**About Vasco**

Vasco is building API-first rails for modern VAT-refund experiences — helping retailers, marketplaces, and travel apps offer fast, transparent, trusted tax-free shopping.

**The role**

You will be the owner of all compliance matters for Vasco’s Italy operations — the person accountable for making sure we can operate legally and confidently across customs workflows, payments, risk controls, privacy, and enterprise requirements.

This is not a “policy-only” role. You’ll translate regulatory obligations into practical, audit-ready operations, partner tightly with Product/Engineering/Integrations to build compliance into the system by default, and run the day-to-day governance that keeps everything compliant as we scale. You’ll also be the primary point of contact for compliance topics with external stakeholders (authorities, partners, and enterprise customers).

**What you’ll do**

**Own Italy compliance end-to-end**

- Act as Vasco’s accountable owner for the full Italy compliance perimeter: customs/e-validation operations, payments compliance, consumer/merchant-facing requirements, data protection, and audit readiness.
- Maintain a single source of truth for Italy requirements, decisions, evidence, and change management.
- Build a forward-looking compliance roadmap (what must be true to operate, what’s next, what’s risky) and drive it to completion.

**Customs & e-validation operations (OTELLO / AGM)**

- Own everything related to AGM and the OTELLO system: requirements, documentation, environments, credentials/certificates, and ongoing governance.
- Define operational controls for OTELLO-connected workflows (traceability, exception handling, retention, approvals) and ensure the system is audit-reconstructable end-to-end.
- Run partner rhythms: clarifications, escalations, incident communications, and change tracking.

**Payments, KYC/KYB, AML & financial controls**

- Design and own Italy-specific compliance for money movement: KYC/KYB, AML/risk tiers, eligibility rules, sanctions/PEP screening where relevant, and escalation processes.
- Align payout and reconciliation controls with PSPs/EMIs: approvals, holds, reversals, settlement integrity, chargebacks/disputes, and audit trails.
- Build and maintain defensible evidence for every critical step (decision logs, approvals, reconciliations, exception handling).

**Monitoring, incidents, and audit readiness**

- Stand up monitoring/alerting across customs validation and payments flows: missing/late validations, mismatches, abnormal patterns, reconciliation breaks, and operational drift.
- Create incident playbooks (triage → mitigation → resolution → postmortem) and drive corrective/preventive actions with engineering and ops.
- Own recurring evidence packs and reviews (weekly/monthly): control checks, sampling, KPIs, incident register, vendor attestations, and remediation tracking.

**Privacy & vendor governance**

- Own GDPR posture for Italy operations: ROPA, DPIAs where required, TOMs, DPAs, vendor due diligence, subprocessors list, retention/deletion, and data access procedures.
- Ensure third-party risk management is real: vendors are assessed, contracts are correct, and controls are enforceable in operations.

**Enterprise readiness**

- Build and maintain the Enterprise Compliance Pack for Italy: security questionnaire boilerplates, control narratives/mappings (ISO/SOC-style), pen-test cadence, and standard audit responses.
- Support enterprise procurement/security reviews with fast, consistent, evidence-backed answers.

**What you bring**

- 5–10 years in regulated operations: customs/tax-free, payments/fintech compliance, or similarly regulated environments (with real operational ownership).
- Track record building audit-ready operations: controls, monitoring, evidence, reporting, and repeatable runbooks.
- Strong cross-functional execution: you can move from requirement → spec → implementation → evidence without dropping the thread.
- Comfort with PSP/EMI processes, payout & reconciliation controls, dispute/chargeback dynamics, and basic PCI scoping.
- Excellent writing and stakeholder management — you can interface with authorities/partners and also unblock engineers.
- Languages: Fluent Italian + English.

**Success in your first 90 days**

- Clear Italy compliance operating model live: scope, owners, controls, cadence, and a single source of truth for requirements and evidence.
- OTELLO/AGM governance running: monitoring, exception handling, incident playbooks, and audit-reconstructable logs/evidence in place.
- Risk + payments compliance v1 implemented: KYC/KYB and escalation, payout/recon controls, and defensible audit trails.
- Enterprise Compliance Pack v1 shipped and used to complete at least one enterprise security/procurement review efficiently.

**Why join Vasco**

- You’ll own the compliance foundation that makes the Italy business possible — from customs integrity to money movement and privacy posture.
- High autonomy, direct impact, and scope that grows with volume and complexity.
- Competitive salary + meaningful equity; hybrid-friendly.

Länk för att ansöka: https://it.linkedin.com/jobs/view/compliance-program-manager-italy-at-vasco-tax-free-4370314979