Director, Regulatory Affairs & Quality in City of London

About CourtCorrect

CourtCorrect is the market-leading AI software for complaints resolution in regulated industries. We support businesses across the UK to identify, respond to and learn from complaints. Founded at the University of Cambridge, we are a team of engineers, designers, scientists and commercial operators. Following a £2m+ Seed round, we are scaling rapidly across financial services and other regulated sectors.

We are hiring a Compliance Manager to join our Legal & Compliance function, reporting directly to the Head of Legal & Compliance. This is a specialist compliance role with deep ownership of CourtCorrect's data protection, information security and AI compliance operations — supporting a fast-growing AI company through complex enterprise client engagements and an evolving regulatory landscape.

You will take meaningful ownership from day one of compliance frameworks, GDPR operations, third-party risk, due diligence responses, NDA review, contract operations and continuous compliance tooling — with scope to grow into independent ownership of CourtCorrect's compliance function.

• Owning day-to-day GDPR compliance: records of processing (ROPAs), DPIAs, legitimate interest assessments, transfer risk assessments (TRAs), and data subject rights handling
• Maintaining the data protection register and ensuring all processing activities are accurately documented under UK GDPR and EU GDPR
• Supporting the DPO on regulatory matters, breach assessments and ICO correspondence
• Operationalising international data transfer mechanisms (SCCs, IDTA, TRAs)

• Conducting and documenting sub-processor risk assessments (including AI/LLM vendors such as OpenAI), maintaining the sub-processor register, and supporting customer notification obligations under DPAs
• Running vendor risk assessments across data protection, information security and AI risk dimensions
• Maintaining the third-party risk register and ensuring periodic re-assessment of critical vendors
• Operating CourtCorrect's continuous compliance platform (Vanta), including evidence uploads, control monitoring, and remediation tracking for ISO 27001 and related frameworks
• Coordinating with the Information Security Team Lead on control implementation, audit preparation, and surveillance reviews
• Maintaining the ISMS documentation suite, risk register and policy register

• Leading end-to-end responses to client and vendor due diligence, including data protection, information security, AI risk and financial services regulatory questionnaires
• Producing high-quality, commercially aware responses that present CourtCorrect's controls clearly and accurately, with appropriate supporting evidence and consistent positioning across questionnaires
• Escalating complex matters with clear analysis
• Building and maintaining a reusable DD response library to improve efficiency and consistency over time

• Flagging contractual compliance obligations (audit rights, sub-processor notifications, security commitments) to the Head of Legal & Compliance for action
• Escalating substantive contract matters (MSAs, DPAs, complex amendments) to the Head of Legal & Compliance with a clear summary of the key points

• Operationalising and maintaining internal compliance policies across UK and EU GDPR, AI governance, information security, anti-bribery and ethics
• Running regular internal compliance checks, policy attestations and evidence collection across the business
• Escalating issues to the Head of Legal & Compliance with clear analysis and proposed actions
• Maintaining CourtCorrect's AI governance documentation, including model risk records, EU AI Act classification evidence and human-in-the-loop control documentation
• Tracking AI regulatory developments (EU AI Act, ICO AI guidance, sector-specific AI rules) and preparing concise summaries with recommendations
• Owning CourtCorrect's legal and compliance document infrastructure: structuring, organising and maintaining contract repositories, compliance evidence libraries and policy registers
• Managing day-to-day document operations: filing executed contracts, NDAs and compliance records in the appropriate repositories; Maintaining GDPR records, DPIAs, risk logs, policy attestations, audit trails and evidence repositories to audit-ready standard
• Operating retention schedules and conducting periodic clean-up of legal and compliance records
• Ensuring file naming, version control and access permissions remain consistent and well-governed as the business scales

3+ years of dedicated experience in data protection, privacy or compliance roles at SaaS, technology or regulated businesses

• Hands-on experience reviewing and negotiating NDAs against a playbook, with sound commercial judgment on routine variations
• Demonstrable experience leading client due diligence responses end-to-end, including information security and AI risk questionnaires
• Hands-on experience with continuous compliance platforms (Vanta, Drata, Secureframe or equivalent) and ISO 27001 evidence management
• Experience with financial services client environments (FCA-regulated firms as customers or counterparties)
• Experience supporting SOC 2 audits or other compliance frameworks beyond ISO 27001
• Experience reviewing DPAs and other privacy-related contractual annexes against compliance checklists

Direct mentorship from the Head of Legal & Compliance, with a clear path to independent ownership of CourtCorrect's compliance function

Deep, specialist work at the intersection of AI, data protection and information security — at one of the UK's leading AI legal-tech companies

Real influence on how a scaling AI company builds its compliance function

EMI share option scheme participation

Hybrid working and a collaborative team