About Shufti
Shufti is a global leader in AI-powered identity verification (IDV) and anti-money laundering (AML) solutions, offering advanced KYC (Know Your Customer), KYB (Know Your Business) and KYI (Know Your Investor) services that enable businesses to onboard customers securely and meet regulatory requirements. Founded in 2017 and trusted by industry leaders in FinTech, Crypto, Banking, E-commerce, and iGaming, our technology delivers real-time verification in over 240 countries and territories-empowering a safer, fraud free digital world.
Position Purpose:
The Head of Compliance & Legal Operations is a critical leadership role responsible for building, owning, and defending Shufti Pro's global compliance framework. This role is the company's central control function for regulatory risk, requiring deep integration with our product and commercial strategy. You will also coordinate essential legal and contract administration workflows. We are seeking a builder and an owner, not just a manager, who can operate with high autonomy in our lean, fast paced environment.
The Non Negotiables (What You Must Have Done Before):
- Built or fundamentally reshaped a global compliance program in a fintech, RegTech, crypto adjacent, or technology company serving regulated financial institutions.
- Hands on experience analyzing and applying regulatory requirements across multiple key jurisdictions (specifically US, UK, EU, and/or Middle East), with a working knowledge of frameworks like US BSA/AML, UK MLRs/FCA handbooks, EU AMLD, GDPR, and an understanding of DORA, MiCA, and crypto asset regulations.
- Acted as a true control function, with proven experience shaping commercial deals, product features, and market entry decisions from the outset based on regulatory constraints-not just performing post facto risk assessments.
- Operated successfully in a resource lean environment where you have personally handled legal adjacent or operational tasks beyond a narrow compliance remit.
Key Responsibilities: 1. Strategic Compliance Ownership & Build:
- Design, implement, and own the end to end global compliance framework from the ground up, ensuring it is fully integrated into our product architecture and GTM strategy.
- Conduct granular regulatory perimeter analysis for new and existing markets, translating complex regulations into actionable, commercially aware requirements for product, sales, and engineering teams.
- Serve as the definitive internal authority on regulatory risk tolerance. Articulate clear, binary boundaries and provide decisive guidance to leadership, with the authority to shape business decisions.
2. Commercial & Product Partnership:
- Embed compliance into the product lifecycle and sales process. Review and approve new product features, customer proposals, and commercial structures before commitments are made.
- Act as a strategic partner to Sales, enabling deal closure by designing compliant solutions and articulating our control environment to enterprise customers and partners.
- Draft and negotiate compliance related clauses in customer and partner contracts, in close collaboration with the General Counsel.
3. Operational Execution & Control:
- Establish and run all core compliance operations (policies, training, monitoring, incident management) with a focus on practicality and audit ready documentation.
- Own the compliance risk register and lead regulatory engagements, including audits, inquiries, and licensing processes.
- Coordinate legal operations: manage contract lifecycle from intake to execution, maintain legal playbooks, and track tasks to reduce executive load.
4. Leadership & Mindset:
- Thrive in ambiguity and a flat structure. You will be the primary compliance resource and must be comfortable executing hands on work while setting strategic direction.
- Foster a culture of regulatory excellence that balances robust risk management with the pace of a high growth technology company.
Required Experience & Skills:
- 8+ years of compliance experience, with the majority gained in technology driven financial services (fintech, payments, crypto, RegTech). Experience at an identity verification provider is a significant plus.
- Proven track record of building or substantially rebuilding a compliance program, not just maintaining an established one.
- Expert level knowledge of AML/CFT, Sanctions, and KYC regulations across major jurisdictions. Strong working knowledge of GDPR/data protection as it applies to processing operations.
- Demonstrated experience acting as a commercial partner and control function. You can point to instances where you directly said "no" or "only this way" to a commercial deal or product launch based on regulatory risk.
- Experience with contract management and legal operations workflows.
- Excellent English communication skills, with the ability to command authority with internal teams, customers, and regulators.
- Relevant certifications (CAMS, ICA, etc.) are preferred.