Director of Compliance

Job Description

Job Description

Job Title: Director of Compliance/Data Privacy Officer

Location: Hybrid – DC Area
Reports To: Chief Legal Officer
Department: Legal & Compliance

Position Overview

The Director of Compliance is responsible for designing, implementing, and overseeing the company’s corporate compliance program to ensure adherence to applicable laws, regulations, contractual obligations, and internal policies. This role is critical to supporting the company’s delivery of secure, compliant software solutions to the U.S. federal government and customers operating in highly regulated environments.

The Director of Compliance will act as a trusted advisor to executive leadership, partner closely with Legal, Security, Engineering, Product, Sales, and HR, and lead efforts to embed compliance into the company’s culture, operations, and product lifecycle. The Director of Compliance is a member of the Senior Leadership Team.

Key Responsibilities

Compliance Program Leadership

• Design, implement, and continuously improve a comprehensive corporate compliance program aligned with regulatory, contractual, and ethical requirements.
• Establish compliance policies, standards, procedures, and controls appropriate fora government-facing software organization.
• Serve as the company’s subject matter expert on compliance risk and regulatory expectations.

Regulatory & Contractual Compliance

• Oversee compliance with applicable laws and regulations, which may include:
• Federal Acquisition Regulation (FAR) and DFARS
• Government contracting requirements
• Data protection and privacy laws (e.g., GDPR, CCPA, HIPAA where applicable)
• Export controls (ITAR/EAR)
• Anti-corruption and ethics laws (e.g., FCPA)
• Ensure compliance with customer and government security and compliance frameworks such as FedRAMP, NIST, CMMC, SOC 2, and ISO standards (in partnership with Security and Engineering teams – this role does not own cybersecurity operations).

Risk Assessment & Monitoring

• Conduct regular compliance risk assessments and gap analyses.
• Develop and oversee monitoring, testing, and auditing processes to evaluate program effectiveness.
• Track, document, and remediate compliance issues and control deficiencies.

Training & Culture

• Develop and deliver compliance training programs for employees, leadership, and relevant third parties.
• Promote a strong culture of ethics, integrity, and accountability across the organization.
• Serve as a point of contact for compliance questions and concerns.

Investigations & Issue Management

• Manage internal compliance investigations, including allegations of misconduct or policy violations.
• Coordinate corrective and preventive actions and report findings to senior leadership as appropriate.
• Support whistleblower and reporting mechanisms.

Cross-Functional Collaboration

• Partner with Legal, Security, Privacy, HR, Finance, Product, and Engineering to embed compliance into business processes and product development.
• Support due diligence for third parties, vendors, and partners.
• Provide compliance input for new products, markets, and government contracts.

Reporting & Governance

• Prepare compliance reports and metrics for executive leadership and the board (as applicable).
• Stay current on evolving regulatory requirements and industry best practices.
• Support external audits, assessments, and government inquiries.

Required Qualifications

• Bachelor’s degree in Law, Business, Compliance, Risk Management, or a related field (J.D. or advanced degree preferred).
• 8–12+ years of experience in compliance, legal, risk management, or regulatory roles, with increasing responsibility.
• Demonstrated experience managing compliance programs in:
• Government contracting environments, and/or
• Software, technology, or SaaS companies serving regulated industries.
• Strong knowledge of U.S. federal regulations and compliance frameworks relevant to government-facing technology companies.
• Proven ability to influence senior leaders and work cross-functionally.
• Excellent written, verbal, and interpersonal communication skills.

Preferred Qualifications

• Experience with FedRAMP, NIST 800-series, CMMC, SOC 2, or ISO 27001 compliance programs.
• Familiarity with export controls (ITAR/EAR) and anti-corruption compliance.
• Compliance or legal certifications (e.g., CCEP, CCEP-I, CISSP, or similar).
• Experience supporting audits, government reviews, or regulatory examinations.
• Active Top Secret or eligibility for Top Secret Clearance

Key Competencies

• Strategic thinking and sound judgment
• Strong risk assessment and problem-solving skills
• High ethical standards and integrity
• Ability to operate effectively in a fast-paced, growth-oriented environment
• Strong organizational and program management capabilities

What Success Looks Like

• A well-documented, scalable compliance program aligned with company growth.
• Reduced compliance risk and improved audit outcomes.
• High employee awareness and engagement with compliance obligations.
• Trusted partnership with leadership, customers, and regulators.