Compliance Officer

About us 

We are a leading consultancy with a purpose to make an enduring impact on health and healthcare. We work with leaders and frontline teams to improve health, transform healthcare, drive adoption of innovation and create value through investment. 

Our consultancy serves the entire healthcare sector, from payors and providers of care, to life science companies, health tech and sector suppliers and health investors. We provide end-to-end services, from strategy through implementation, accelerated by data, digital and AI. 

We shape opinion through evidence-based thought leadership on key issues affecting health. With unmatched ability to access and use health data, our consultants are a driving force for delivering positive and meaningful change. 

About the role

The Compliance Officer sits within the Data Operations team and reports directly to the Director of Data, Analytics and Intelligence. The role is the operational coordinator for information governance (IG), data protection, and regulatory compliance across CF. It is also an enabling role within Data Operations, responsible for the workflow management and project coordination that allows the team to operate efficiently. The Compliance Officer provides day-to-day coverage of the DPO responsibilities that sit beneath the Director of Data, Analytics and Intelligence, who holds the statutory Data Protection Officer designation. The Compliance Officer will undertake recognised DPO training and certification, enabling them to act as the primary point of contact for all compliance-related queries across the business. 

 The role primarily spans three interconnected business functions — IT, People, and Data Operations — with additional support to the wider corporate team as needed. The Compliance Officer is responsible for reducing regulatory risk, maintaining audit readiness, and providing structured assurance to the Board and Executive Committee. Responsibilities include information governance and data protection, ISO certification coordination, data breach compliance and incident response, people and employment compliance, regulatory monitoring, and legal and IP query management. As with all corporate functions, the role will span compliance obligations across existing and emerging geographies (UK, Middle East and Europe). 

 This is an excellent opportunity for a graduate with a legal background — or someone early in their compliance career — to develop a broad and substantive compliance portfolio within a dynamic, data-rich healthcare consultancy. Full training and professional development support will be provided. 

Responsibilities 

The requirements, responsibilities and duties of the role will include, but are not limited to: 

Policy Development and Maintenance 

• Develop, maintain and regularly review internal compliance policies to ensure staff are equipped to meet regulatory obligations, including: 

• Data protection and privacy policies, including employee and candidate privacy notices 

• Employment contracts 

• Associate agreements and Statements of Work (SoWs) 

• Anti-bribery and conflicts of interest policies 

• Information security policies aligned to ISO 27001 

• Identify and flag compliance issues, deviations from standard terms, or matters with wider legal or commercial implications, escalating to the People team and legal advisors as appropriate 

• Own the annual policy review cycle, coordinating with relevant function leads to ensure policies remain current and fit for purpose 

• Develop accessible plain-English guidance and FAQs to support staff understanding and day-to-day compliance 

Data Protection Officer 

• Act as the operational Data Protection Officer and primary internal contact handling day-to-day data protection queries, escalating to the Director of Data, Analytics and Intelligence as required, relating to: 

• UK GDPR compliance queries 

• CF technical products (e.g. HealthStrata) 

• Maintain and update Records of Processing Activities (ROPAs) across the business, working with data owners to ensure completeness and accuracy 

• Maintain the Information Asset Register (IAR) across CF, ensuring it reflects current systems, data flows and processing activities 

• Review and advise on Data Protection Impact Assessments (DPIAs) and Data Sharing Agreements (DSAs) for new projects, client engagements and internal systems, working with technical leads and project managers to identify and mitigate risks 

Data Breach Compliance and Incident Response 

• Ensure CF’s data breach policy and incident response process is embedded across the business and adhered to consistently 

• Act as the first point of contact for suspected or confirmed data breaches, leading the internal response and coordinating with relevant function leads 

• Maintain a data incident and breach register, ensuring all incidents are documented with appropriate detail for regulatory audit purposes 

• Conduct post-incident reviews to identify root causes and drive remediation, reporting findings and lessons learned to the IG Committee and senior leadership 

• Develop and deliver breach awareness training so that all staff understand their obligations to report suspected incidents promptly 

Information Governance Coordination 

• Coordinate the monthly IG Committee, including scheduling, agenda-setting, minute-taking and action tracking 

• Prepare briefing materials and compliance reports for the Committee, including updates on training completion, audit status, incident logs, breach register and regulatory developments 

• Follow up on actions and decisions arising from Committee meetings, maintaining a live action log and escalating overdue items as required 

• Support the Director of Data, Analytics and Intelligence in fulfilling the governance obligations arising from Committee oversight 

• Work closely with the Director of Data, Analytics and Intelligence and the Office and Facilities Manager to coordinate CF’s annual ISO 27001 (Information Security Management) and ISO 9000 (Quality Management) audit programmes including: 

• Managing audit preparation, scheduling and evidence-gathering, working with relevant teams to ensure readiness 

• Liaising with external auditors and certification bodies, acting as the primary point of contact throughout the audit cycle 

• Maintaining and updating the Information Security Management System (ISMS) documentation, including policies, risk registers and statement of applicability 

• Tracking corrective actions and non-conformances (NCRs) arising from audits, following up with responsible owners to ensure timely resolution 

• Maintaining and updating CF’s information security and governance policies in line with ISO requirements, coordinating the annual policy review cycle 

• Supporting continuous improvement of CF’s information security and quality management practices 

Training and Awareness 

• Maintain and deliver the CF-wide IG training programme, including mandatory annual training for all staff and induction training for new joiners 

• Develop training materials and internal communications to promote IG and data protection awareness across CF, including accessible guidance on GDPR obligations, information security practices and ethical conduct 

• Monitor and report on training completion rates, maintaining auditable records of compliance and reporting to the IG Committee and senior leadership 

• Deliver refresher compliance training covering GDPR, information security, data breach obligations and anti-bribery requirements 

Data Operations Workflow Management 

• Maintain the Data Operations intake and triage process for incoming data requests, ensuring requests are logged, prioritised, assigned and tracked through to completion with clear visibility for the Director of Data, Analytics and Intelligence and Lead Data Engineer. 

• Implement and maintain Agile working practices within Data Operations, including sprint planning, backlog management, stand-ups and retrospectives, adapted appropriately for a small data operations team 

Maintain a live view of team capacity and workload across Data Operations, supporting the Director of Data, Analytics and Intelligence in resource allocation and prioritisation decisions