Job Description

About us

Four Eyes Insight stands at the forefront of the healthcare landscape as a premier software and analytics provider, dedicated to driving digital and data-driven transformation within the industry. In a strategic alliance with Prism Improvement, we deliver an unparalleled suite of analytical tools, software solutions, and change management programs specifically designed for both planned and urgent emergency care settings.

Our mission is to leverage the collective expertise of our talented professionals, sophisticated data analytics, and state-of-the-art technology to meticulously investigate and address the root causes of inefficiencies embedded within the healthcare system. We challenge conventional approaches to performance consultancy by offering innovative, evidence-based solutions tailored to meet the unique needs of the NHS and international healthcare organizations alike.

By integrating comprehensive operational insights with established improvement methodologies, we aim to not only enhance operational efficiency but also significantly elevate patient outcomes and service delivery. Our holistic approach ensures that clients receive practical, actionable strategies that can be seamlessly integrated into real-world healthcare environments, ultimately fostering a culture of continuous improvement and excellence in care.

Role Purpose

The Compliance Manager will be responsible for ensuring that the organisation maintains the highest standards of information security, data protection, and information governance across all operations. This role will oversee compliance with all necessary standards to do business with NHS organisations including handling of personal identifiable data, GDPR Cyber Essentials Plus, ISO/IEC 27001, and the Cyber Assessment Framework (formally the NHS Data Security and Protection Toolkit (DSPT)), ensuring systems, processes, and staff practices meet rigorous regulatory and certification requirements.

Acting as the subject matter expert for security, compliance and data protection, the Compliance Manager will work closely with technical teams, external compliance agencies, programme managers, and NHS partners to ensure that robust governance frameworks are embedded into all aspects of the organisation's digital health solutions. The role will lead audits, manage risk registers, deliver staff training, and provide expert guidance on IG and data protection matters.

This is a pivotal role in safeguarding sensitive healthcare data, maintaining trust with NHS stakeholders, and ensuring the organisation continues to operate securely, efficiently, and in line with national and international standards.

Key Responsibilities

1. General

Identification of all necessary compliance standards and regulatory requirements with a costed plan and delivery schedule. Formation of business cases for approval by the Four Eyes Insight board, where external support and investment is required.

2. Cybersecurity & Certification

Creation of a Cyber Security strategy and action plan and associated policies. Lead and maintain organisational compliance with all necessary standards such as

Cyber Essentials Plus

and

ISO/IEC 27001

standards. Coordinate and manage internal and external audits, ensuring corrective actions are tracked and delivered. Oversee risk assessments and ensure mitigating controls are embedded in IT and operational practices.

3. Information Governance (IG)

Act as the

Information Governance lead

for NHS-facing projects, ensuring compliance with

Cyber Assessment Framework

requirements. Advise on data protection and confidentiality, ensuring GDPR and UK Data Protection Act obligations are met. Ensure secure handling, storage, and transfer of patient-identifiable and sensitive data. Act as the Data Protection Officer and manage the relationship with the Information Commissioners Office.

4. Policy, Process & Training

Develop, implement, and maintain compliance frameworks, policies, and procedures across the organisation. Regular reviews of policies to ensure best practice and essential requirements such as "bring your own device" Deliver staff training and awareness programmes on cybersecurity, IG, and data protection. Ensure policies remain up to date with emerging legislation, NHS Digital requirements, and industry standards.

5. Risk Management & Monitoring

Maintain the organisation's risk register, identifying potential compliance gaps and recommending solutions. Establish monitoring, reporting, and escalation processes for security incidents and breaches. Work with IT, data, and product teams to ensure secure design and operation of systems.

6. Stakeholder Engagement & Reporting

Liaise with NHS Trust partners, auditors, regulators, and certification bodies on all compliance matters. Provide regular compliance reports to senior leadership and programme boards. Act as the organisation's expert voice on compliance, supporting bids, contracts, and client assurance processes. Manage your own continuous education in best practice in Cyber Security and Information Governance including learning from high profile Cyber attacks and information from the national cyber security centre.

Essential Skills & Experience

Demonstrable experience as a

Compliance Manager, Information Governance Lead, or Cybersecurity Auditor

in healthcare, IT, or other regulated industries. Strong knowledge and hands-on experience with

Cyber Essentials Plus

certification. Proven track record of managing and maintaining

ISO/IEC 27001 Information Security Management Systems (ISMS)

. In-depth understanding of

NHS Information Governance

,

DSP Toolkit

,

GDPR

, and the

UK Data Protection Act

. Skilled in audit management, risk assessment, and compliance monitoring. Excellent communication skills, with the ability to engage with clinical, technical, and executive stakeholders.

Desirable Skills

Professional certifications such as

CISM, CISSP, ISO 27001 Lead Auditor/Implementer, or IAPP CIPP/E

. Experience working directly with NHS Trusts or healthcare providers. Familiarity with

cloud security frameworks

(Azure, AWS) and modern SaaS compliance practices. Understanding of AI/data-driven platforms in healthcare and their regulatory implications.

Behaviours & Attributes

High integrity and commitment to data protection and patient confidentiality. Proactive, detail-oriented, and able to balance strategic oversight with hands-on delivery. Strong organisational skills, capable of managing multiple audits and compliance workstreams simultaneously. Confident communicator, able to challenge constructively and influence at all levels. Continuous improvement mindset, staying ahead of evolving compliance requirements.

Key Deliverables

Annual successful certification of

Cyber Essentials Plus

. Maintenance and continuous improvement of

ISO/IEC 27001 ISMS

. Full compliance with

NHS IG DSP Toolkit

requirements. Organisation-wide training and awareness programme on security and governance. Quarterly compliance and risk reports to the leadership team.

Person Specification

Qualifications

Essential

Degree in Information Security, IT, Risk Management, or a related field; or equivalent professional experience. Evidence of continuous professional development in cybersecurity, compliance, or information governance.

Desirable

Professional certifications such as:

ISO/IEC 27001 Lead Auditor or Lead Implementer

CISM, CISSP, CISA, or equivalent

IAPP CIPP/E

(Certified Information Privacy Professional - Europe).

Certified Data Protection Officer

Experience

Essential

Significant experience in a

Compliance Manager, Information Governance Lead, or Cybersecurity Auditor

role within healthcare, government, or a similarly regulated environment. Proven track record of achieving and maintaining

Cyber Essentials Plus

certification. Demonstrable experience of implementing and managing

ISO/IEC 27001 Information Security Management Systems (ISMS)

. Strong working knowledge of

NHS Information Governance (IG), Data Security and Protection (DSP) Toolkit, GDPR, and UK Data Protection Act

. Experience leading audits, managing risks, and producing compliance reports for senior stakeholders.

Desirable

Previous experience working directly with

NHS Trusts or health and social care organisations

. Exposure to

cloud security frameworks

(Azure, AWS, GCP) and SaaS compliance requirements. Experience in

incident response management

and reporting to regulators (ICO/NHS Digital).

Knowledge & Skills

Essential

In-depth knowledge of

cybersecurity frameworks and controls

. Ability to manage and maintain compliance frameworks across multiple standards (Cyber Essentials+, ISO 27001, NHS IG). Strong risk management skills, including developing and maintaining risk registers. Excellent report writing, documentation, and audit preparation skills. Clear and confident communicator, capable of explaining technical compliance issues to non-technical stakeholders.

Desirable

Familiarity with

AI/data-driven healthcare systems

and associated regulatory implications. Understanding of

clinical safety standards (e.g. DCB0129/DCB0160)

. Knowledge of Agile project delivery and its relationship with compliance oversight.

Behaviours & Attributes

Essential

High level of personal integrity, with a commitment to

patient confidentiality and data protection

. Proactive, detail-oriented, and able to balance multiple compliance workstreams. Collaborative, with the ability to influence and engage stakeholders at all levels. Resilient under pressure, with strong organisational and time-management skills. Continuous improvement mindset -- stays current with regulatory changes and best practice. Ability to act responsibly at short notice and mobilise support when incidents occur.

Desirable

Thought leader in compliance and security within the healthcare technology space. Advocates for embedding

security-by-design

principles into system architecture.

Benefits

Competitive salary 28 days leave Income Protection Death in Service (4% Salary) Company Pension Hybrid Working
To apply please send your CV and covering letter to Recruitment@foureyesinsight.com.

For an informal chat about the role, please contact HR@foureyesinsight.com

Job Type: Freelance

Pay: 200.00-250.00 per day

Work Location: Hybrid remote in London, WC2A 3EG