Accessibility
Font

Turing this off will require an explicit click to open and close menus that would open on hover.

Colour modes
High contrast themes
Reading mode

Head of Compliance & DPO

 Newcastle upon Tyne  Permanent  c. £60,000 Ref: 418606

The Opportunity

A leading software and services organisation is seeking an aspiring GRC focused information security professional as a Head of Compliance & Data Protection Officer to lead its governance, risk, compliance and data protection function.

Operating within a highly regulated, data-rich environment, the organisation processes significant volumes of sensitive personal and financial information on behalf of its customers. As a result, compliance, information security and risk management play a critical role in maintaining operational excellence and client trust.

The company operates a hybrid working policy where you will be in the office 3 days a week on a flexible basis.

The Role

In this key leadership position, you will be responsible for overseeing the organisation's compliance framework, maintaining important certifications and accreditations, and ensuring robust governance arrangements remain in place across the business. 

Managing a small team, you will work closely with colleagues across technology, operations and leadership teams, providing practical guidance on compliance, risk and data protection matters while helping drive continuous improvement across the organisation. Specifically you will:

  • Lead the governance, risk and compliance (GRC) function. 
  • Maintain and enhance compliance frameworks, policies and controls. 
  • Manage internal and external audits and accreditation activities. 
  • Oversee compliance with standards including:
    • ISO 27001
    • ISO 9001
    • ISAE 3402
    • Cyber Essentials Plus
    • Industry-specific assurance and audit requirements.
  • Act as the organisation's Data Protection Officer, providing expert guidance on GDPR and data protection obligations.
  • Manage data protection incidents, investigations and reporting requirements.
  • Conduct supplier and third-party risk assessments. 
  • Promote compliance awareness and risk management best practice across the business. 
  • Provide pragmatic, risk-based advice that supports commercial objectives while maintaining regulatory compliance.

The Person

As a GRC focused information security professional, you will have:

  • Experience managing compliance frameworks and certification programmes, notably ISO 27001.
  • Strong understanding of information security governance and risk management.
  • Knowledge of GDPR and data protection requirements. 
  • Experience supporting or leading audits and accreditation activities. 
  • Strong stakeholder management and influencing skills. 
  • A pragmatic, commercially aware approach to compliance and risk. 
  • The ability to balance regulatory requirements with business objectives.

Desirable

  • Information security certifications such as CISM, ISO 27001 Lead Auditor
  • Formal Data Protection Officer qualification. 
  • Previous leadership or people management experience.
Applications are also sought from individuals looking to make the next step in their career.

Apply here

 Select or drag your CV here

By submitting your details, you are indicating your consent to receiving marketing emails from us and you have read and understood our Privacy Notice.

Paul's Photo
Paul Newton

Principal Consultant

IT Leadership and Cyber Security

Newcastle Office
DD: +44 191 269 0718
M: +44 750 122 4773
E: paul.newton@nigelwright.com