Risk & Compliance Manager Nashville, TN; Hybrid or Remote

Position: Risk & Compliance Manager Nashville, TN (Hybrid) or Remote Built's Mission: Connect and simplify doing business in real estate. Built is the AI-powered platform transforming the way real estate is financed, developed, and managed. Purpose-built for real estate and construction, Built began by fixing construction draw management for lenders and has grown into a comprehensive operating system addressing some of the industry’s most complex challenges. Through its connected product suite, Built enables stakeholders to finance, develop, build, own, and operate smarter—all in one place. The platform brings together loans, deals, portfolios, payments, inspections, and collaboration to deliver faster execution, greater transparency, efficiency, and trust across the industry. Today, Built is a partner to more than 350 lenders, over 80,000 borrowers and owners, and thousands of contractors, powering 86,000 active projects valued at more than $300 billion. Learn more at We are seeking a Risk & Compliance Manager who thrives at the intersection of security, compliance operations, risk management, and cross-functional collaboration. This role is both strategic and hands-on, owning key components of Built’s SOC program, client assurance processes, and ongoing governance responsibilities across the organization. Role Overview The Risk & Compliance Manager supports and maintains Built’s security and compliance posture by managing external audits, client due diligence engagements, compliance tooling, and recurring risk and controls activities. This highly visible role works closely with teams across Security, IT, Engineering, Product, Payments, HR, and Operations to ensure Built remains audit-ready and aligned to industry and regulatory expectations. This is an individual contributor role with no direct people management responsibilities.

Key Responsibilities

• Respond to and manage client security assessments, questionnaires, and due-diligence requests.
• Provide compliance documentation and evidence through Built’s Trust Center.
• Participate in client review meetings and coordinate internal follow-ups as needed. SOC 1 & SOC 2 Audit Program Management
• Coordinate the full lifecycle of Built’s annual SOC 1 and SOC 2 audits, including evidence collection, stakeholder scheduling, and auditor communication.
• Maintain Built’s control environment within Drata and ensure ongoing audit readiness. Trust Center Ownership
• Administer Built’s Trust Center (Conveyor), ensuring documents, policies, and audit materials are accurate and up-to-date.
• Manage client access requests and support users with navigation and content inquiries. Payments Compliance Support
• Support annual payments compliance activities (e.g., AML/Sanctions training, Nacha audit) in partnership with external consultants and internal stakeholders.
• Conduct periodic internal reviews of payments processes to ensure adherence to policies and partner expectations. Policy & Documentation Governance
• Manage the lifecycle of Built’s policies and procedures, ensuring updates, annual reviews, and publication to the Trust Center.
• Maintain core compliance documentation, including audit records, incident logs, attestations, and internal reporting. Compliance Controls & Operational Oversight
• Support ongoing monitoring and upkeep of compliance and security controls across the organization.
• Track and coordinate recurring compliance tasks managed through Jira automations. Training & Awareness Programs
• Partner with Learning & Development to manage annual and onboarding compliance/security training and ensure completion across the organization.
• Participate in vendor reviews within the procurement process and maintain the Significant Vendor Index.
• Support the annual enterprise risk assessment and track mitigation activities. Privacy & Data Requests
• Manage inbound data subject access requests (DSARs) and coordinate responses in alignment with regulatory and internal requirements.

Qualifications

Required

• 7-8 years of experience in security compliance, audit readiness, or risk management.
• Hands-on experience with SOC 2 or similar frameworks (ISO 27001, PCI, SOX).
• Strong understanding of control requirements and evidence validation.
• Excellent communication and documentation… Apply tot his job Apply tot his job Apply tot his job

Apply tot his job Apply To this Job