Head of Regulatory

Dyad is seeking a Head of Regulatory to own and operationalise our regulatory and compliance system as a core part of how we build products. This is a senior, working leadership role responsible for ensuring that medical device, quality, safety, and information security standards are embedded into day-to-day product and engineering workflows. The role is designed to build durable internal regulatory capability and position regulatory excellence, data protection, and clinical safety as a competitive differentiator rather than a cost centre. This role includes line management responsibility from day one and is offered on a hybrid basis from our London office.

Core responsibilities

• Take responsibility for day-to-day management of Dyad’s QMS and routine regulatory approvals, as well as expanding the set of frameworks we are in compliance with. This includes ISO standards such as 13485 and 27001, NHS standards such as DSPT, CyberEssentials+, and DCB0129, and other needs such as SOC2 for our US customers.
• Design, operate, and continuously improve Dyad’s compliance framework across:
• Software lifecycle compliance
• Clinical safety integration
• Information security and data protection
• Ensure compliance processes are usable, scalable, and integrated into product and engineering workflows.
• Maintain audit-readiness as a default state across the entire company.
• Own preparation, execution and follow-up for audits and certifications.
• Respond to external data protection inquiries and requests, and manage customer interactions around compliance.
• Work in conjunction with our CSO and DPO.
• Treat regulatory requirements as design constraints, not blockers.
• Proactively reduce friction in compliance-heavy workflows.
• Innovate in how compliance is implemented, documented, and maintained, with a focus on making it easier and safer to ensure regulatory and compliance excellence.
• Educate teams so compliance becomes habitual and embedded rather than reactive.
• Own operational implementation of cybersecurity standards as well as data protection and privacy-by-design across the business, including but not limited to GDPR, HIPAA, DSPT, ISO 27001.
• Lead DPIAs, privacy risk assessments, and vendor risk reviews.
• Coordinate incident response from a compliance perspective.
• Define and update internal regulatory processes and SOPs.
• Interpret and operationalise standards such as ISO 13485, ISO 14971, ISO 62304, ISO 27001.
• Approve routine compliance decisions related to product development and release.
• Represent Dyad in routine interactions with auditors and certification bodies.
• Escalate high-risk decisions and regulator-facing matters to senior leadership as appropriate.
• Manage and develop at least one direct report from day one.
• Coach junior regulatory staff and delegate effectively.
• Ensure regulatory knowledge is documented and transferable.
• Avoid creating new single points of failure within the compliance function.

Requirements

• Significant hands-on experience operating medical device quality systems.
• Strong understanding of ISO 62304 (software lifecycle) and NHS clinical safety standards (e.g. DCB0129 / DCB0160).
• Experience integrating regulatory requirements into product development workflows.
• Experience implementing or maintaining ISO 27001.
• Familiarity with SOC 2, HIPAA, GDPR, and NHS standards such as DTAC and DSPT.
• Experience leading DPIAs and privacy risk assessments.
• Practical understanding of privacy-by-design in technical environments.
• Experience managing regulatory teams or compliance functions in growing organisations.
• Comfortable operating as a hands-on working leader.
• Able to balance rigour with pragmatism in fast-moving product environments.
• Strong written and verbal communication skills, with the ability to explain complex regulatory concepts clearly to non-specialists.

Personal attributes

• Calm, credible, and solutions-oriented under delivery pressure.
• Collaborative partner to Product and Engineering rather than a gatekeeper.
• Pragmatic and systems-focused rather than bureaucratic.
• Comfortable representing regulatory posture to customers, auditors, investors, and partners.

Our hiring process

• Introductory screening interview (30 minutes)
• Interview with senior leadership and cross-functional partners
• Final interview and offer

Company benefits

• Company pension
• 25 days of paid annual leave (pro-rata)
• Flexible hybrid working environment
• Employee Assistance Programme
• Modern, dog-friendly office near Chancery Lane with free drinks

Dyad's mission is to improve the delivery and efficiency of healthcare. We are building a platform to model and manage the flow of information within healthcare organisations, improving outcomes for patients, payers, and healthcare providers. We believe data handling in current healthcare systems is needlessly complex and disconnected, leading to isolated and inefficient decision making. To showcase how this technology can advance the delivery of healthcare and improve lives, we build and deploy products for healthcare providers and payers into the UK and US markets. Dyad is an energetic, health-tech startup, currently around forty employees. Our team is growing as we explore new markets and opportunities. We are passionate about technology and its applications in worthwhile ventures. New joiners will have a significant impact on the direction of the company, as well as our culture.

Our products

Dyad's products are founded upon our Semantic AI platform, which enables payers and providers to access cutting-edge AI capabilities for their own use cases and applications. Our partners either use the platform APIs directly or work with us to develop applications for their use cases. For more information, please see our Platform page. Dyad develops a suite of products for healthcare operations, including BetterLetter, our AI tool helping practices decrease their admin burden in processing clinical letters. We use this to reduce staff time spent identifying codes to be applied to the record as well as suggesting follow-up tasks and workflow optimisations. BetterLetter helps providers save time, save cost, improve performance under audit and build staffing resilience.