Overview
Ensuring the charity meets its legal, regulatory, and governance obligations across all non-economic-crime compliance areas including information governance, data protection, cyber security compliance, risk assessment, regulatory reporting, and adherence to Charity Commission expectations.
What difference will you make?
* A senior leadership role shaping how the charity stays safe, compliant, and sustainable.
* Experience influencing governance and regulatory strategy in a growing, award-winning community organisation.
* The opportunity to strengthen public trust and support the wellbeing of vulnerable communities.
What are we looking for?
Essential
* Strong experience in regulatory compliance, governance, or risk management (charity, financial services, public sector, or similar).
* Good understanding of UK GDPR, information governance, and cyber security compliance principles.
* Ability to design and implement effective controls and governance frameworks.
* Strong attention to detail and ability to follow through on actions.
* Ability to explain compliance concepts in clear, practical terms to non-specialists.
* Comfortable working with registers/logs (e.g., Excel/Google Sheets) and shared-drive tools (e.g., SharePoint/Teams).
Desirable
* Experience working in a charity, mental health, health, social care, or community-based setting.
* Experience with Charity Commission regulatory requirements, risk registers, DPIAs, cyber security frameworks, or policy development.
* Any compliance, governance, or data protection training/certification (formal or informal).
Hybrid
What will you be doing?
Information governance, data protection & cyber compliance
* Oversee the charity’s approach to lawful, fair, and secure handling of personal data, ensuring compliance with UK GDPR and good practice.
* Maintain oversight of the Record of Processing Activities (ROPA) and ensure departments document higher-risk processing activities.
* Work with Cyber Security Specialists to ensure technical and organisational measures support strong compliance (e.g., access control, secure sharing, incident response).
* Provide senior-level guidance on data protection queries, privacy risks, DPIAs, and information-sharing decisions.
Risk management & regulatory assurance
* Lead the charity’s risk assessment processes, ensuring risks are identified, assessed, mitigated, and escalated appropriately.
* Maintain the organisation-wide compliance risk register and ensure regular updates to the MLRO and Trustees.
* Conduct compliance reviews, spot checks, and thematic assessments to test the effectiveness of controls.
* Ensure the charity is prepared for any Charity Commission engagement, reporting requirements, or regulatory inquiries.
Incident management, reporting & logs
* Oversee logs relating to compliance incidents, data protection issues, cyber events, and regulatory near-misses.
* Support the MLRO in triaging incidents, gathering details, coordinating responses, and ensuring timely closure.
* Lead the drafting of internal summaries, lessons learned, and updates to policies or training following incidents.
Training, awareness & culture
* Develop and deliver compliance training for volunteers, department leads, and Trustees.
* Produce clear, accessible guidance on regulatory topics such as information governance, cyber hygiene, data protection, and risk management.
* Promote a culture of compliance, transparency, and accountability across the charity.
Reporting & stakeholder engagement
* Prepare compliance management information for the MLRO and Trustees, including key risks, incidents, trends, and upcoming regulatory priorities.
* Act as a senior point of contact for compliance-related queries from internal teams, partners, and regulators.
* Support strategic planning by advising on compliance implications of new initiatives, partnerships, or services.
#J-18808-Ljbffr