Head of Compliance

Join to apply for the Head of Compliance role at Regia Ceramica

3 weeks ago Be among the first 25 applicants

Join to apply for the Head of Compliance role at Regia Ceramica

Get AI-powered advice on this job and more exclusive features.

Department: Finance and Business Services

Location: London/Harold Wood

Application Deadline: 28 May 2025

Department: Finance and Business Services

Location: London/Harold Wood

Description

Role: Head of Compliance
Location: London (Hybrid Working), with occasional travel to our Romford and Edinburgh offices
Department: Finance & Business Services
Grade: 5
Contract: Permanent

The Head of Compliance & Data Protection Officer (DPO) is a key leadership role responsible for ensuring NatCen complies with all applicable legal, regulatory, and ethical obligations. This includes overseeing compliance frameworks, managing data protection as the designated DPO, and leading the information security function to safeguard the organisation’s data and digital assets.

The role will work closely with senior leadership, external regulators, and internal teams to develop and maintain a culture of compliance, mitigate risk, while ensuring best practices and standards of data governance, integrity and security are adhered to.

While not expected to be a qualified or expert Health and Safety practitioner, this role will have management responsibility for the Health and Safety officer.

Key Responsibilities

1. Data Protection & GDPR Compliance (As the Designated Data Protection Officer – DPO)

• Act as NatCen’s Data Protection Officer (DPO), ensuring compliance with the General Data Protection Regulation (GDPR), Data Protection Act, and other relevant privacy laws.
• Develop and maintain the organisation’s data protection policies, procedures, and frameworks.
• Ensure compliance with ethical research guidelines (e.g., ESRC Framework for Research Ethics, ICO research exemptions, and confidentiality obligations).
• Provide expert guidance on the collection, storage, processing, and sharing of highly sensitive respondent data.
• Conduct Data Protection Impact Assessments (DPIAs) for research projects involving personal or sensitive data, ensuring that risks to participants are mitigated.
• Develop governance frameworks for handling new and emerging data sources, such as social media scraping, biometric data, or real-time behavioural analytics.
• Address ethical concerns around AI-powered survey tools, ensuring that data is collected transparently, securely, and with full informed consent.
• Oversee compliance with international data-sharing agreements, ensuring secure transfers across jurisdictions while complying with GDPR, UK Data Protection Act, and data sovereignty laws.
• Ensure that research involving international partnerships adheres to differing privacy laws (e.g., EU GDPR, US HIPAA, India’s DPDP Act, China’s PIPL) and ethical guidelines.
• Serve as the main point of contact for data protection authorities and oversee responses to regulatory inquiries or audits.
• Lead the management of data subject access requests (DSARs) and other individual rights under GDPR.
• Conduct data protection impact assessments (DPIAs) and advise on privacy risks associated with new projects or systems.
• Provide expert advice and training to staff on data protection responsibilities and best practices.
• Monitor and report on personal data breaches, ensuring regulatory reporting obligations are met.

2. Compliance & Regulatory Oversight

• Develop, implement, and manage an effective compliance management framework aligned with relevant laws, industry standards, and best practices.
• Ensure the organisation adheres to all applicable regulatory requirements.
• Act as the main point of contact for regulatory bodies, ensuring smooth communication and cooperation.
• Conduct regular compliance risk assessments, identifying gaps and implementing mitigation strategies.
• Lead internal and external compliance audits, ensuring findings are addressed in a timely manner.
• Oversee whistleblowing and ethical compliance procedures to ensure a culture of integrity and transparency.
• Develop and deliver training programs to raise awareness of compliance obligations across the organisation.

3. Information Security & Cyber Risk Management

• Provide strategic leadership in information security governance, ensuring that IT systems, data, and assets are protected.
• Oversee the Information Security team, ensuring the implementation of policies aligned with recognised frameworks (e.g., ISO 27001, NIST, CIS).
• Ensure compliance with Cybersecurity & IT risk management frameworks, addressing security vulnerabilities proactively.
• Oversee the management of security incidents, including investigations, root cause analysis, and remediation.
• Ensure alignment between information security, data protection, and regulatory compliance strategies.
• Develop a crisis response plan for handling ethical controversies, data breaches, or participant complaints, including proactive risk communication strategies.
• Engage with senior stakeholders to ensure business continuity and incident response planning are robust.

4. Risk Management & Governance

• Lead and develop the enterprise risk management framework, ensuring proactive identification, assessment, and mitigation of risks.
• Report regularly to the Leadership Team and Risk and Audit Committees on compliance and security matters.
• Develop policies and procedures to ensure ongoing compliance with corporate governance standards.
• Provide expert guidance on legal and regulatory risks impacting the organisation’s strategic objectives.
• Oversee the integration of compliance and risk frameworks into business operations.
  
  

Skills, Knowledge and Expertise

Essential Qualifications & Experience:

• Demonstrable experience in compliance, data protection, or information security, in a leadership role.
• Deep expertise in GDPR, UK Data Protection Act, and other global privacy regulations.
• Strong knowledge of industry compliance standards, including ISO 27001, or other relevant frameworks.
• Proven experience in managing regulatory relationships and handling investigations or audits.
• Strong understanding of cybersecurity principles and risk management in an enterprise environment.
• Experience in leading teams, mentoring staff, and managing organisational change.

Desirable Qualifications & Certifications:

• Professional certifications such as CIPP/E, CIPM, CISSP, CISM, ISO 27001 Lead Implementer, ICA Compliance, or similar.
• Working in a data intensive organisations with a large stakeholder base.

Key Skills & Attributes:

• Leadership & Strategic Thinking: Ability to drive compliance strategy and influence senior leadership.
• Regulatory Expertise: Strong understanding of legal and regulatory landscapes.
• Risk Management Acumen: Ability to identify and mitigate organisational risks effectively.
• Communication & Stakeholder Engagement: Skilled in engaging with regulators, trustee board, leadership team, and teams at all levels.
• Technical Understanding: Knowledge of information security, cybersecurity frameworks, and digital risk.
• Problem-Solving & Decision-Making: Ability to navigate complex compliance challenges with a pragmatic approach.
  
  

Benefits

As well as a competitive salary and an excellent working environment (including a home/office hybrid working environment), you will be working for the largest independent social research organisation in the UK. We are proud of the benefits we offer our employees which include:

• 25 days holiday (plus bank holidays) rising to 30 days holiday after three years’ service
• An excellent defined contribution pension scheme with NatCen contributing 7.5% of your salary
• Extensive flexible working arrangements, including part-time and remote working, suiting people at different stages in their life and career
• Personal and professional development
• Enhanced maternity, paternity and adoption pay
• Discount packages with a range of retailers, e.g. shopping, utilities and leisure
• Cycle to Work scheme
• Season Ticket Loan
• Free eye tests
• Health Cash Plan
• Payment of one professional subscription
• Group Life Assurance paying up to 5 x the annual salary to nominated beneficiaries in the event of death in service

• Seniority level
  Director

• Employment type
  Full-time

• Job function
  Legal
• Industries
  Hospitals and Health Care, Non-profit Organizations, and Government Administration

Referrals increase your chances of interviewing at Regia Ceramica by 2x

London, England, United Kingdom 1 month ago

London, England, United Kingdom 1 week ago

Watford, England, United Kingdom 1 week ago

Uxbridge, England, United Kingdom 3 weeks ago

London, England, United Kingdom 2 weeks ago

London, England, United Kingdom 5 days ago

London, England, United Kingdom 2 weeks ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 1 month ago

London, England, United Kingdom 2 weeks ago

Uxbridge, England, United Kingdom 6 days ago

London, England, United Kingdom 7 hours ago

London, England, United Kingdom 2 weeks ago

London, England, United Kingdom 1 month ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 5 days ago

London, England, United Kingdom 1 day ago

Greater London, England, United Kingdom 1 week ago

Greater London, England, United Kingdom 1 week ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 4 weeks ago

London, England, United Kingdom 6 days ago

London, England, United Kingdom 5 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.