About us
We are a leading consultancy with a purpose to make an enduring impact on health and healthcare. We work with leaders and frontline teams to improve health, transform healthcare, drive adoption of innovation and create value through investment.
Our consultancy serves the entire healthcare sector, from payors and providers of care, to life science companies, health tech and sector suppliers and health investors. We provide end-to-end services, from strategy through implementation, accelerated by data, digital and AI.
We shape opinion through evidence-based thought leadership on key issues affecting health. With unmatched ability to access and use health data, our consultants are a driving force for delivering positive and meaningful change.
About the role
The Compliance Officer sits within the Data Operations team and reports directly to the Director of Data, Analytics and Intelligence. This operational coordinator role is responsible for information governance (IG), data protection, and regulatory compliance across CF. The Compliance Officer provides day-to-day coverage of the Data Protection Officer responsibilities and will undertake recognised DPO training and certification, acting as the primary point of contact for all compliance-related queries across the business.
The role spans three interconnected business functions— IT, People, and Data Operations— with additional support to the wider corporate team as needed. The Compliance Officer is responsible for reducing regulatory risk, maintaining audit readiness, and providing structured assurance to the Board and Executive Committee. Responsibilities include information governance and data protection, ISO certification coordination, data breach compliance and incident response, people and employment compliance, regulatory monitoring, and legal and IP query management across the UK, Middle East and Europe.
This is an excellent opportunity for a graduate with a legal background—or someone early in their compliance career—to develop a broad and substantive compliance portfolio within a dynamic, data-rich healthcare consultancy. Full training and professional development support will be provided.
Responsibilities
Policy Development and Maintenance
* Develop, maintain and regularly review internal compliance policies to ensure staff are equipped to meet regulatory obligations.
* Data protection and privacy policies, including employee and candidate privacy notices.
* Employment contracts.
* Associate agreements and Statements of Work (SoWs).
* Anti-bribery and conflicts of interest policies.
* Information security policies aligned to ISO 27001.
* Identify and flag compliance issues, deviations from standard terms, or matters with wider legal or commercial implications, escalating to the People team and legal advisors as appropriate.
* Own the annual policy review cycle, coordinating with relevant function leads to ensure policies remain current and fit for purpose.
* Develop accessible plain‑English guidance and FAQs to support staff understanding and day‑to‑day compliance.
Data Protection Officer
* Act as the operational Data Protection Officer and primary internal contact handling day‑to‑day data protection queries, escalating to the Director of Data, Analytics and Intelligence as required.
* UK GDPR compliance queries.
* CF technical products (e.g. HealthStrata).
* Maintain and update Records of Processing Activities (ROPAs) across the business.
* Maintain the Information Asset Register (IAR) across CF.
* Review and advise on Data Protection Impact Assessments (DPIAs) and Data Sharing Agreements (DSAs) for new projects, client engagement and internal systems.
Data Breach Compliance and Incident Response
* Ensure CF’s data breach policy and incident response process is embedded across the business and adhered to consistently.
* Act as the first point of contact for suspected or confirmed data breaches, leading the internal response and coordinating with relevant function leads.
* Maintain a data incident and breach register, ensuring all incidents are documented with appropriate detail for regulatory audit purposes.
* Conduct post‑incident reviews to identify root causes and drive remediation, reporting findings and lessons learned to the IG Committee and senior leadership.
* Develop and deliver breach awareness training so that all staff understand their obligations to report suspected incidents promptly.
Information Governance Coordination
* Coordinate the monthly IG Committee, including scheduling, agenda-setting, minute-taking and action tracking.
* Prepare briefing materials and compliance reports for the Committee, including updates on training completion, audit status, incident logs, breach register and regulatory developments.
* Follow up on actions and decisions arising from Committee meetings, maintaining a live action log and escalating overdue items as required.
* Support the Director of Data, Analytics and Intelligence in fulfilling the governance obligations arising from Committee oversight.
* Work closely with the Director of Data, Analytics and Intelligence and the Office and Facilities Manager to coordinate CF’s annual ISO 27001 and ISO 9000 audit programmes.
* Manage audit preparation, scheduling and evidence‑gathering, liaising with external auditors and certification bodies.
* Maintain and update the Information Security Management System (ISMS) documentation, tracking corrective actions and non‑conformances.
Training and Awareness
* Maintain and deliver the CF‑wide IG training programme, including mandatory annual training for all staff and induction training for new joiners.
* Develop training materials and internal communications to promote IG and data protection awareness.
* Monitor and report on training completion rates, maintaining auditable records of compliance.
* Deliver refresher compliance training covering GDPR, information security, data breach obligations and anti‑bribery requirements.
Data Operations Workflow Management
* Maintain the Data Operations intake and triage process for incoming data requests.
* Implement and maintain Agile working practices within Data Operations, including sprint planning, backlog management, stand‑ups and retrospectives.
* Maintain a live view of team capacity and workload, supporting the Director of Data, Analytics and Intelligence in resource allocation.
Qualifications
* A legal degree or equivalent legal or compliance qualification, or demonstrable experience in a compliance, information governance or data protection role.
* Demonstrable knowledge of UK GDPR and the Data Protection Act 2018; willingness to pursue recognised DPO certification.
* Strong attention to detail with the ability to identify risk in complex documentation.
* High personal integrity and the confidence to raise concerns or challenge decisions where necessary.
* Highly organised with the ability to manage multiple workstreams simultaneously and prioritise effectively.
* Excellent written and verbal communication skills, with the ability to produce clear policy documents, training material and committee reports.
* Comfortable working across multiple business functions, building effective relationships with technical, operational and people teams.
* Discretion and professionalism in handling sensitive personal and commercial information.
Benefits
* Holiday entitlement: 25 days/year for staff and 30 days/year for leadership, increasing by 1 day for every year of service up to a maximum of 35 days.
* We contribute 7% of your salary into your pension; you contribute 3% (or more if you like).
* Access to a flexible benefits programme for pension, cash plan, ClassPass subscription.
* Annual leave purchase: employees can purchase additional annual leave days.
* Income protection: 75% of salary for long‑term incapacity.
* Enhanced sick pay beyond Statutory Sick Pay up to 12 weeks.
* Life insurance covering four times basic salary in tax‑free lump sum.
* Enhanced family leave policies for new parents.
* Interest‑free loan up to £10,000 and season ticket loan.
* Workplace nursery scheme.
* Flexible working policy up to two days per week.
* Employee assistance and wellness programme.
* Seasonal flu jabs, eye care test vouchers, ride‑to‑work scheme.
* Membership to the Health Service Journal.
Our Commitment to Diversity & Inclusion
We are committed to building an inclusive and supportive culture where diversity thrives, and all our people can excel. We only recruit, promote and reward our people based on their skills and contribution, without regard to gender, race, disability, religion, nationality, ethnicity, sexual orientation, age, marital status or other characteristics. We are Disability Confident Accredited and aim to provide reasonable adjustments during recruitment.
#J-18808-Ljbffr