Job description
Company Description
CareLoop Health is focused on providing predictive, personalised care for people living with severe mental illness. Our goal is to accurately predict and prevent mental health problems. We collaborate with service users, carers, clinicians, researchers, and other stakeholders to leverage digital technology and data insights to improve outcomes in mental health. Our products for psychosis have been proven safe, effective, and user-friendly in research trials.
Role Description
CareLoop Health is seeking an experienced Information Governance & Compliance Manager to take ownership of our regulatory and information governance frameworks. This is a part-time role (0.5 FTE) with clear authority and accountability, reporting directly to the COO and working closely with technical, product and operational teams, alongside external compliance advisers.
CareLoop delivers digital health solutions supporting people with serious mental illness. Maintaining robust, proportionate and commercially pragmatic compliance systems is central to our credibility, growth and partnerships within the NHS and US markets.
This is a hands-on role with responsibility for maintaining and continuously improving our Quality Management and Information Governance systems, ensuring ongoing compliance with ISO 13485, HIPAA, DTAC, NHS DSP Toolkit and Cyber Essentials Plus.
The successful candidate will act as the internal owner of quality and information governance, ensuring systems, processes and software remain audit-ready and aligned with regulatory and customer expectations.
This is a part-time role at CareLoop Health with flexibility for remote work.
Diversity
We welcome applications from all backgrounds.
Right to work in the UK
You must have the right to work in the UK.
Responsibilities
Quality & Regulatory Leadership
Own and lead the organisation's Quality Management System in accordance with ISO 13485.
Ensure ongoing compliance with HIPAA, DTAC, NHS DSP Toolkit and Cyber Essentials Plus.
Plan and coordinate external audits, assessments and certification activities.
Manage internal audits, non-conformances and corrective actions, embedding continuous improvement.
Maintain effective document control and ensure policies, procedures and records remain inspection-ready.
Risk, Governance & Continuous Improvement
Lead risk management activities, including product, information security and operational risk assessments.
Support data protection, security governance and clinical safety oversight where required.
Embed a culture of proportionate governance across teams, balancing regulatory compliance with business agility.
Provide clear reporting to senior leadership on compliance status, risks and remediation actions.
Stakeholder Engagement
Act as the primary internal point of contact for quality and information governance matters.
Support customer, partner and investor due diligence activities.
Provide practical, solution-focused guidance to technical and non-technical colleagues.
Contribute to maintaining a values-driven culture of accountability and transparency.
Key Authorities
Delegated authority to maintain and coordinate ISO 13485 and associated governance frameworks.
Authority to oversee audit preparation and remediation activity.
Authority to escalate quality, safety or information security risks directly to senior leadership.
Authority to recommend corrective actions and process improvements to maintain compliance and operational integrity.
Skills & Experience
Essential
Demonstrable experience in an Information Governance or Quality role within a regulated environment.
Strong working knowledge of ISO 13485.
Practical experience of HIPAA, DTAC, NHS DSP Toolkit and Cyber Essentials Plus.
Proven experience managing audits and maintaining certification.
Ability to operate independently and prioritise effectively in a part-time leadership role.
Excellent communication skills, with the ability to translate regulatory requirements into pragmatic operational actions.
Desirable
Experience within digital health, SaMD or regulated software environments.
Understanding of secure software development practices.
Experience working within early-stage or scaling organisations.
Formal auditor qualification.
What we offer
Annual salary, up to £35,000 (pro rata for 0.5FTE)
Hybrid role (office presence by agreement)
12.5 days holiday + UK bank holidays (pro-rata).
Birthday leave
Opportunity to play a central role in scaling a high-impact digital health company
Application Process
Applications reviewed
Panel interview (max 45 mins)
Second interview with senior leadership team (max 30 mins)
Decision