Director of Compliance

About The Position

Requirements

• Bachelor’s degree in Law, Business, Compliance, Risk Management, or a related field (J.D. or advanced degree preferred).
• 8–12+ years of experience in compliance, legal, risk management, or regulatory roles, with increasing responsibility.
• Demonstrated experience managing compliance programs in:
• Government contracting environments, and/or
• Software, technology, or SaaS companies serving regulated industries.
• Strong knowledge of U.S. federal regulations and compliance frameworks relevant to government-facing technology companies.
• Proven ability to influence senior leaders and work cross-functionally.
• Excellent written, verbal, and interpersonal communication skills.

Nice To Haves

• Experience with FedRAMP, NIST 800-series, CMMC, SOC 2, or ISO 27001 compliance programs.
• Familiarity with export controls (ITAR/EAR) and anti-corruption compliance.
• Compliance or legal certifications (e.g., CCEP, CCEP-I, CISSP, or similar).
• Experience supporting audits, government reviews, or regulatory examinations.
• Active Top Secret or eligibility for Top Secret Clearance

Responsibilities

• Design, implement, and continuously improve a comprehensive corporate compliance program aligned with regulatory, contractual, and ethical requirements.
• Establish compliance policies, standards, procedures, and controls appropriate fora government-facing software organization.
• Serve as the company’s subject matter expert on compliance risk and regulatory expectations.
• Oversee compliance with applicable laws and regulations, which may include:
• Federal Acquisition Regulation (FAR) and DFARS
• Government contracting requirements
• Data protection and privacy laws (e.g., GDPR, CCPA, HIPAA where applicable)
• Export controls (ITAR/EAR)
• Anti-corruption and ethics laws (e.g., FCPA)
• Ensure compliance with customer and government security and compliance frameworks such as FedRAMP, NIST, CMMC, SOC 2, and ISO standards (in partnership with Security and Engineering teams – this role does not own cybersecurity operations).
• Conduct regular compliance risk assessments and gap analyses.
• Develop and oversee monitoring, testing, and auditing processes to evaluate program effectiveness.
• Track, document, and remediate compliance issues and control deficiencies.
• Develop and deliver compliance training programs for employees, leadership, and relevant third parties.
• Promote a strong culture of ethics, integrity, and accountability across the organization.
• Serve as a point of contact for compliance questions and concerns.
• Manage internal compliance investigations, including allegations of misconduct or policy violations.
• Coordinate corrective and preventive actions and report findings to senior leadership as appropriate.
• Support whistleblower and reporting mechanisms.
• Partner with Legal, Security, Privacy, HR, Finance, Product, and Engineering to embed compliance into business processes and product development.
• Support due diligence for third parties, vendors, and partners.
• Provide compliance input for new products, markets, and government contracts.
• Prepare compliance reports and metrics for executive leadership and the board (as applicable).
• Stay current on evolving regulatory requirements and industry best practices.
• Support external audits, assessments, and government inquiries.