Lead Data Compliance/Security

Company Description Heatly recently welcomed United Living Group as a majority shareholder. The strategic partnership underpins our future growth by providing the financial strength and industry needed to expand our services and reach. United Living Group's investment enables Heatly to enhance our capabilities, broaden our product scope and accelerate our market expansion efforts.  Job Description The purpose of the Data Compliance Manager role is to ensure that the organization adheres to all relevant data protection regulations, policies, and best practices. This role is critical in managing and overseeing data compliance initiatives such as ISO27001, safeguarding sensitive information, and maintaining the organization’s commitment to data privacy. The Lead Data Compliance will drive the development and implementation of data protection strategies, ensure compliance with regulatory requirements, and provide expert guidance on data governance and risk management. Key Responsibilities: Data Compliance Management: Develop, implement, and maintain data compliance policies and procedures in alignment with relevant data protection laws and regulations (e.g., GDPR, CCPA). Monitor and assess the organization’s data processing activities to ensure adherence to legal and regulatory requirements. Conduct regular audits and assessments to evaluate data compliance and identify areas for improvement. Risk Assessment and Mitigation: Identify and assess data protection risks and develop strategies to mitigate these risks effectively. Oversee the implementation of data protection measures and ensure they are integrated into organizational processes. Address and resolve any data breaches or compliance issues, working with relevant teams to implement corrective actions. Regulatory and Legal Compliance: Stay informed about changes in data protection laws and regulations and ensure the organization’sractices are updated accordingly. Prepare and submit required regulatory reports and documentation related to data compliance. Serve as the primary point of contact for regulatory authorities and manage communications regarding data compliance matters. Training and Awareness: Develop and deliver data compliance training programs for employees to raise awareness and ensure understanding of data protection practices. Provide ongoing support and guidance to staff on data compliance issues and best practices. Promote a culture of data protection and privacy within the organization. Documentation and Reporting: Maintain comprehensive records of data processing activities, compliance audits, and risk assessments. Prepare detailed reports and documentation on data compliance status and issues for senior management and stakeholders. Ensure that data protection policies and procedures are well-documented and accessible. Collaboration and Support: Work closely with IT, legal, and other departments to ensure data protection measures are effectively implemented and maintained. Provide expert advice and support on data compliance matters, including data protection impact assessments (DPIAs) and data subject access requests (DSARs). Collaborate with external partners, vendors, and consultants on data compliance initiatives and audits. Qualifications Education: Bachelor’s or Master’s degree in Law, Information Security, Data Management, or a related field. Experience: Extensive experience in data compliance or data protection roles, with a strong understanding of relevant data protection laws and regulations. Knowledge: In-depth knowledge of data protection frameworks (e.g., GDPR, CCPA) and data governance practices. Analytical Skills: Strong analytical skills with the ability to assess risks, develop mitigation strategies, and interpret complex regulatory requirements. Communication: Excellent verbal and written communication skills, with the ability to convey complex compliance issues clearly and effectively. Attention to Detail: High level of attention to detail and accuracy in managing data compliance tasks and documentation. Problem-Solving: Proactive problem-solving skills with the ability to address and resolve data compliance issues efficiently. Desirable: Certifications in data protection (e.g., CIPP/E, CIPM, CIPT) or information security (e.g., CISSP, CISM). Experience with data protection impact assessments (DPIAs) and data subject access requests (DSARs). Familiarity with data compliance technologies and tools. Additional Information Benefits: Company pension scheme  28 days holiday (including bank holidays) Company life insurance and health care scheme Employee benefits package that includes training and development opportunities