Director of Compliance (Seattle)
EHS Insight, Seattle, WA, United States
About the Company
EHS Insight, a StarTex Software brand, is the world’s most flexible, powerful, easy to use environmental, health and safety software. Since 2009, the team at EHS Insight have been on a mission to make the world a better place. Today, hundreds of thousands of employees in more than 120 countries rely on EHS Insight software, services and support to transform the way they work, mitigate risk, increase efficiencies, and to lower the environmental impact of their operations.
EHS Insight was designed from the ground up to be a great place to work. We build and sell cutting-edge software that solves real problems for our customers. We are a growing, engineering-led, full-remote, agile, SaaS software company. Our process, tooling, philosophy, and team culture allow us to take full advantage of working in a distributed environment. We operate much like a traditional business, offering employees similar benefits, culture, and compensation—but without the cubicles and commute.
About the Role
The Director of Compliance is a senior leadership role responsible for designing, implementing, and continuously maturing the company’s global compliance program. Reporting directly to the CEO, this individual will serve as the operational anchor for regulatory and standards compliance activities across the company’s SaaS platform and business operations in the United States, Canada, the United Kingdom, and the European Union.
This leader will own adherence to key information security, privacy, and AI governance frameworks including ISO 27001, ISO 27017, ISO 42001, GDPR, UK GDPR, and CCPA/CPRA, while proactively monitoring the evolving regulatory landscape. The ideal candidate combines regulatory depth with operational pragmatism—equally comfortable building control environments and engaging auditors, regulators, enterprise customers, and executive leadership.
Responsibilities
Compliance Program Leadership Own and mature the global compliance management system (CMS), including risk registers, control libraries, policy repositories, and evidence management workflows Develop and execute the annual compliance roadmap with measurable objectives and timelines Lead internal reviews and coordinate external audits, managing the full audit lifecycle Report compliance posture, risk exposure, and program performance to executive leadership and, where applicable, the Board
ISO Standards & Certifications Maintain and enhance ISO 27001 ISMS and ISO 42001 AIMS certifications Oversee ISO 27017 cloud security controls across SaaS infrastructure and supply chain Embed ISO requirements into Engineering, Product, DevOps, HR, and Security workflows Manage relationships with certification bodies, auditors, and consultants
Privacy & Data Protection Ensure compliance with GDPR (EU), UK GDPR, and CCPA/CPRA Maintain RoPAs, conduct DPIAs, and manage lawful basis assessments Operationalize data subject rights processes (access, deletion, portability, correction, opt-out) Oversee privacy-by-design integration within product and vendor onboarding Lead breach response coordination and regulatory notification procedures Advise on international data transfer mechanisms, including SCCs and UK addenda
Third-Party & Vendor Risk Management Operate and enhance the Third-Party Risk Management (TPRM) program Conduct vendor due diligence and ongoing monitoring Manage sub-processor disclosures and negotiate DPAs
Policy, Controls & Training Own lifecycle management of compliance policies and procedures Develop and deliver role-based compliance training programs Drive organizational awareness and accountability through structured programs
Regulatory Advisory & Customer Assurance Monitor regulatory developments across US, Canada, UK, and EU jurisdictions Advise Product, Engineering, Sales, and Customer Success on compliance implications Support enterprise customer security questionnaires, RFPs, and contractual negotiations
Qualifications
Required
8+ years of experience in compliance, information security governance, or data privacy 3+ years in senior or people leadership roles Hands-on ISO 27001 ISMS management experience (audit prep through certification maintenance) Deep operational knowledge of GDPR and UK GDPR Working knowledge of CCPA/CPRA Experience in SaaS or cloud-based technology environments Strong project management and stakeholder management skills Exceptional written and verbal communication abilities
Preferred
Experience implementing ISO 42001 or AI governance frameworks Familiarity with PIPEDA, Law 25, and emerging US state privacy laws SOC 2 Type II knowledge and alignment with ISO programs Experience in scaling technology organizations operating across multiple jurisdictions
Certifications (Preferred)
CIPP/E, CIPP/US, CIPM, or CIPT (IAPP) ISO 27001 Lead Implementer or Lead Auditor CISM, CISA, or equivalent
Success Metrics (First 12–18 Months)
Successful ISO 27001, ISO 27017, and ISO 42001 audits with zero major nonconformities Measurable reduction in tracked compliance and privacy risk items On-time certification renewals 90%+ company-wide compliance training completion rates Zero regulatory enforcement actions tied to process gaps Positive executive and cross-functional stakeholder feedback
EHS Insight, a StarTex Software brand, is the world’s most flexible, powerful, easy to use environmental, health and safety software. Since 2009, the team at EHS Insight have been on a mission to make the world a better place. Today, hundreds of thousands of employees in more than 120 countries rely on EHS Insight software, services and support to transform the way they work, mitigate risk, increase efficiencies, and to lower the environmental impact of their operations.
EHS Insight was designed from the ground up to be a great place to work. We build and sell cutting-edge software that solves real problems for our customers. We are a growing, engineering-led, full-remote, agile, SaaS software company. Our process, tooling, philosophy, and team culture allow us to take full advantage of working in a distributed environment. We operate much like a traditional business, offering employees similar benefits, culture, and compensation—but without the cubicles and commute.
About the Role
The Director of Compliance is a senior leadership role responsible for designing, implementing, and continuously maturing the company’s global compliance program. Reporting directly to the CEO, this individual will serve as the operational anchor for regulatory and standards compliance activities across the company’s SaaS platform and business operations in the United States, Canada, the United Kingdom, and the European Union.
This leader will own adherence to key information security, privacy, and AI governance frameworks including ISO 27001, ISO 27017, ISO 42001, GDPR, UK GDPR, and CCPA/CPRA, while proactively monitoring the evolving regulatory landscape. The ideal candidate combines regulatory depth with operational pragmatism—equally comfortable building control environments and engaging auditors, regulators, enterprise customers, and executive leadership.
Responsibilities
Compliance Program Leadership Own and mature the global compliance management system (CMS), including risk registers, control libraries, policy repositories, and evidence management workflows Develop and execute the annual compliance roadmap with measurable objectives and timelines Lead internal reviews and coordinate external audits, managing the full audit lifecycle Report compliance posture, risk exposure, and program performance to executive leadership and, where applicable, the Board
ISO Standards & Certifications Maintain and enhance ISO 27001 ISMS and ISO 42001 AIMS certifications Oversee ISO 27017 cloud security controls across SaaS infrastructure and supply chain Embed ISO requirements into Engineering, Product, DevOps, HR, and Security workflows Manage relationships with certification bodies, auditors, and consultants
Privacy & Data Protection Ensure compliance with GDPR (EU), UK GDPR, and CCPA/CPRA Maintain RoPAs, conduct DPIAs, and manage lawful basis assessments Operationalize data subject rights processes (access, deletion, portability, correction, opt-out) Oversee privacy-by-design integration within product and vendor onboarding Lead breach response coordination and regulatory notification procedures Advise on international data transfer mechanisms, including SCCs and UK addenda
Third-Party & Vendor Risk Management Operate and enhance the Third-Party Risk Management (TPRM) program Conduct vendor due diligence and ongoing monitoring Manage sub-processor disclosures and negotiate DPAs
Policy, Controls & Training Own lifecycle management of compliance policies and procedures Develop and deliver role-based compliance training programs Drive organizational awareness and accountability through structured programs
Regulatory Advisory & Customer Assurance Monitor regulatory developments across US, Canada, UK, and EU jurisdictions Advise Product, Engineering, Sales, and Customer Success on compliance implications Support enterprise customer security questionnaires, RFPs, and contractual negotiations
Qualifications
Required
8+ years of experience in compliance, information security governance, or data privacy 3+ years in senior or people leadership roles Hands-on ISO 27001 ISMS management experience (audit prep through certification maintenance) Deep operational knowledge of GDPR and UK GDPR Working knowledge of CCPA/CPRA Experience in SaaS or cloud-based technology environments Strong project management and stakeholder management skills Exceptional written and verbal communication abilities
Preferred
Experience implementing ISO 42001 or AI governance frameworks Familiarity with PIPEDA, Law 25, and emerging US state privacy laws SOC 2 Type II knowledge and alignment with ISO programs Experience in scaling technology organizations operating across multiple jurisdictions
Certifications (Preferred)
CIPP/E, CIPP/US, CIPM, or CIPT (IAPP) ISO 27001 Lead Implementer or Lead Auditor CISM, CISA, or equivalent
Success Metrics (First 12–18 Months)
Successful ISO 27001, ISO 27017, and ISO 42001 audits with zero major nonconformities Measurable reduction in tracked compliance and privacy risk items On-time certification renewals 90%+ company-wide compliance training completion rates Zero regulatory enforcement actions tied to process gaps Positive executive and cross-functional stakeholder feedback