Compliance and Regulatory Associate

This is a newly created role, driven by business growth and the expanding scope of our compliance programme. You will work directly alongside our Information Security Lead/DPO and our Regulatory Affairs Specialist, providing hands‑on support across both information security and quality/regulatory functions. Your primary focus will be information security and data protection, supporting ISMS operations, supplier assessments, and infosec‑related processes, and supporting quality management and regulatory affairs. You will own a real workload from day one, with clear mentorship and room to grow into a specialist role. We welcome applications from people with a variety of backgrounds and experiences. Compliance expertise can be built in many different ways, and we’re more interested in how you think, how you work, and what you bring to the team than in whether your CV matches every bullet point. If this role interests you, please apply.

Key Responsibilities

• Information Security & Data Protection
  • Support the maintenance of our ISO 27001 ISMS by updating policies, procedures, and control evidence, and helping prepare for internal and external audits.
  • Assist with data protection administration: maintaining records of processing activities, supporting data subject access requests, and tracking compliance obligations under UK GDPR and relevant US frameworks including HIPAA.
  • Coordinate security testing activity, working with the InfoSec Lead to scope, schedule, and track penetration testing and vulnerability assessments, and following up on remediation actions.
  • Support supplier and vendor management: processing third‑party security assessments, maintaining the vendor risk register, and chasing outstanding responses.
  • Manage security‑related onboarding and offboarding processes, including access control reviews and checklist completion.
  • Maintain the security incident register, support initial triage and documentation of incidents, and track CAPAs through to closure.
  • Prepare responses to customer security questionnaires and assurance requests for external partners.
  • Own the administrative chasing layer: tracking outstanding sign‑offs, forms, training acknowledgements, and evidence requests across the business.
• Regulatory Affairs & Quality
  • Support QMS documentation under ISO 13485 by maintaining and updating SOPs, work instructions, and quality records, and assisting with audit evidence preparation.
  • Assist with complaint and CAPA tracking: logging complaints and adverse events, monitoring closure timelines, and supporting documentation of corrective and preventive actions.
  • Support change control administration: preparing and tracking change request documentation across product and process changes.
  • Assist with regulatory filing and technical file maintenance for UK and US medical device requirements, including UK MDR 2002 and FDA SaMD guidance.
  • Provide documentation support for new product introductions.
  • Support QMS supplier qualification processes and documentation.
• Cross-Functional & Operational
  • Help coordinate and track evidence for ISO 27001 and ISO 13485 internal and external audits, including liaising with Engineering, Product, and Operations teams.
  • Support the wider company's transition into compliant operations by helping communicate new processes, coordinate training, and embed controls across functions.
  • Assist with identifying opportunities to reduce manual overhead through process improvement and workflow automation, as capacity allows.

Essential WHAT WE'RE LOOKING FOR

• 1–2 years of experience in an information security, compliance, or data protection role, ideally within a healthcare, health technology, or other regulated environment.
• Working knowledge of ISO 27001 and/or GDPR / UK GDPR, gained through practical experience or formal study.
• Exposure to healthcare data environments, including an understanding of the sensitivity and regulatory obligations around health information (HIPAA familiarity is a plus).
• Strong organisational skills: able to manage multiple ongoing workstreams, track outstanding actions, and follow up persistently without losing detail.
• Methodical and documentation-oriented: comfortable producing and maintaining accurate compliance records, evidence packs, and audit trails.
• Clear communicator, able to chase colleagues for information and sign‑offs professionally and effectively.

Desirable

• Familiarity with ISO 13485 or quality management systems, either through direct experience or study.
• Experience with medical device software regulation (UK MDR, FDA SaMD) or willingness to build this knowledge quickly.
• Exposure to supplier risk management or third‑party security assessments.
• Experience working with US and UK regulatory frameworks simultaneously.
• Experience with compliance tooling or workflow automation.

Personal Attributes

• Proactive and self‑motivated and able to take ownership of tasks and see them through without close supervision.
• Calm under pressure and comfortable operating in a fast‑paced environment where priorities can shift.
• Curious and eager to develop: interested in building expertise across both infosec and regulatory domains over time.
• Collaborative: able to work effectively as part of a small, senior team where everyone’s contribution matters.

What we offer

• Competitive salary and equity share options.
• 25 days PTO plus bank holidays.
• Company pension scheme (UK).
• Enhanced parental leave packages (UK).
• Support with purchasing work‑related books and materials.
• Quarterly Life Days: Enjoy 4 paid days off per year (one each quarter) to use whenever you choose to relax, recharge, or take care of personal matters.
• Mental Health Support: Access to dedicated mental health support services.