Head of Compliance & DPO
The Opportunity
A leading software and services organisation is seeking an aspiring GRC focused information security professional as a Head of Compliance & Data Protection Officer to lead its governance, risk, compliance and data protection function.
Operating within a highly regulated, data-rich environment, the organisation processes significant volumes of sensitive personal and financial information on behalf of its customers. As a result, compliance, information security and risk management play a critical role in maintaining operational excellence and client trust.
The company operates a hybrid working policy where you will be in the office 3 days a week on a flexible basis.
The Role
In this key leadership position, you will be responsible for overseeing the organisation's compliance framework, maintaining important certifications and accreditations, and ensuring robust governance arrangements remain in place across the business.
Managing a small team, you will work closely with colleagues across technology, operations and leadership teams, providing practical guidance on compliance, risk and data protection matters while helping drive continuous improvement across the organisation. Specifically you will:
- Lead the governance, risk and compliance (GRC) function.
- Maintain and enhance compliance frameworks, policies and controls.
- Manage internal and external audits and accreditation activities.
- Oversee compliance with standards including:
- ISO 27001
- ISO 9001
- ISAE 3402
- Cyber Essentials Plus
- Industry-specific assurance and audit requirements.
- Act as the organisation's Data Protection Officer, providing expert guidance on GDPR and data protection obligations.
- Manage data protection incidents, investigations and reporting requirements.
- Conduct supplier and third-party risk assessments.
- Promote compliance awareness and risk management best practice across the business.
- Provide pragmatic, risk-based advice that supports commercial objectives while maintaining regulatory compliance.
The Person
As a GRC focused information security professional, you will have:
- Experience managing compliance frameworks and certification programmes, notably ISO 27001.
- Strong understanding of information security governance and risk management.
- Knowledge of GDPR and data protection requirements.
- Experience supporting or leading audits and accreditation activities.
- Strong stakeholder management and influencing skills.
- A pragmatic, commercially aware approach to compliance and risk.
- The ability to balance regulatory requirements with business objectives.
Desirable
- Information security certifications such as CISM, ISO 27001 Lead Auditor
- Formal Data Protection Officer qualification.
- Previous leadership or people management experience.
IT Leadership and Cyber Security
Newcastle Office
DD: +44 191 269 0718
M: +44 750 122 4773
E: paul.newton@nigelwright.com