Director of Compliance

About the Company

EHS Insight, a StarTex Software brand, is the world’s most flexible, powerful, easy to use environmental, health and safety software. Since 2009, the team at EHS Insight have been on a mission to make the world a better place. Today, hundreds of thousands of employees in more than 120 countries rely on EHS Insight software, services and support to transform the way they work, mitigate risk, increase efficiencies, and to lower the environmental impact of their operations.

EHS Insight was designed from the ground up to be a great place to work. We build and sell cutting-edge software that solves real problems for our customers. We are a growing, engineering-led, full-remote, agile, SaaS software company. Our process, tooling, philosophy, and team culture allow us to take full advantage of working in a distributed environment. We operate much like a traditional business, offering employees similar benefits, culture, and compensation—but without the cubicles and commute.

About the Role

The Director of Compliance is a senior leadership role responsible for designing, implementing, and continuously maturing the company’s global compliance program. Reporting directly to the CEO, this individual will serve as the operational anchor for regulatory and standards compliance activities across the company’s SaaS platform and business operations in the United States, Canada, the United Kingdom, and the European Union.

This leader will own adherence to key information security, privacy, and AI governance frameworks including ISO 27001, ISO 27017, ISO 42001, GDPR, UK GDPR, and CCPA/CPRA, while proactively monitoring the evolving regulatory landscape. The ideal candidate combines regulatory depth with operational pragmatism—equally comfortable building control environments and engaging auditors, regulators, enterprise customers, and executive leadership.

Responsibilities

Compliance Program Leadership

• Own and mature the global compliance management system (CMS), including risk registers, control libraries, policy repositories, and evidence management workflows
• Develop and execute the annual compliance roadmap with measurable objectives and timelines
• Lead internal reviews and coordinate external audits, managing the full audit lifecycle
• Report compliance posture, risk exposure, and program performance to executive leadership and, where applicable, the Board

ISO Standards & Certifications

• Maintain and enhance ISO 27001 ISMS and ISO 42001 AIMS certifications
• Oversee ISO 27017 cloud security controls across SaaS infrastructure and supply chain
• Embed ISO requirements into Engineering, Product, DevOps, HR, and Security workflows
• Manage relationships with certification bodies, auditors, and consultants

Privacy & Data Protection

• Ensure compliance with GDPR (EU), UK GDPR, and CCPA/CPRA
• Maintain RoPAs, conduct DPIAs, and manage lawful basis assessments
• Operationalize data subject rights processes (access, deletion, portability, correction, opt-out)
• Oversee privacy-by-design integration within product and vendor onboarding
• Lead breach response coordination and regulatory notification procedures
• Advise on international data transfer mechanisms, including SCCs and UK addenda

Third-Party & Vendor Risk Management

• Operate and enhance the Third-Party Risk Management (TPRM) program
• Conduct vendor due diligence and ongoing monitoring
• Manage sub-processor disclosures and negotiate DPAs

Policy, Controls & Training

• Own lifecycle management of compliance policies and procedures
• Develop and deliver role-based compliance training programs
• Drive organizational awareness and accountability through structured programs

Regulatory Advisory & Customer Assurance

• Monitor regulatory developments across US, Canada, UK, and EU jurisdictions
• Advise Product, Engineering, Sales, and Customer Success on compliance implications
• Support enterprise customer security questionnaires, RFPs, and contractual negotiations

Qualifications

Required

• 8 years of experience in compliance, information security governance, or data privacy
• 3 years in senior or people leadership roles
• Hands-on ISO 27001 ISMS management experience (audit prep through certification maintenance)
• Deep operational knowledge of GDPR and UK GDPR
• Working knowledge of CCPA/CPRA
• Experience in SaaS or cloud-based technology environments
• Strong project management and stakeholder management skills
• Exceptional written and verbal communication abilities

Preferred

• Experience implementing ISO 42001 or AI governance frameworks
• Familiarity with PIPEDA, Law 25, and emerging US state privacy laws
• SOC 2 Type II knowledge and alignment with ISO programs
• Experience in scaling technology organizations operating across multiple jurisdictions

Certifications (Preferred)

• CIPP/E, CIPP/US, CIPM, or CIPT (IAPP)
• ISO 27001 Lead Implementer or Lead Auditor
• CISM, CISA, or equivalent

Success Metrics (First 12–18 Months)

• Successful ISO 27001, ISO 27017, and ISO 42001 audits with zero major nonconformities
• Measurable reduction in tracked compliance and privacy risk items
• On-time certification renewals
• 90% company-wide compliance training completion rates
• Zero regulatory enforcement actions tied to process gaps
• Positive executive and cross-functional stakeholder feedback