Compliance & Data Protection Lead in London

We are seeking an experienced Compliance or Data Protection professional who is ready to take the next step in their career into a broader ownership role. This position is ideal for someone currently working as a Compliance Specialist, Compliance Officer, or Data Protection professional who is ready to take responsibility for compliance and data protection activities and develop into a future Compliance Manager and Data Protection Officer.

You will play a key role in maintaining and developing our compliance, security and data protection frameworks, ensuring our systems, data and processes meet regulatory, contractual and certification requirements. You will work closely with technical teams, leadership and external stakeholders to manage risk, support audit readiness and strengthen governance across the organisation.

Cezanne HR Limited is in a rapidly growing phase, so expect a dynamic and evolving environment with significant opportunity to take ownership, drive improvements and build capability in a growing function. The successful candidate will be confident working independently, making decisions within their remit, and developing their expertise further.

We are a remote-first company, and this role can be remote within the UK or Ireland, or hybrid from our London or Glasgow offices.

• Compliance & Information Security

• Take operational ownership of day‐to‐day compliance and information security activities.
• Maintain and support the ISO27001 Information Security Management System (ISMS).
• Coordinate internal and external audits, including evidence gathering and audit preparation.
• Conduct risk assessments and support control monitoring activities.
• Maintain compliance policies, procedures and risk registers.
• Ensure alignment with contractual, regulatory and customer security requirements.

• Support and develop the organisation's data protection framework in line with UK GDPR and EU GDPR.
• Maintain data protection documentation including policies, DPIAs and records of processing activities.
• Manage Data Subject Access Requests (DSARs) and privacy queries.
• Support incident response and breach management processes.
• Provide practical data protection guidance to internal teams.
• Support Data Protection Officer responsibilities with increasing ownership over time.

• Manage customer security questionnaires, due diligence requests and third‐party assessments.
• Support sales and account teams with compliance evidence and assurance materials.
• Maintain standard compliance documentation and security packs.
• Participate in customer and supplier audit processes.

• Identify opportunities to improve and streamline compliance processes.
• Support implementation of governance tooling, automation and improved workflows.
• Contribute to projects that enhance efficiency, scalability and control effectiveness.

• Work cross‐functionally with IT, Product, HR, Operations and Commercial teams.
• Deliver compliance and data protection guidance and training.
• Promote strong security and privacy practices across the organisation.

• Review NDAs, Data Processing Agreements (DPAs) and security/privacy clauses.
• Support RFP responses and customer risk assessments.
• Help ensure contractual commitments align with operational practices.

• Solid experience in a compliance, data protection or information security role (e.g. Compliance Specialist, Officer, Analyst or similar).
• Strong working knowledge of UK GDPR and/or EU GDPR.
• Experience working with ISO27001, Cyber Essentials or similar frameworks.
• Practical understanding of risk management, controls and governance processes.
• Experience supporting audits, compliance programmes or assurance activities.
• Ability to interpret regulatory requirements and apply them pragmatically.
• Experience working in a technology, SaaS or data‐driven environment.
• Strong organisational and communication skills.
• Ability to work independently and take ownership of responsibilities.

• Exposure to certification audits or compliance programme ownership.
• Professional qualifications or training in data protection or information security (e.g. CIPP/E, ISO27001 awareness).
• Experience responding to tenders or customer security questionnaires.
• Exposure to GRC or governance tooling.

• Ready to take ownership and step into a broader compliance leadership role.
• Confident working independently and managing priorities.
• Detail‐oriented and commercially pragmatic.
• Proactive and solutions‐focused.
• Comfortable operating in a fast‐moving environment.

• 28 days holiday + bank holidays.
• A day off for your birthday.
• £250 working from home budget.
• Health Insurance, Life Assurance and Income Protection.
• Employee assistance program.
• A culture built on flexibility and trust.
• Regular social events, remotely and in person.

Cezanne HR is an equal opportunity employer, and we value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status or disability status.