BPO Vendor Compliance Partner - Customer Support

At Roblox, we are seeking a detail-oriented BPO Vendor Compliance Partner to ensure the integrity and security of our outsourced operations. The BPO Vendor Compliance Partner is critical for maintaining the operational integrity and security of outsourced Moderation services. This role is responsible for establishing and executing a comprehensive compliance governance framework, ensuring all Business Process Outsourcing (BPO) vendors strictly adhere to contractual Service Level Agreements (SLAs), regulatory requirements (e.g., data privacy), and internal security policies. This Partner will continuously monitor vendor performance, lead adversarial testing, and drive risk mitigation efforts through rigorous auditing and enforcement actions.

Reporting to the Senior Manager, Vendor Operations and Compliance, you will conduct continuous monitoring and regular audits, serving as a primary point of contact for compliance matters between our internal teams and external BPO partners. You will be instrumental in maintaining the compliance posture of our global vendor ecosystem.

You Will:

Compliance Governance and Auditing

• Conduct Regular Compliance Audits: Lead scheduled and ad-hoc audits of BPO vendor operations, specifically within the Content Moderation vertical, to assess compliance with contracts, operational procedures, and mandated controls.
• Performance Monitoring and Reporting: Review, validate, and approve vendor submitted compliance reports and evidentiary documentation.
• Maintain comprehensive, auditable, records to support internal reviews and external regulatory inquiries.
• SLA and Quality Assurance: Collaborate closely with Vendor Managers to monitor the effectiveness of first-level quality audits performed by BPO partners, ensuring high-quality standards and training efficacy for elevated actions in Mod workflows.
• Issue Remediation & Enforcement: Identify, document, and meticulously track all compliance gaps, control deficiencies, or contractual breaches.
• Define and oversee the execution of comprehensive Corrective Action Plans (CAPs) with vendors to ensure timely and effective resolution.

Security, Risk, and Adversarial Testing

• Regulatory Alignment: Partner with the Information Security (Infosec) and Legal teams to track evolving global regulatory landscapes (e.g., GDPR, CCPA, industry-specific rules).
• Coordinate the necessary updates to BPO vendor controls and policies maintain continuous adherence.
• Adversarial Activity: Design, execute, and analyze results from adversarial activities, including BPO-specific phishing campaigns and social engineering tests, to proactively test the effectiveness of system controls, processes, and workforce resilience.
• Risk Framework Implementation: Drive the implementation of tools and infrastructure to automate compliance monitoring, risk scoring, and evidence collection across the BPO environment, enhancing efficiency and scalability.
• Enforcement Actions: Initiate and manage the formal process for issuing monetary consequences, fines, or other penalties against BPO vendors resulting from confirmed cyber security or severe contractual violations.

Operational Resilience and Strategic Collaborations

• Business Continuity Planning (BCP): Develop and maintain a holistic Business Continuity and Disaster Recovery (BC/DR) plan for the entire BPO network.
• Ensure vendors possess and demonstrate sufficient individual operational resilience capabilities, and that the consolidated plan addresses loss scenarios for any given partner.
• Cross-Functional Alignment: Collaborate with Legal, Risk Management, and Procurement teams during vendor selection and contract renewal processes to define, embed, and standardize compliance, security, and risk standards into all new and existing BPO contracts.
• Process Documentation: Become intimately familiar with the end-to-end workflow processes and documentation within the designated vertical (Moderation) to provide expert guidance on control placement and policy effectiveness.

You Have:

• 5+ years of experience in compliance, auditing, or vendor management within a BPO environment. Experience with Customer Support is a plus.
• Working knowledge of key regulatory frameworks, including data privacy and PII handling standards.
• Proven ability to execute objective audits and develop effective, measurable action plans.
• Excellent organizational skills and attention to detail necessary for comprehensive record-keeping.
• Strong communication skills for coordinating effectively with both internal teams and external vendor partners.