Compliance Manager
Role Overview
We are looking for a Compliance Manager to lead Agora Labs' compliance, quality-system, and controlled-documentation function across information security, operational quality, and privacy-related frameworks.
This role is designed for a senior compliance / quality professional with strong experience in ISO-based management systems, audit preparation, document control, and policy-to-practice execution in regulated environments.
The position combines certification leadership, documentation ownership, internal control coordination, and cross-functional execution in a highly regulated healthcare-data environment.
The core priorities for 2026 are clear: successfully pass the ISO 27001 yearly external audit, obtain ISO 9001 certification, and evaluate Agora Labs' readiness and certification path for Europrivacy.
This person will effectively own the docs across the company: the controlled compliance set, SOPs, and the broader product and process documentation that must remain structured, current, and audit-ready.
Key Responsibilities
Compliance, Certification & Audit Leadership
Lead day-to-day ownership of Agora Labs' ISO 27001 program and coordinate all activities required to successfully pass the 2026 external audit.
Drive the build-out of the ISO 9001 quality management system, including the required documentation set, operating routines, evidence structure, internal audit preparation, management review inputs, and certification readiness.
Evaluate Europrivacy applicability, readiness gaps, implementation effort, and certification path, producing a pragmatic recommendation and execution plan.
Maintain alignment across policies, controls, evidence, and operating practices, ensuring the company can demonstrate compliance coherently and consistently.
Monitor standards and regulatory developments relevant to the business, including GDPR and, ideally, HIPAA-related requirements for data governance and sensitive-data handling.
Documentation, QMS & Process Ownership
Own the company's controlled documentation system end to end, including manuals, policies, procedures, SOPs, registers, annexes, templates, revision history, approval flows, and evidence references.
Bring order to product documentation, operating procedures, and compliance records, ensuring documents are current, versioned, traceable, approved, and audit-ready.
Lead the revision and maintenance of core governance and operational documents, including the ISMS manual, policy set, statement of applicability, document register, risk and context materials, training plan, organigram, business continuity documentation, and audit records where relevant.
Build and maintain a practical document-governance model so engineering, product, operations, HR, and leadership know what documentation must exist, who owns it, how it is updated, and what evidence must be retained.
Ensure that documentation reflects the real operating model, product portfolio, delivery practices, BYOD setup, SaaS tooling, and the actual security and quality controls in place.
Operational Controls & Continuous Improvement
Coordinate policy and procedure reviews, gap-remediation actions, evidence collection, and follow-up items across the company.
Support the definition and maintenance of risk assessments, control mappings, corrective actions, supplier compliance records, training records, and periodic reviews.
Prepare internal audits, management reviews, and certification interactions in a structured, no-surprises manner.
Help formalise and improve SOPs and repeatable processes across product, engineering, operations, and customer-facing workflows where documentation maturity is required.
Track deadlines, action owners, and dependencies to ensure compliance work moves from documentation into actual implementation.
Cross-Functional & External Coordination
Act as the primary counterpart for auditors, certification bodies, and external compliance or quality advisors.
Work closely with founders, product, engineering, security, operations, HR, and legal / privacy stakeholders to turn requirements into workable processes and documented controls.
Translate standards language into operational expectations, keeping the company compliant without creating unnecessary bureaucracy.
Support customer, partner, or due-diligence requests related to certifications, policies, controls, SOPs, and documentation when needed.
Required Qualifications
Education
Bachelor's or Master's degree in Law, Quality Management, Engineering, Life Sciences, Information Security, or a related field, or equivalent practical experience.
Experience
5+ years of experience in compliance, quality, information-security governance, QMS / ISMS management, or audit and certification work.
Proven experience supporting or leading ISO 27001 programs, external audits, and policy / control documentation in a regulated or high-trust environment.
Strong experience building or maintaining management-system documentation, document-control practices, SOP libraries, and audit-evidence structures.
Experience with ISO 9001 implementation or certification is strongly preferred.
Experience in healthcare, life sciences, MedTech, clinical data, or other regulated environments is strongly preferred.
Standards & Regulatory Knowledge
Solid working knowledge of ISO 27001 and its practical implementation in small or scaling organisations.
Familiarity with ISO 9001 quality-management requirements and their translation into operating procedures, document control, and recurring review mechanisms.
Strong plus: experience with GDPR and HIPAA-related compliance requirements.
Nice to have: exposure to Europrivacy, privacy-governance programs, or data-protection accountability frameworks.
Minor plus: familiarity with ISO 13485 or medical-device quality environments.
Audit & Certification Credential
Lead Auditor, Internal Auditor, Lead Implementer, or similar formal certification in ISO 27001 and / or ISO 9001 is strongly preferred.
Candidates who have completed recognised auditor-track training and can run internal audits with confidence will be prioritised.
Execution & Communication
Highly structured, detail-oriented, and capable of owning large documentation sets without losing operational relevance.
Able to drive work cross-functionally, challenge unclear ownership, and keep teams aligned on deadlines, evidence needs, and certification priorities.
Strong written communication skills in English, with the ability to produce clear, defensible, auditor-ready documents.
Pragmatic, hands-on, and comfortable working in a scale-up environment where systems must be improved while business execution continues.
Languages
Fluent English (mandatory).
Italian is a strong plus.
What We Offer
A central role in building Agora Labs' compliance and quality maturity across information security, privacy, and operational excellence.
Direct impact on the company's certification roadmap, audit readiness, and documentation quality.
Exposure to a highly relevant combination of healthcare, AI, privacy-preserving technology, and regulated data collaboration.
The opportunity to put real structure in place and own a function that matters strategically to the company.
Flexible, international, and mission-driven working environment.
