.png?1773694906)
Director of Compliance
Title: Director of Compliance
Company: Heven AeroTech
Location:
FLSA: Exempt
Reports To: Chief of Staff
About Our Company:
At Heven AeroTech (Heven), we don’t just believe in the power of people—we build our success on it. As a recognized leader in hydrogen-powered drones, we’ve earned recognition for creating a workplace where innovation thrives, collaboration is second nature, and every employee feels valued. Our culture is anchored in trust and a shared commitment to excellence.
We believe great teams are built on individuals who are humble, hungry, and smart—those who put team success first, take initiative to continuously improve, and demonstrate strong interpersonal awareness. At Heven, your voice matters, your ideas are heard, and your contributions make a tangible impact as you grow through hands-on experience and collaboration across the team.
Role Summary:
The Director of Compliance leads Heven AeroTech’s enterprise-wide compliance program, ensuring adherence to federal export control laws (ITAR/EAR), industrial security requirements (NISPOM), cybersecurity mandates (CMMC/NIST 800-171), ethics obligations, occupational safety regulations, and employee benefits laws. Operating at the intersection of legal obligation and operational execution, this role directly supervises the Safety Manager and IT Administrator, advises executive leadership on regulatory risk, and fosters a culture of compliance and ethical conduct throughout the defense industrial base.
Essential Responsibilities:
Export Controls — ITAR / EAR Compliance Oversight
- Provide strategic oversight of Heven AeroTech’s export compliance obligations under the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR), whether administered through a qualified internal Empowered Official (EO) or a contracted external compliance resource.
- Ensure the designation, performance management, and accountability of the Empowered Official function; serve directly as EO or manage the engagement of an external ITAR/EAR compliance consultant or law firm as operationally appropriate.
- Oversee the development, maintenance, and continuous improvement of the Technology Control Plan (TCP) and Export Management and Compliance Program (EMCP).
- Provide executive-level review and approval authority over export license applications, Technical Assistance Agreements (TAAs), Manufacturing License Agreements (MLAs), and commodity classifications (USML/CCL).
- Ensure execution of export control audits, restricted party screening, and voluntary disclosure management to DDTC and BIS; maintain accountability for timely and accurate reporting.
- Ensure export control training programs meet regulatory requirements under 22 C.F.R. Part 122 and 15 C.F.R. Part 762, whether delivered internally or through an external provider.
Facility Security Officer (FSO) / Industrial Security
- Serve as or directly supervise the Facility Security Officer (FSO), ensuring compliance with the National Industrial Security Program Operating Manual (NISPOM) / 32 C.F.R. Part 117.
- Manage personnel security clearance processes including investigations, visit authorizations, and incident reporting through DISS and related government systems.
- Maintain and administer the facility’s Standard Practice and Procedure (SPP) and ensure full Insider Threat Program compliance.
- Interface with the Defense Counterintelligence and Security Agency (DCSA) for facility inspections, program reviews, and adverse information reporting.
- Oversee classified storage, document control, secure communication requirements, and SCI/SAP access where applicable.
Information Security (InfoSec) / Cybersecurity Compliance
- Lead compliance with Cybersecurity Maturity Model Certification (CMMC), NIST SP 800-171, and DFARS 252.204-7012 for the protection of Controlled Unclassified Information (CUI).
- Oversee the development and maintenance of the System Security Plan (SSP), Plans of Action & Milestones (POA&Ms), and incident response procedures.
- Directly supervise the IT Administrator; provide strategic direction and oversight of IT operations to ensure information systems, networks, and cloud environments meet CMMC, NIST SP 800-171, and applicable cybersecurity compliance requirements.
- Manage cybersecurity incident reporting obligations to the DoD and relevant program offices within required timelines.
- Support CMMC third-party assessment organization (C3PAO) assessments and maintain certification documentation.
Ethics & Business Conduct
- Administer Heven AeroTech’s Code of Business Ethics and Conduct and ensure compliance with FAR 52.203-13 (Contractor Code of Business Ethics and Conduct).
- Manage the ethics hotline and reporting system; investigate potential violations and coordinate with HR, Legal, and management on corrective actions and disciplinary outcomes.
- Design and deliver ethics training programs and awareness campaigns across all employee levels.
- Prepare and submit timely disclosures to the Government for violations of federal criminal law and the False Claims Act as required.
- Chair or support the company’s Ethics & Compliance Committee; report to the Board Audit Committee or designated executive officer as required.
Environmental, Health & Safety (EHS) Compliance
- Provide compliance oversight for occupational health and safety obligations under OSHA 29 C.F.R. Part 1910 and applicable state regulations within an aerospace manufacturing environment.
- Ensure regulatory compliance related to hazardous materials handling, chemical hygiene plans, and process safety requirements where applicable.
- Oversee OSHA recordkeeping and reporting (300/301 logs), incident investigation processes, and interface with OSHA inspectors and regulatory authorities.
- Directly supervise the Safety Manager; provide leadership, performance oversight, and development guidance while ensuring EHS program activities align with company compliance objectives and regulatory requirements.
- Monitor EPA and environmental compliance obligations related to manufacturing operations, including waste disposal, air emissions, and stormwater management.
HIPAA & Benefits Compliance
- Ensure the company’s health plan and benefits administration practices comply with HIPAA Privacy and Security Rules, including Business Associate Agreement (BAA) oversight.
- Oversee ERISA compliance for welfare benefit plans and coordinate with benefits counsel and third-party administrators on regulatory filings (Form 5500, SPDs, SARs).
- Monitor ACA employer compliance obligations, including applicable large employer (ALE) reporting (Forms 1094-C/1095-C) and affordability determinations.
- Manage HIPAA incident response and breach notification obligations; conduct workforce training on PHI handling and minimum necessary standards.
- Collaborate with HR and Finance on benefits regulatory updates from DOL, IRS, and HHS that affect plan design and administration.
General Compliance Program Leadership
- Develop, maintain, and continuously improve the enterprise compliance program, including risk assessments, policies, procedures, internal controls, and monitoring activities.
- Report regularly to executive leadership and the Board on compliance risk, program effectiveness, and emerging regulatory developments.
- Build and manage a high-performing compliance function; provide direct supervision of the Safety Manager and IT Administrator, and establish clear roles, responsibilities, and development plans for all direct reports and external compliance partners.
- Manage external legal counsel, compliance consultants, and related vendors; oversee compliance program budgets and resource allocation.
- Lead internal compliance investigations, root cause analyses, and corrective action plan implementation.
- Maintain the compliance regulatory calendar and ensure timely submission of all mandatory filings and certifications.
Qualifications & Experience:
Required:
- Bachelor’s degree in Law, Business Administration, Political Science, Engineering, or a related field; J.D. or advanced degree strongly preferred.
- Minimum 10 years of progressive compliance or regulatory experience, with at least 5 years in a leadership role within a defense or aerospace environment.
- Secret (TS/SCI Preferred)
- Demonstrated expertise in ITAR/EAR export controls, NISPOM/industrial security, and CMMC/NIST 800-171 cybersecurity frameworks.
- Active DoD security clearance (Secret minimum); TS/SCI eligibility preferred.
- Proven experience managing ethics programs, hotline operations, and internal compliance investigations.
- Working knowledge of HIPAA, ERISA, ACA, and employee benefits compliance requirements.
- Strong understanding of FAR/DFARS, government contracting requirements, and False Claims Act exposure.
- Exceptional written and oral communication skills with the ability to present complex regulatory topics to executive leadership and non-technical audiences.
Preferred:
- Certified Compliance & Ethics Professional (CCEP) or Certified Export Compliance Officer (CECO) designation.
- FSO certification through DCSA or equivalent industrial security training credential.
- Experience registered as an Empowered Official with DDTC, or demonstrated ability to oversee and manage an EO function through an external resource.
- CMMC Registered Practitioner (RP) or Certified Professional (CP) designation.
- Experience operating within a DCAA-audited environment with familiarity with Cost Accounting Standards (CAS).
- Prior experience with AS9100 quality management system compliance in an aerospace context.
- MBA or advanced degree.
Physical Requirements:
- Prolonged periods of sitting at a desk and working on a computer.
- Frequent use of hands and fingers for typing, writing, and operating office equipment.
- Ability to communicate verbally and in writing with internal and external stakeholders.
- Regular standing and walking, including within manufacturing, warehouse, and production floor environments.
- Ability to move throughout production facilities to observe operations, conduct compliance reviews, and engage with cross-functional teams.
- Occasional bending, reaching, and stooping.
- Ability to lift and carry up to 20 pounds occasionally (e.g., documents, binders, equipment).
- Ability to wear required personal protective equipment (PPE) when entering manufacturing or regulated production areas.
- Visual acuity sufficient to review detailed reports, regulatory documents, contracts, and operational metrics.
- Ability to travel domestically (and internationally, if applicable) for government agency visits, audit support, site reviews, and industry conferences.
Benefits Overview:
Heven AeroTech offers a competitive benefits package designed to support the health, financial security, and overall well-being of our employees and their families. Benefits include medical, dental, and vision coverage, retirement plans, paid time off/sick, and additional protections such as critical illness, hospital indemnity, accident coverage, and short- and long-term disability.
Equal Employment Opportunity Statement:
Heven AeroTech is an Equal Opportunity Employer and considers all qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other protected characteristic under applicable law.
Salary Range:
$100,000 - $165,000 USD
Create a Job Alert
Interested in building your career at Heven AeroTech? Get future opportunities sent straight to your email.
Apply for this job
*
indicates a required field
.png?1773753104)