Director of Compliance

Job Description

Come shape the future of education and how we scale it safely.

At Compass, we’re on a mission to transform the school day for everyone - from staff and students to families and administrators. We build smart, seamless technology that empowers schools to focus on what really matters: learning, growing and thriving.

As Australia’s leading K–12 school management platform, Compass supports thousands of schools and is expanding across the UK and Ireland. Compass is at an exciting inflection point - scaling its product, its team and its compliance obligations in parallel.

We’re now looking for a Head of Compliance to join our team.

About the Role

Reporting to the Chief Financial Officer, this is a newly created, hands-on, standalone role - it is an opportunity to build a structured compliance function from the ground up, working alongside a pragmatic in-house legal function in a high-growth SaaS environment.

The role spans three core domains: enterprise risk and governance, information security (ISO 27001), and multi-jurisdictional regulatory compliance across Australia, the UK, and Ireland, with oversight of operational and third-party compliance (including payment ecosystems).

What you’ll do

Operational & Third-Party Compliance

• Oversee compliance across payment operations, third-party providers and key commercial partners.
• Establish and standardise onboarding, compliance requirements and documentation processes.
• Lead external compliance audits and act as the primary liaison with partners and assessors.
• Identify and implement process improvements and automation to improve efficiency and reduce manual effort.

Information Security & Data Compliance

• Lead ISO 27001 certification and ongoing ISMS maintenance across Australian and international entities.
• Own audit preparation, evidence gathering and control documentation, driving a shift to continuous audit readiness.
• Manage risk assessments and maintain the risk register, escalating material findings where required.
• Support expansion into the UK and Ireland, ensuring alignment with GDPR, UK GDPR and NIS2.
• Partner with Product and Engineering to embed security and compliance-by-design principles.
• Oversee alignment with PCI-DSS and other relevant data security standards.

Regulatory Compliance & Policy Frameworks

• Provide compliance input into new products, commercial initiatives and customer contracts.
• Develop, maintain and embed compliance policies and procedures across the organisation.
• Deliver training and awareness programs across privacy, information security and payments.
• Monitor regulatory developments (ASIC, APRA, OAIC, ICO, CBI) and advise on required actions.

Risk & Governance

• Establish and maintain a compliance monitoring and assurance program.
• Drive a culture of proactive risk identification and accountability.
• Maintain and report on the compliance risk register to the General Counsel, CFO and Board.
• Build relationships with regulators and key external partners.
• Support Legal on complex or high-risk compliance matters, escalating clearly and early.

About You

This is an ownership-oriented role suited to a compliance professional who thrives in a scale-up environment, is comfortable with ambiguity and knows how to build practical frameworks rather than bureaucratic ones.

You will bring:

• 3–6 years’ experience in compliance, risk or information security within a regulated or technology environment.

• Proven experience operating as the primary or sole compliance owner in a previous role.

• Hands-on experience with ISO 27001, including certification or ISMS management.

• Exposure to multi-jurisdictional compliance, including UK and/or Irish regulatory environments.

• Strong process mindset, with the ability to design practical, scalable compliance frameworks.

• Clear and confident communication skills, translating regulatory complexity into actionable guidance.

Highly regarded:

• Experience in payments, acquiring or merchant services environments.
• Exposure to Australian Privacy Act, GDPR or UK GDPR.
• Experience in a scaling SaaS, fintech or EdTech business.
• Relevant compliance qualifications (e.g. ICA).
• Familiarity with PayTo, NPP or Open Banking compliance.

Why Join Compass

You’ll join a purpose-driven company at a genuinely exciting stage of growth, with the opportunity to make a real impact on education at scale.

What we offer:

• A hybrid working environment, with teams working a hybrid structure in our office hubs.
• Learning and development opportunities, including a dedicated PD budget.
• ²⁴⁄₇ access to our Employee Assistance Program (EAP), including face-to-face, phone and live chat support.
• A parental leave program for both primary and secondary carers.
• Regular team events, social budgets and in-office perks help you stay connected, from team lunches to end-of-week socials.
• Employee Referral Program
• A supportive, inclusive culture where your voice is valued and heard.

Compass is proud to be an equal opportunity employer. We embrace and celebrate diversity and are committed to creating an inclusive environment for all employees.

Prior to commencing employment, you’ll need:

• A valid Employee Working With Children Check
• A satisfactory National Police Check
• Verification of unrestricted work rights in Australia (e.g. citizenship, passport or birth certificate)

Ready to Apply?

If you’re excited by the opportunity to build, own and scale compliance in a growing SaaS business, we’d love to hear from you.

Find out more about Compass on our website - www.compass.education.