Head of Regulatory Affairs, Compliance and Information Governance (Permanent)

Office Based

£70000 Per Annum

Administration

Salary: up to £70,000 depending on experience 

Location: Office based 3 days per week

Context & Purpose

Head of Regulatory Affairs, Compliance and Information Governance provides organisational leadership across regulatory compliance, information governance, clinical safety, medical device regulation, and organisational assurance frameworks.

As the organisation continues to innovate in a complex and fast-moving digital health environment, the role ensures the business operates safely, compliantly, and confidently while enabling delivery of the organisation’s strategic business plan. A key priority for the role is supporting the organisation in achieving and maintaining appropriate medical device regulatory status for relevant products, ensuring the business can bring compliant digital health solutions to market and scale them commercially.

The role therefore sits at the intersection of regulatory governance, product development and commercial strategy. The postholder will work closely with Product, Engineering, Clinical and Commercial leaders to ensure regulatory frameworks enable, rather than inhibit, the organisation’s ability to deliver its business plan, enter new markets, and move towards sustainable profitability.

The role combines strategic oversight with hands-on operational delivery, ensuring that regulatory, compliance, and assurance activities remain proportionate, effective, and aligned with organisational growth and the successful delivery of the organisation’s business plan. The postholder will also provide formal regulatory assurance to the Board, ensuring clear visibility of organisational compliance risk, statutory obligations and emerging regulatory developments. In their capacity as Data Protection Officer, the role operates independently in accordance with statutory requirements, providing objective oversight and regulatory challenge where required.

Responsibilities

Regulatory, Legislative and Compliance Leadership

• Provide organisational leadership across regulatory compliance, including data protection legislation, medical device regulation, clinical safety and applicable regulatory frameworks.
• Act as the organisation’s Data Protection Officer (DPO), providing independent oversight and expert regulatory advice.
• Lead the organisational response to data protection incidents, regulatory breaches and reportable events, ensuring timely investigation, mitigation and statutory reporting where required (e.g. ICO or other relevant regulators).
• Interpret regulatory and legislative requirements and translate them into practical, proportionate organisational controls, supporting teams to deliver compliant solutions in complex environments.
• Operate as a trusted advisor to the Executive Team and Board, providing clear guidance on regulatory obligations and organisational risk.
• Own and maintain oversight of the organisational regulatory risk register, ensuring appropriate Board visibility and assurance reporting.
• Oversee statutory and regulatory reporting obligations, ensuring compliance with external regulatory bodies including (where applicable) ICO, MHRA, NHS England or other relevant authorities.
• Provide confident challenge and escalation where regulatory, clinical safety or compliance risks are identified, ensuring appropriate mitigation and governance reporting.
• Take a solutions-focused, enabling approach, working proactively with teams to identify safe and compliant pathways that support innovation and organisational delivery rather than acting solely as a control function.
• Report regularly to governance forums on regulatory compliance, information governance and legislative risk, ensuring appropriate organisational oversight.
• Represent the organisation in regulatory engagement and external audit or inspection activity as required.

Clinical Safety and Medical Device Regulation

• Provide organisational leadership for clinical safety governance, ensuring appropriate safety management systems are established and embedded across relevant digital health products and services.
• Ensure compliance with applicable clinical safety standards (including DCB0129 / DCB0160 where applicable), overseeing clinical risk management processes, safety cases and supporting documentation.
• Lead the organisation’s strategy and delivery plan for achieving and maintaining medical device regulatory status (e.g. UKCA / MDR where applicable), ensuring regulatory pathways are clearly defined and successfully implemented to support the commercialisation of Evergreen Life products.
• Provide expert regulatory guidance to product, clinical and technical teams, supporting the development and deployment of safe, compliant solutions.
• Act as the senior escalation point for clinical safety and medical device regulatory risks, ensuring issues are appropriately assessed, mitigated and reported through governance structures.
• Work collaboratively across teams to identify safe and compliant routes to innovation, enabling delivery while maintaining patient safety and regulatory compliance.

Strategic Delivery and Commercial Enablement

• Support delivery of the organisation’s business plan by ensuring regulatory and compliance frameworks enable the successful development and commercialisation of digital health products.
• Lead the organisation’s regulatory pathway towards medical device classification where appropriate, ensuring the business achieves and maintains the regulatory status required to bring compliant products to market.
• Work closely with Product, Engineering and Commercial leaders to ensure regulatory requirements are embedded within product development lifecycles.
• Provide strategic advice to the Executive Team on how regulatory positioning, compliance frameworks and certification can support market expansion and commercial growth.
• Ensure compliance and governance activity is proportionate, commercially aware, and aligned with the organisation’s objective of building a sustainable and profitable business.
• Identify opportunities where regulatory frameworks (e.g. device classification, standards certification, clinical safety assurance) can strengthen market credibility and competitive positioning.

Management Systems and Assurance

• Maintain oversight and operational delivery of the organisation’s Integrated Management System (IMS), including ISO 9001, ISO 27001, ISO 14001 and associated assurance frameworks.
• Lead internal and external audit programmes, ensuring effective certification maintenance and organisational compliance.
• Ensure regulatory, compliance and management system activities operate as a coherent organisational governance framework.

Continuous Improvement and Organisational Effectiveness

• Act as the organisational lead for continuous improvement across governance, compliance and assurance frameworks, ensuring systems remain effective, efficient and proportionate.
• Proactively review regulatory, compliance and governance processes to identify opportunities for improvement, simplification and increased organisational value.
• Promote a culture of accountability, safe innovation and continuous improvement across the organisation.
• Ensure governance, compliance and assurance processes support efficient product development and operational delivery, avoiding unnecessary friction while maintaining appropriate regulatory rigour.

Skills & Knowledge

Essential

• Strong expertise in UK GDPR and Data Protection legislation, including Data Protection Officer (DPO) certification and experience operating as a DPO reporting directly into the Board.
• Experience working with regulatory frameworks, including Medical Device Regulation (MDR/UKCA) and clinical safety governance frameworks (e.g. DCB0129 / DCB0160).
• Strong commercial awareness, with the ability to balance regulatory integrity with the organisation’s strategic and financial objectives.
• Ability to interpret complex regulatory requirements and apply them pragmatically, supporting compliant delivery in innovative or fast-moving environments.
• Demonstrated solutions-focused approach, balancing regulatory rigour with proportionate, risk-based decision-making.
• Significant experience in senior compliance, regulatory, information governance or assurance roles within regulated environments.
• Proven ability to influence and challenge senior stakeholders, providing authoritative regulatory advice.
• Experience delivering audit, assurance and compliance monitoring activities.
• Experience managing regulatory incidents, statutory reporting and organisational response to data protection or clinical safety events.
• Strong written and verbal communication skills, including the ability to present regulatory risks and compliance positions to Executive and Board-level audiences.

Desirable

• Experience operating management systems and assurance frameworks (ISO 9001, ISO 27001, ISO 14001 or equivalent).
• Experience supporting organisations through medical device classification or regulatory approval for digital health technologies.
• Experience within digital health, healthcare technology, or other regulated sectors.
• Experience providing Board-level assurance reporting within regulated environments.
• Demonstrated continuous improvement leadership across governance or compliance frameworks.
• Experience supporting innovative or first-of-type products or services requiring new regulatory interpretations.
• Relevant professional certifications in information security, compliance, clinical safety, or regulatory disciplines.

Benefits:

Evergreen Life Standard benefits package.