ComplianceandRegulatoryAssociate

This is a newly created role, driven by business growth and the expanding scope of our compliance programme. You will work directly alongside our Information Security Lead/DPO and our Regulatory Affairs Specialist, providing hands-on support across both information security and quality/regulatory functions. Your primary focus will be information security and data protection, supporting ISMS operations, supplier assessments, and infosec-related processes, and supporting quality management and regulatory affairs. You will own a real workload from day one, with clear mentorship and room to grow into a specialist role. We welcome applications from people with a variety of backgrounds and experiences. Compliance expertise can be built in many different ways, and we're more interested in how you think, how you work, and what you bring to the team than in whether your CV matches every bullet point. If this role interests you, please apply. KEY RESPONSIBILITIES Information Security & Data Protection - Support the maintenance of our ISO 27001 ISMS by updating policies, procedures, and control evidence, and helping prepare for internal and external audits. - Assist with data protection administration: maintaining records of processing activities, supporting data subject access requests, and tracking compliance obligations under UK GDPR and relevant US frameworks including HIPAA. - Coordinate security testing activity, working with the InfoSec Lead to scope, schedule, and track penetration testing and vulnerability assessments, and following up on remediation actions. - Support supplier and vendor management: processing third-party security assessments, maintaining the vendor risk register, and chasing outstanding responses. - Manage security-related onboarding and offboarding processes, including access control reviews and checklist completion. - Maintain the security incident register, support initial triage and documentation of incidents, and track CAPAs through to closure.