Data Compliance Lead

We are seeking an experienced Data Compliance Lead to drive our organisation’s compliance, governance, and data protection strategy. This role will play a key part in ensuring our business meets regulatory obligations, maintains strong security practices, and embeds compliance-by-design across all operations and product lines. This is an excellent opportunity for someone who thrives in a fast-moving environment, enjoys autonomy, and wants to shape the future of data governance and compliance within a growing organisation. Key Responsibilities Serve as the organisation’s Data Protection Officer (DPO) and act as the main point of contact for regulatory bodies such as the ICO. Lead compliance activities across key frameworks including GDPR, HIPAA, ISO27001, Cyber Essentials Plus, and emerging standards. Manage and evolve the organisation’s Information Security Management System (ISMS), policies, and documentation. Oversee GRC tooling for evidence tracking, risk management, and continuous improvement. Conduct internal audits, support external audit processes, and manage corrective actions. Lead DPIAs, RoPA maintenance, PHI compliance processes, and data subject rights requests. Deliver staff training on GDPR, HIPAA, security, and privacy best practices. Support stakeholder groups with vendor risk assessments, procurement questionnaires, and customer compliance requests. Oversee international data transfer mechanisms and ensure compliance with global data protection requirements. Play a key role in incident response, breach assessment, and regulatory notification procedures.About You You will excel in this role if you have: Essential Experience Strong working knowledge of GDPR and international data protection laws. Hands-on experience with ISO27001 implementation and maintenance. Understanding of cyber and security compliance frameworks. Excellent documentation, organisation, and communication skills. Confidence engaging with auditors, regulators, customers, and senior stakeholders.Desirable Experience HIPAA and healthcare/health?tech compliance experience. SOC2 knowledge. Understanding of cloud security and SaaS environments.Qualifications (desirable but not required) CIPP/E, CIPM, CIPT ISO27001 Lead Implementer / Lead Auditor HCISPP or relevant HIPAA training Security/GRC certifications (e.g., Security+, ISC², ISACA)Why Apply? Opportunity to shape compliance strategy at an organisational level. Work with a supportive, forward-thinking leadership team. Join a company investing heavily in security, privacy, and governance maturity. Competitive salary between £55,000–£70,000, plus benefits