Job Description
We are seeking an experiencedData Compliance Lead to drive our organisation’s compliance, governance, and data protection strategy. This role will play a key part in ensuring our business meets regulatory obligations, maintains strong security practices, and embeds compliance-by-design across all operations and product lines.This is an excellent opportunity for someone who thrives in a fast-moving environment, enjoys autonomy, and wants to shape the future of data governance and compliance within a growing organisation.Key Responsibilities
* Serve as the organisation’s Data Protection Officer (DPO) and act as the main point of contact for regulatory bodies such as the ICO.
* Lead compliance activities across key frameworks including GDPR, HIPAA, ISO27001, Cyber Essentials Plus, and emerging standards.
* Manage and evolve the organisation’s Information Security Management System (ISMS), policies, and documentation.
* Oversee GRC tooling for evidence tracking, risk management, and continuous improvement.
* Conduct internal audits, support external audit processes, and manage corrective actions.
* Lead DPIAs, RoPA maintenance, PHI compliance processes, and data subject rights requests.
* Deliver staff training on GDPR, HIPAA, security, and privacy best practices.
* Support stakeholder groups with vendor risk assessments, procurement questionnaires, and customer compliance requests.
* Oversee international data transfer mechanisms and ensure compliance with global data protection requirements.
* Play a key role in incident response, breach assessment, and regulatory notification procedures.
About You You will excel in this role if you have:Essential Experience
* Strong working knowledge of GDPR and international data protection laws.
* Hands-on experience with ISO27001 implementation and maintenance.
* Understanding of cyber and security compliance frameworks.
* Excellent documentation, organisation, and communication skills.
* Confidence engaging with auditors, regulators, customers, and senior stakeholders.
Desirable Experience
* HIPAA and healthcare/health?tech compliance experience.
* SOC2 knowledge.
* Understanding of cloud security and SaaS environments.
Qualifications (desirable but not required)
* CIPP/E, CIPM, CIPT
* ISO27001 Lead Implementer / Lead Auditor
* HCISPP or relevant HIPAA training
* Security/GRC certifications (e.g., Security+, ISC², ISACA)
Why Apply?
* Opportunity to shape compliance strategy at an organisational level.
* Work with a supportive, forward-thinking leadership team.
* Join a company investing heavily in security, privacy, and governance maturity.
* Competitive salary between £55,000–£70,000, plus benefits.