Data Governance Lead

Job Title: Data Governance Lead
Location: London
Job Type: Permanent

Agencies: We will only work with recruitment partners on our preferred supplier list and will not engage with speculative CVs submitted.

Are you passionate about making life science life changing and delivering impact for patients? We want to hear from you.

About the role:

LifeArc's Data Governance Lead has a wide-ranging remit including being our nominated Data Protection Officer (DPO) and Caldicott Guardian. The DG Lead ensures that the organisation complies with data protection laws and regulations, particularly the UK GDPR and the Data Protection Act 2018, which govern how personal data must be handled. Serving as an independent authority on data privacy within the organisation, the DG Lead advises leadership and staff on their data protection obligations, monitors compliance, and helps implement necessary policies and processes. The DG Lead is also the designated point of contact for supervisory authorities (such as the UK Information Commissioner's Office) and for individuals (data subjects) regarding personal data issues.

The role also guides the company in our ISO27001 security, ISO9001 quality, ISO13485 medical device and other certification activities.

The DG Lead reports directly to the Chief Technology Officer and works closely with all functional teams and departments to foster a company-wide data culture and address any data-related findings from internal and external audits. The DG Lead will work with our Data Council to enhance data governance across the company.

Key responsibilities:

• Advise staff on data protection and information security obligations (e.g., UK GDPR, DPA 2018, ISO27001). Support projects to ensure privacy by design is embedded from the outset.
• Oversee compliance with data protection laws, certifications, and internal policies. Conduct audits, maintain records of processing, and ensure corrective actions are implemented.
• Maintain and update data protection and security policies (e.g., Data Management Plans, consent forms). Support implementation of ISO27001 and other standards.
• Lead training and awareness initiatives to ensure staff understand their data protection responsibilities, especially in high-risk areas like HR, IT, and clinical research.
• Guide teams on conducting Data Protection Impact Assessments. Review outcomes and advise on safeguards for high-risk or sensitive data processing.
• Support breach response efforts, including assessment, containment, and reporting. Support post-incident reviews to strengthen future resilience.
• Act as the main contact for the ICO and other regulators. Coordinate responses to inspections, inquiries, and high-risk processing consultations.
• Manage and oversee responses to data subject rights requests, ensuring timely and compliant handling.
• Ensure all required documentation (e.g., records of processing activities, contracts, consent logs) is maintained and up to date.
• Represent the organisation in external partnerships, ensuring data protection requirements are clearly defined and enforced.

Essential experience required:

• Legal and regulatory expertise: deep knowledge of UK GDPR, Data Protection Act and experience as Data Protection Officer.
• Policy and compliance: leading ISO27001and ISO9001 certification activities.
• In-depth knowledge of UK and EU data protection laws and principles, especially UK GDPR and the Data Protection Act 2018.
• Experience applying data protection requirements in relevant contexts - for example, in scientific and clinical research, healthcare, or not-for-profit sectors. This includes familiarity with any sector-specific regulations or ethical guidelines on personal data (such as handling of health data or research participant data).
• Familiarity with information security standards (such as ISO/IEC 27001) and how they intersect with data protection obligations. While the DG Lead is not information security lead, understanding security controls.
• Comfortable interacting with data protection regulators.
• Experience working in a cross-functional and collaborative manner - the DG Lead must engage with technology teams (for security measures, data inventories), Legal (for contracts and legal interpretations), HR (employee data), research teams (subject data), and others.
• Capable of establishing or maintaining a data protection compliance program. This includes knowledge of setting up processes for DPIAs, breach response, training, vendor assessments, and monitoring compliance. A methodical approach to tracking tasks and improvements in data protection compliance is needed.
• TDG Lead should have a good grasp of technology systems and data management practices to understand how personal and human health data flows through LifeArc. Familiarity with databases, cloud services, and data processing techniques used (e.g., analytics, archiving) helps in identifying risk and remedies.

Education:

• Bachelor's degree or higher with fields like Law, Information Governance, Data Security particularly attractive.

Desirable:

• Legal background would be useful given the role's basis in legislation, though individuals with substantial privacy experience from IT or compliance backgrounds.
• Relevant data protection or privacy certifications. For example, holding a certification such as CIPP/E (Certified Information Privacy Professional/Europe), CIPM (Certified Information Privacy Manager), or equivalent demonstrates formal training in data protection. Additionally, certifications in information security (like CISSP or CISM)

Skills and abilities:

• Integrity and independence: ability to work autonomously while upholding high ethical standards and sound judgment.
• Attention to detail: strong accuracy in documentation and thoroughness in compliance-related tasks.
• Communication and training: skilled in translating complex information into clear, accessible language and providing effective training and guidance to colleagues.
• Analytical and problem-solving: proficient in identifying and resolving complex issues related to data usage and governance.
• Organisation and project management: capable of managing multiple priorities, tasks, and projects with efficiency and structure.
• Resilience and discretion: maintains confidentiality and composure when handling sensitive information or working under pressure.
• Collaboration and influence: builds strong relationships across teams and departments to foster alignment, while maintaining an independent working style.
• Excellent communication and interpersonal skills to effectively convey data protection expectations and encourage compliance across all levels of the organisation.

About us:

LifeArc is a not-for-profit life science organisation, leading the way for change in rare diseases in the UK and supporting promising initiatives in global health. We seek out research in areas of unmet need that has great potential, providing support to help it become breakthroughs that change lives.

What we can offer you:

Focused on finding life changing solutions for underserved patients, our people thrive in an inclusive, and supportive environment that prioritises their health and wellbeing. Our multidisciplinary approach guarantees our people growth opportunities, while our culture of innovation and collaboration drives the impact we make delivering on our purpose of 'putting patients at the centre of everything we do'.

LifeArc is committed to making our recruitment practices as inclusive as possible and developing a culture that values differences. As a Disability Confident Employer, we guarantee an interview to candidates with a disability or long-term health condition who meet the essential criteria for the role.

Please note that in certain situations, such as high volumes of applications, it may not be practical to interview all eligible candidates. In these cases, we may need to select those who best meet the essential criteria. (At LifeArc, the Disability Confident Scheme's 'minimum criteria' is referred to as 'essential criteria')

Salary will be determined by qualifications and experience along with other exceptional benefits. Because we understand everyone has different requirements, our flexible benefits allow you to choose those which are important to you. Our pension scheme offers employer contributions of up to 12%, private health insurance, and annual leave of 31 days PLUS bank holidays.

Don't meet every single requirement? Studies have shown that women and people from minority ethnic backgrounds, for example, are less likely to apply to jobs unless they meet every single qualification. At LifeArc we are dedicated to building a diverse, inclusive, and authentic workplace, so whatever your background or lived experience, if you're excited about this role but your experience doesn't align perfectly with every qualification in the job description, we encourage you to apply anyway. Our top priority is finding the best candidate, and you may be just right for this or other roles.

We all have potential. At LifeArc, you'll discover what you can really do with it.