Compliance Lead

Harper is an AI-native commercial insurance company in San Francisco. We're not bolting AI onto insurance - we're rebuilding the entire business as software, on a simple bet: turning expert human judgment into compute is one of the largest transitions left to make, and a trillion-dollar industry still run 90% by hand is the place to prove it. We've grown ~100x in the last year and we move at that speed - on-site, in person, long days, very high standards. Almost no one joins Harper for insurance; they join to build the company that replaces how it works.

We're rebuilding a brokerage to run 90%+ AI-led - intake, placement, bind, service, renewals, end to end, at ~1,000 new customers a month, roughly 60% of it E&S. You can't move a regulated business that fast without a real control function underneath it. We're hiring our first dedicated compliance leader to build that function from scratch.

At an AI-native brokerage, compliance is not a brake - it's infrastructure. The companies that win this transition wire institutional-grade controls into how the business actually runs: clearance gates, licensing matrices, communication policies, and incident playbooks that operators trust and ship against. The ones that don't end up explaining themselves to 50 state regulators after the fact.

You're the person who builds that infrastructure: audit first, consolidate what's fragmented, gate what's high-risk, instrument what matters, partner with engineering on the rails. Then the company moves faster and safer. The bar is proactive, not reactive - catch the issue through the system before it becomes a complaint, an exam, or a fire drill.

You report directly to the CEO and sit at the intersection of Operations, Growth, Finance, and Engineering. You don't write the engineering, but you specify it. You don't replace outside counsel, but you decide when to use them and when to just decide. And you own the rule so frontline managers don't have to be the bad guy - "not cleared yet" comes from you, and so does "here's what you need to launch."

What this role is not: it's not a generalist legal seat, it's not pure privacy/DPO, and it's not big-carrier committee governance. It's a hands-on operator role for someone with deep insurance regulatory depth who'd rather ship a working clearance gate than draft a memo about one.

• Audit the full regulatory surface first. Map every channel where regulated activity happens - channels, lists, sequences, licensing matrix, open complaint exposure. No new policies until you know what's live.

• Own producer licensing & market conduct. State licensing matrix by producer and authority level, with a real enforcement mechanism alongside sales and intake leadership. Appointments, DRLP designations, continuing education. You're the one who makes "licensing is not optional" real.

• Clear growth before it ships. A sign-off workflow for every new outbound channel, list source, lifecycle sequence, dialer, and partner economic - TCPA, state mini-TCPAs, CAN-SPAM, DPPA, license-list usage, anti-rebating, RESPA lanes, E-SIGN/UETA. Default-deny on gray areas; ship clearance on the cleared ones.

• Own surplus lines operations. Tax filings, diligent search, stamping-office workflows, multi-state surplus lines posture.

• Set communication & E&O guardrails. Approved-channel policy; claims, cancellation-save, and renewal-messaging guardrails for both AI-assisted and human reps; document retention and call-recording standards.

• Run DOI complaint intake & escalation. Triage, response coordination, and root-cause feedback into the operating teams. Catch problems through systems, not through complaints.

• Own incident & examination readiness. A multi-state regulatory notification playbook and exam-response coordination - the runbook exists before the next incident, not after.

• Engage regulators proactively. Build working relationships with state DOIs, stamping offices, and surplus lines regulators. Open dialogue ahead of issues, not after. Make Harper a known, credible operator in every jurisdiction we touch.

• Instrument the program. One clearance register. A licensing dashboard by state and producer. Open DOI items, scrub pass rates, time-to-clearance — reviewed weekly with the CEO.

• Use counsel surgically. Outside regulatory counsel for judgment calls, not basic discovery. You know when to escalate and when to decide.

• You've built, rebuilt, owned, or scaled a meaningful compliance function — not just maintained one at a mature carrier.

• E&S and surplus lines are in your bones - diligent search, tax, stamping offices, state-by-state quirks.

• You write policies people actually follow and build sign-off workflows that don't kill velocity.

• You're proactive by instinct. You'd rather instrument a leading indicator than respond to a complaint, and you'd rather pick up the phone with a regulator than wait for the letter.

• You're an operator first, lawyer-adjacent second. You think in dashboards, not memos — if you can't answer "what's cleared, what's exposed, who's licensed where" in one view, that's the first thing you build.

• You've cleared high-volume outbound under TCPA and state mini-TCPAs in a real revenue environment.

• You're comfortable with AI-assisted operations and set guardrails for automated comms instead of pretending automation isn't happening.

• You take the friction so operators don't have to - comfortable owning "not cleared yet" so sales and growth aren't improvising on gray areas.

• You earn trust fast with a founder. Low ego, high judgment, bias to ship.

• 5+ years in insurance compliance, regulatory affairs, or a control function - brokerage or agency experience strongly preferred.

• Multi-state P&C licensing fluency; demonstrated surplus lines experience.

• Track record building, rebuilding, owning, or scaling a compliance function (or a material part of one).

• Hands-on with TCPA, CAN-SPAM, state telemarketing rules, and high-volume outbound enforcement.

• Experience with DOI complaints, market conduct exams, and E&O posture.

• Proactive regulator engagement - working with state DOIs and surplus lines authorities before issues arise, not just after.

• Comfortable working directly with a founder/CEO and earning trust quickly.

• Strong written communication; bias to ship, low ego, high judgment.

Compliance leadership at a brokerage or MGA (E&S preferred); regulatory affairs at a carrier with real surplus lines exposure; a fintech/insurtech control function with multi-state licensing and TCPA depth; a financial-services control function paired with insurance regulatory experience; or outside regulatory counsel ready to step into the operator seat. The title matters less than the ability to walk in, audit the surface, consolidate fragmented controls, ship gates that hold, and instrument the program weekly.

Surplus lines tax, premium finance, FBO/trust account familiarity; experience clearing dataset-driven outbound (public-records, license lists, DPPA-covered data); guardrails for AI-assisted customer communications; multi-state incident notification; SOC 2 / security-compliance coordination; anti-rebating, RESPA lane analysis, and partner/referral economics review.

This role carries real tension worth naming, because the wrong fit will be unhappy fast:

• You're the control function inside a company built for speed. Your win condition isn't saying no - it's shipping gates that let the business say yes safely. If you take pride in being the brake, this will frustrate you. If you take pride in being the rails, you'll love it.

• You build and you run, at the same time. This is not "design the program and delegate." You'll be auditing a live outbound sequence and architecting the clearance register that prevents the next gap - in the same day, with no team under you yet.

• Founder-level intensity, direct to the CEO. Long days, high stakes, incomplete information, weekly review with the CEO. When a judgment call escalates, it escalates to you, then to them - no committee to hide behind.

• You own the unpopular word. "Not cleared yet" comes from you so a growth lead doesn't have to improvise on a regulatory gray area. You have to be comfortable being the one who holds the line - and the one who then unblocks it.

• Salary: $150,000–$220,000 + performance bonuses & equity

• Location: San Francisco Bay Area preferred; remote considered for the right candidate - either way, you're embedded with the teams you're protecting.

• Schedule: Monday–Friday, founder-level hours. The hours are long; the people who thrive here wouldn't have it any other way.

• Benefits: Health, dental, and vision insurance; commuter benefits (SF) or remote-work stipend; team meals and snacks (SF). Direct reporting to the CEO — high ownership, high visibility.

1. One to two screening calls - alignment on mission, pace, and scope.

2. On-site super day - audit a live regulatory surface with the team; meet ops, finance, and engineering; show how you think.

Send your resume and tell us about a time you saw a regulatory risk coming, stood up the controls before it surfaced, and let the business keep moving.