Fractional Compliance & GRC Officer

About PactFi

Private asset markets (PE, Private Credit, VC, Real Estate) have 10x to 9.8T in AUM over the past decade and are projected to grow to $17T in the next five years. However, digital infrastructure has not kept pace, with most of the market operating predominantly in error-prone, internal-only software solutions.

PactFi provides secure, end-to-end, operational infrastructure for managing complex private credit transactions. Our web-based application brings together all parties involved in such a transaction to more efficiently allocate capital, complete KYC, share documents, manage funds flow, and more. The platform is secured to a bank-grade standard, and we have received our SOC 2 Type 2 attestation.

PactFi was developed in close partnership with two of the industry's largest players, both of whom represent the top 3 players in the private credit space by both size (AUM) and deal activity.

We are a growing capital markets fintech company seeking a Fractional Head of Compliance & GRC to oversee and administer our governance, risk, and compliance (GRC) program.
Our platform provides software infrastructure used by financial institutions and capital markets participants. While we are not a regulated financial services provider, our customers operate in highly regulated environments, making strong security, risk management, and compliance practices critical.
The company currently maintains SOC 2 and ISO 27001 compliance and continues to expand its enterprise customer base and product footprint.
This role combines strategic oversight with hands-on administration of the company’s compliance processes, ensuring the organization remains audit-ready and responsive to enterprise customer requirements.
The role works closely with the CEO, CTO, and Lead DevSecOps engineer, who own implementation of technical security controls.
Engagement: Approximately 10–30 hours per month, with workload fluctuating around audits and enterprise diligence requests
Reporting to: CEO / CTO

· Administer and maintain the company’s compliance policies, procedures, and control documentation

· Ensure company processes remain aligned with SOC 2 and ISO 27001 frameworks

· Maintain documentation supporting compliance audits and enterprise diligence requests

· Coordinate the company’s SOC 2 and ISO 27001 audit processes

· Work closely with the CTO and Lead DevSecOps engineer to ensure technical controls and evidence are available for audits

· Act as the primary point of contact with external auditors, coordinating walkthroughs, evidence submission, and remediation tracking

· Lead responses to enterprise security questionnaires and compliance diligence requests

· Support customer security reviews and vendor risk assessments

· Maintain documentation commonly requested by enterprise customers

· Maintain the company risk register and risk tracking processes

· Support processes for incident reporting, escalation, and remediation tracking

· Ensure compliance processes evolve as the company grows

· Maintain documentation and review processes for vendor and third-party risk

· Support vendor diligence required for audits and enterprise customers

· 8–12+ years of experience in compliance, risk management, or GRC

· Experience managing SOC 2, ISO 27001, or similar security/compliance frameworks

· Experience supporting enterprise customer security and compliance reviews

· Experience working with fintech, capital markets technology, or enterprise SaaS companies

You are a hands-on compliance operator who can run the practical processes required to maintain strong compliance and risk governance at a growing technology company. You are comfortable working cross-functionally with leadership, engineering, and customers to ensure the company remains audit-ready and responsive to enterprise diligence requirements.

What We Offer

• Competitive salary + equity.

• Healthcare coverage.

• 401k