to ensure Change Management and SDLC processes are optimized, that the teams are aligned to Cantaloupe’s published policies
• Prepare materials and SOX compliance updates for Leadership and Audit Committee meetings
• Continuously improve the SOX program to become more efficient and effective through optimization and automation
• Recommend to CIO / CTLP Leadership any gaps in controls, control language, automation tools, etc. that will simplify and automate ITGC compliance performance and reporting

Required Qualifications/Skills: 

• 15 years of experience, ideally with Big 4 and public company experience working on SOX compliance. Experience working in a rapid growth environment in financial services, payments, SaaS or technology companies a plus
• CPA and CIA/CISA or equivalent required. Practical and deep knowledge of US GAAP, SOX, PCI, and SOC 2 requirements
• Significant skills as a technical generalist that will enable you to perform log reviews and change management assessments
• An organized, detailed, proactive, self-motivated, and collaborative work style.
• Excellent oral and written communication skills
• Proven ability to work cross functionally and adapt to change are extremely important
• Ability to prioritize workloads and ensure deadlines are consistently met
• High integrity and ability to handle confidential information

Preferred Qualifications:

• Familiarity with new PCI-4 compliance requirements and other relevant payment regulations
• Knowledge of IT compliance best-practices, both processes and tools
• Familiarity with the capabilities of modern cloud ecosystems (e.g. Azure, AWS) and the technologies that power them
• Knowledge of fraud detection and prevention techniques in payment systems
• Familiarity with mobile payments and other emerging payment technologies
• Familiarity with analytics and data visualization tools such as Tableau or Google Analytics

Interpersonal Skills:

• Strong communication and interpersonal skills, with the ability to build strong relationships with stakeholders, team members, and external customers

Why choose Cantaloupe:

We offer competitive benefits not just limited to compensation but also offer:

• Medical, Dental, & Vision Benefits coverage, plus additional benefits (Life Assistance Program, Financial Wellness, and Nutritional Counseling)
• 401(K) with employer match effective upon the first day of employment
• 18 days PTO (9) Observed Company Holidays
• Tuition Reimbursement