Director of Compliance

About the CompanyEHS Insight, a StarTex Software brand, is the world’s most flexible, powerful, easy to use environmental, health and safety software. Since 2009, the team at EHS Insight have been on a mission to make the world a better place. Today, hundreds of thousands of employees in more than 120 countries rely on EHS Insight software, services and support to transform the way they work, mitigate risk, increase efficiencies, and to lower the environmental impact of their operations.EHS Insight was designed from the ground up to be a great place to work. We build and sell cutting-edge software that solves real problems for our customers. We are a growing, engineering-led, full-remote, agile, SaaS software company. Our process, tooling, philosophy, and team culture allow us to take full advantage of working in a distributed environment. We operate much like a traditional business, offering employees similar benefits, culture, and compensation—but without the cubicles and commute.About the RoleThe Director of Compliance is a senior leadership role responsible for designing, implementing, and continuously maturing the company’s global compliance program. Reporting directly to the CEO, this individual will serve as the operational anchor for regulatory and standards compliance activities across the company’s SaaS platform and business operations in the United States, Canada, the United Kingdom, and the European Union.This leader will own adherence to key information security, privacy, and AI governance frameworks including ISO 27001, ISO 27017, ISO 42001, GDPR, UK GDPR, and CCPA/CPRA, while proactively monitoring the evolving regulatory landscape. The ideal candidate combines regulatory depth with operational pragmatism—equally comfortable building control environments and engaging auditors, regulators, enterprise customers, and executive leadership.ResponsibilitiesCompliance Program LeadershipOwn and mature the global compliance management system (CMS), including risk registers, control libraries, policy repositories, and evidence management workflowsDevelop and execute the annual compliance roadmap with measurable objectives and timelinesLead internal reviews and coordinate external audits, managing the full audit lifecycleReport compliance posture, risk exposure, and program performance to executive leadership and, where applicable, the BoardISO Standards & CertificationsMaintain and enhance ISO 27001 ISMS and ISO 42001 AIMS certificationsOversee ISO 27017 cloud security controls across SaaS infrastructure and supply chainEmbed ISO requirements into Engineering, Product, DevOps, HR, and Security workflowsManage relationships with certification bodies, auditors, and consultantsPrivacy & Data ProtectionEnsure compliance with GDPR (EU), UK GDPR, and CCPA/CPRAMaintain RoPAs, conduct DPIAs, and manage lawful basis assessmentsOperationalize data subject rights processes (access, deletion, portability, correction, opt-out)Oversee privacy-by-design integration within product and vendor onboardingLead breach response coordination and regulatory notification proceduresAdvise on international data transfer mechanisms, including SCCs and UK addendaThird-Party & Vendor Risk ManagementOperate and enhance the Third-Party Risk Management (TPRM) programConduct vendor due diligence and ongoing monitoringManage sub-processor disclosures and negotiate DPAsPolicy, Controls & TrainingOwn lifecycle management of compliance policies and proceduresDevelop and deliver role-based compliance training programsDrive organizational awareness and accountability through structured programsRegulatory Advisory & Customer AssuranceMonitor regulatory developments across US, Canada, UK, and EU jurisdictionsAdvise Product, Engineering, Sales, and Customer Success on compliance implicationsSupport enterprise customer security questionnaires, RFPs, and contractual negotiationsQualificationsRequired8+ years of experience in compliance, information security governance, or data privacy3+ years in senior or people leadership rolesHands-on ISO 27001 ISMS management experience (audit prep through certification maintenance)Deep operational knowledge of GDPR and UK GDPRWorking knowledge of CCPA/CPRAExperience in SaaS or cloud-based technology environmentsStrong project management and stakeholder management skillsExceptional written and verbal communication abilitiesPreferredExperience implementing ISO 42001 or AI governance frameworksFamiliarity with PIPEDA, Law 25, and emerging US state privacy lawsSOC 2 Type II knowledge and alignment with ISO programsExperience in scaling technology organizations operating across multiple jurisdictionsCertifications (Preferred)CIPP/E, CIPP/US, CIPM, or CIPT (IAPP)ISO 27001 Lead Implementer or Lead AuditorCISM, CISA, or equivalentSuccess Metrics (First 12–18 Months)Successful ISO 27001, ISO 27017, and ISO 42001 audits with zero major nonconformitiesMeasurable reduction in tracked compliance and privacy risk itemsOn-time certification renewals90%+ company-wide compliance training completion ratesZero regulatory enforcement actions tied to process gapsPositive executive and cross-functional stakeholder feedback