Risk and Compliance Manager

Thanks for stopping by! We’re Doctor Care Anywhere: a leading digital platform, with a clear vision to be the primary care provider of choice for digital healthcare – and that all starts with our brilliant team.

We are the UK’s largest private provider of telehealth services. We work with insurers, healthcare providers and corporate customers to provide healthcare services to more than 2 million patients every year. From doctors and designers to software developers and marketers – we’re proud of our people, who love working together to enhance patient experiences for the better. It’s why every year, we help over 2 million people speak to a GP or ACP by video or phone, anywhere in the world.

Our story started back in 2013, and as we continue to grow, we’re looking for the very best talent to help us achieve our ambitious goals. If you’re highly motivated and would love to work with us as we continue to grow, then we would love to hear from you

Your new role: The Risk & Compliance Manager is responsible for delivering and maintaining risk and compliance activities across Doctor Care Anywhere (DCA). This includes owning the risk register, ensuring compliance with ISO 27001 and CQC regulations, and overseeing governance processes. The role plays a key part in maintaining robust risk management frameworks, regulatory assurance programs, and aligning DCA with industry standards and best practices. The post holder will lead the development and implementation of effective risk management and CQC compliance frameworks while actively managing governance processes, policies, and patient safety initiatives. 

Salary : £55,000 Per Annum

Application Deadline: Provisional closing date of Midday Thursday 10th April (We may close the advertisement early if we receive a sufficient number of applications)

Key Responsibilities 

Compliance  

• Project manage CQC inspections and other internal/external regulatory reviews, ensuring adherence to compliance requirements before, during, and after inspections. 

• Embed a strong understanding of CQC regulations across the business, ensuring compliance is integrated into daily operations. 

• Stay updated on regulatory changes and advise on necessary policy and procedural updates. 

• Manage and maintain ISO 27001 certification, including project management, documentation, testing, and cross-functional collaboration to ensure ongoing compliance. 

• Work closely with the Incidents & Complaints Manager to translate system learning and emerging themes into risk mitigation strategies. 

• Maintain a central repository of compliance evidence to streamline audits and client assurance processes. 

Risk 

• Maintain and manage the corporate risk register, ensuring effective documentation and mitigation of risks. 

• Work with operational teams to embed a strong understanding of risk management and how to identify, assess, and mitigate risks at the team level. 

• Educate teams on operational risks that contribute to the overall corporate risk strategy. 

• Develop and implement risk management strategies, including risk identification, assessment, mitigation, and monitoring. 

• Oversee third-party risk management, ensuring appropriate security assessments of supply chain partners in collaboration with Finance and Procurement. 

• Analyse incidents and complaints for risk management and quality assurance, identifying trends and areas for improvement. 

• Prepare reports, papers, and presentations for internal committees to document risk management activities and appetite. 

Governance  

• Support the governance audit framework by planning and conducting internal audits as a second-line check. 

• Undertake investigations for incidents and complaints, ensuring a structured and thorough approach. 

• Own and manage the policy schedule and repository, ensuring compliance with industry regulations and best practices. 

• Foster a culture of collaboration in defining and maintaining effective policy management at DCA. 

• Monitor regulatory changes and ensure organizational policies remain current and compliant. 

• Work with key stakeholders to implement necessary policy and procedural updates. 

• Ensure audit and governance reports are accurate, complete, and submitted to the appropriate committees. 

Stakeholder Engagement 

• Act as a primary point of contact for governance matters, facilitating governance committees and liaising with external partners. 

• Engage with the Executive Team and Heads of Departments, maintaining a high level of stakeholder interaction and autonomy in the role. 

• Support client security and business partner assurance programs, responding to security-related queries and audits. 

• Prepare for client and partner security reviews, managing outstanding actions through to completion. 

• Develop and maintain governance, risk, and compliance (GRC) communication channels, including internal reporting tools and team bulletins. 

Training & Education 

• Develop and deliver training programs on compliance, risk management, and governance, working closely with clinical management on best practices. 

• Collaborate with Learning & Development teams to integrate risk awareness into company-wide training programs. 

• Promote a strong culture of compliance and risk awareness across all teams. 

Remit 

• Organisational wide impact 

• Deputise for the Head of Risk, Governance and Compliance as required 

• Provide cross-cover for Incident & Complaints Manager as required 

Experience & Qualifications 

• Proven experience for at least five years previously managing compliance, risk, and governance frameworks, particularly ISO 27001, and third-party risk assessments. (Essential) 

• Minimum two year experience in healthcare governance background operating in a senior role 

• Experience in managing Risk Register and policies 

• Experience conducting audits, assurance reviews, and regulatory monitoring. 

• Previous managerial experience (desirable) 

• Knowledge of the UK GDPR and Data Protection Act  (Essential) 

• Knowledge of CQC framework (Essential) 

• Strong knowledge of security, risk management, and regulatory compliance methodologies. 

• Understanding of Risk Management Systems, able to produce detailed reports with analytical narrative 

• Strong interpersonal skills, with the ability to engage stakeholders at all levels. 

• Strong analytical and reporting skills to track and trend key risk themes. 

• Relevant industry certifications (e.g., ISO 27001 Lead Auditor, CISSP, CISM) highly desirable. 

Why you want to work here:

We understand the importance of good health and happiness for our patients and our team is just the same. At our Doctor Care Anywhere, you're not just an employee; you're a valued member of our team. We believe in giving you the freedom to supercharge your career with us while feeling completely supported. Here's what you can look forward to when you join us:

🩺 Private Medical Insurance: We've got you covered including Opticians & Dental appointments!

👩‍⚕️ Doctor Care Anywhere subscription: For you and 5 of your family and friends, Get ready to enjoy health consultations on the go!

🏝️ 25 Days Holiday + Bank Holidays (FTE): You've earned it! Enjoy time off to recharge, explore, and make incredible memories.

🎁 Birthday Day Off: Go and celebrate however you like!

🧘‍♂️ Buy' up to 5 days of additional annual leave (FTE) as part of our focus on health and wellbeing

🌳 Company Pension scheme planting a money tree for your future

🌈 Charity Days: Join us in giving back to the community! We're all about making a difference together.

👶 Enhanced Maternity and Paternity Pay: Extra support during this special time.

🚴 Bike2Work Scheme: We love an eco-friendly commute!

🏡 UK Hybrid Working: An agile and autonomous hybrid work environment

🚀 Development Opportunities: Get ready to grow, learn, and make strides in your career!

Doctor Care Anywhere is committed to safeguarding and promoting the welfare of its patients and expects all Colleagues to share this commitment. This post is subject to satisfactory DBS and reference checks.