Head of Legal & Compliance - oshawa

Head of Legal & Compliance

Location: Toronto, ON (Hybrid)

Department: Legal & Compliance

Reports to: COO / Co-Founders

Type: Full-time, Permanent

Salary: C$ 140,000

Website: https://prospeo.io

LinkedIn: https://www.linkedin.com/company/%CF%81r%CE%BF%D1%95%D1%80%D0%B5%CE%BF/

About Prospeo

Prospeo is a B2B SaaS sales intelligence platform trusted by thousands of sales teams worldwide. We help businesses find verified contact data with 97%+ accuracy through triple verification. Our team of 20 is growing fast, and we are looking for our first dedicated legal and compliance hire to build the foundation that will support our next phase of growth.

The Role

As our Head of Legal & Compliance, you will be the single owner of everything legal, regulatory, data privacy, security compliance, and accounting coordination at Prospeo. This is a hands-on, individual contributor role with full autonomy. You will report directly to the co-founders, build our compliance infrastructure from the ground up, and serve as our Data Protection Officer (DPO). You will also be responsible for sourcing and managing the relationship with an external accounting firm, setting up the tools and processes to keep our financial records organized and audit-ready. On the HR side, you will handle lightweight people operations (time-off tracking, pay stubs, onboarding paperwork) using our existing HR software.

This is a role for someone who thrives in ambiguity, builds systems from scratch, and uses AI as a daily tool to multiply their output. You will not manage a team (yet), but you will own a function that touches every part of the business.

Responsibilities

Legal & Data Privacy (Core)

• Serve as the company's Data Protection Officer (DPO) and primary legal authority
• Own and manage our GDPR and CCPA compliance framework end to end, including data subject requests, data processing agreements, and privacy policies
• Draft, review, and negotiate commercial contracts, terms of service, DPAs, NDAs, and partnership agreements
• Handle regulatory registrations and filings across all jurisdictions where Prospeo operates
• Build and maintain internal compliance policies, training materials, and documentation
• Serve as the go-to resource for all legal questions across the company, leveraging AI tools to accelerate research and drafting

Security & Certification Compliance

• Lead our SOC 2 Type II and ISO 27001 certification processes using Vanta (or similar compliance automation platform)
• Work directly with our engineering team to implement security controls, policies, and monitoring required for certification
• Coordinate with external auditors and manage the audit lifecycle from readiness assessment through completion
• Maintain ongoing compliance monitoring and ensure continuous adherence to certification requirements

Accounting Coordination

• Source, select, and manage the relationship with an external accounting firm for bookkeeping, tax filings, and financial reporting
• Coordinate annual and quarterly tax reporting with the external firm

People Operations (Lightweight)

• Manage time-off tracking, pay stubs, and basic HR administration using our existing HR software
• Handle onboarding and offboarding paperwork for new hires and departures
• Ensure the company remains compliant with Canadian employment and labor law

Requirements

Must Have

• 5+ years of experience in legal, compliance, or legal operations at a B2B SaaS or data-focused company
• Hands-on experience building (not just maintaining) a compliance program, including at least one SOC 2 or ISO 27001 audit
• Deep practical knowledge of GDPR and CCPA, including managing data subject requests and drafting DPAs
• Experience working with compliance automation platforms (Vanta, Drata, Secureframe, or similar)
• Comfort liaising with external accounting firms and managing financial documentation workflows
• Strong contract drafting and review skills
• Proficient in using AI tools (e.g. ChatGPT, Claude) to accelerate legal research, contract drafting, policy writing, and compliance workflows, while applying your own expertise to validate and refine every output
• Highly autonomous and self-directed; able to operate with minimal supervision in a fast-paced startup environment
• Fluent in English

Nice to Have

• CIPP/E, CIPM, or equivalent data privacy certification
• Law degree or paralegal background (not required)
• Experience with Dext or similar bookkeeping automation tools
• Familiarity with Canadian corporate and employment law
• Experience in the sales intelligence or data enrichment industry
• Prior experience as a designated DPO

What We Offer

• Competitive salary: C$140,000
• Full ownership of a critical function with a direct line to the co-founders
• Hybrid work setup in Toronto, mostly remote.
• Growth opportunity in a young startup, performance review every 6 months.
• AI-forward environment: we actively encourage using AI tools to work smarter and faster