Job Description

Risk, Compliance and Governance Manager Job Role: Risk, Accreditation & Compliance Manager (Part Time) About the Company

Founded in 2017, Medi2Data powers access to consented and curated medical data through cutting-edge technology and specialist services. We streamline and digitise the secure exchange of medical information, supporting GP practices, instructing parties, and patients. By addressing challenges on both the demand (Client Services) and supply (Primary Care Services) sides of the ecosystem, we enable faster, more efficient, and compliant medical data transactions. We are transforming how medical data is accessed and managed in the digital age.

The Role

Reports To:

Chief Operating Officer

Banding:

Band 3

Location & Term:

Remote or Hybrid |

Part-Time

| Permanent

Job Overview

The Risk, Accreditation & Compliance Manager (Part Time

)

plays a vital role in ensuring Medi2Data operates with integrity, transparency, and full compliance with relevant regulations and internal policies. You'll lead on internal risk assessments, compliance audits, and due diligence activities while supporting a culture of governance and continuous improvement across the business.

This is a high-impact role ideal for a detail-oriented professional with a strong grasp of risk and compliance frameworks--particularly in digital health--who thrives in a mission-driven and fast-paced environment.

Key Responsibilities

Develop, maintain, and monitor a robust internal compliance and governance framework for operational, data, and regulatory risks Conduct due diligence and compliance reviews for new clients and suppliers o Lead annual reviews and updates of key policies and procedures in line with legal and best-practice requirements Complete and submit accreditation documentation for regulatory and framework bodies (e.g., NHS DSPT, Cyber Essentials, ISO) Perform internal audits and investigations; identify risks and recommend corrective actions Track compliance with GDPR, NHS guidelines, ICO expectations, and contractual frameworks Support and respond to external audits and act as liaison for accreditation and regulatory bodies Maintain risk and incident logs, monitor corrective actions, and manage non conformities Create and deliver compliance training, awareness materials, and governance communications Act as a champion for best practice in regulatory compliance, data protection, and risk mitigation

Key Relationships

Chief Operating Officer (line manager) Clinical Operations Manager Heads of Operations, Customer and Engineering External audit, regulatory, and accreditation bodies Prospective and new enterprise clients during onboarding

Person Specification

Strong knowledge of compliance, risk management, or data governance in healthcare or other regulated sectors Experience with accreditation frameworks (DSPT, ISO27001, Cyber Essentials) o Comfortable working independently and managing documentation with high attention to detail Excellent communicator with the ability to build trust with internal and external stakeholders Up-to-date understanding of the UK's legal and regulatory landscape for healthcare and data processing Adaptable and resilient within a high-growth, high-change organisation

Core Competencies (Band 3 - Manager Level)

Accountability

- Takes full ownership of compliance activities, ensures deadlines are met, and follows through on audits, policy updates, and risk actions.

Leadership

- Provides direction on governance matters, builds trust, and leads by example when implementing compliance initiatives.

Decision Making

- Makes sound, evidence-based decisions on risk and compliance matters; knows when to escalate issues.

Planning & Prioritisation

- Manages multiple priorities including reviews, audits, and submissions while responding to changing regulatory needs.

Analytical Skills

- Interprets audit findings, identifies trends, and applies logic to make recommendations that strengthen compliance.

Problem Solving

- Investigates risks or non-conformities, finds root causes, and recommends effective, practical solutions.

Effective Communication

- Communicates clearly and professionally across all audiences; tailors tone and style appropriately.

Relationship Management

- Maintains strong internal and external partnerships; handles sensitive issues with diplomacy and integrity.

Continuous Improvement

- Regularly reviews systems and policies; drives enhancements that support compliance efficiency and innovation.

Performance Management

- Tracks the delivery of compliance-related activities; provides constructive feedback and holds stakeholders accountable.

Customer Service

- Supports clients during onboarding; ensures compliance actions align with high-quality service and responsiveness.

Change Management

- Champions new processes and helps teams adapt to evolving regulatory frameworks and requirements.

Service Delivery Mindset

- Balances compliance with operational needs to deliver reliable, standards-based outcomes.

Coaching

- Develops and delivers internal training; shares knowledge to uplift understanding of risk and governance.

Risk Awareness

- Identifies emerging risks, monitors incident patterns, and ensures timely and accurate reporting and escalation.

Equal Opportunities

Medi2Data is committed to creating a diverse and inclusive workplace. We welcome applications from all qualified individuals regardless of gender, race, age, disability, religion, or background.

How to Apply

Please submit your CV and a short cover letter to Interviews will be held on a rolling basis.

Job Type: Part-time

Pay: 30,000.00-35,000.00 per year

Expected hours: No more than 22.5 per week

Benefits:

Company events Free parking On-site gym On-site parking
Work Location: Hybrid remote in Cardiff CF24 5EA