Contact us Request demo
Link to Home

View navigation


Data Security and Protection Director




Home based with occasional travel to offices in Milton Keynes/London


To be responsible for ensuring compliance of Graphnet and its product portfolio with Information Governance (IG) standards, Information and Cyber Security and ISO Accreditations and effective Quality Compliance across the Company.

To act as the Data Protection Officer for the organisation and lead on the coordination of IG from a corporate, customer and product perspective and as the IG specialist in the organisation, you will also provide advice and guidance to the organisation’s staff on IG issues as well as liaising with all levels of the organisation, its partners and customers as required.

To be responsible for ensuring compliance of the product portfolio’s Quality and Information Security Certification programmes for ISO ISO27001, ISO9001 and ISO27018 as well as other relevant ISO certifications as required. Lead on the coordination of all activities to support these certificates including; maintenance and delivery of an internal audit diary, support for Security, IG and Medical Device Quality teams, training and awareness, compliance responses for bids, sales and general customer enquiries for Graphnet

Key Responsibilities:

  • Ensuring that the company complies with applicable IG standards, guidance, completing the assessments and processes required within the prescribed deadlines.

  • Managing product and business standards compliance ensuring appropriate stakeholder representation and ownership of actions to ensure product compliance with those standards.

  • Managing staff responsible for Cyber and Information Security and Information Governance.

  • Collaborating closely with linked colleagues in the Corporate Team. Including the Executive Team and the SIRO.

  • Tracking the developments of Cyber Security and Information Security standards and guidance, ensuring products will comply in accordance with implementation deadlines.

  • Managing compliance with and an ensuring accurate and timely completion of the Data Security and Protection Toolkit.

  • Undertaking Security Risk Assessments and ensuring continual improvement including corrective and preventative actions.

  • Supporting the development of software by providing Information Security expertise as required.

  • Liaising with colleagues in deployment areas to give advice and assistance with problem solving.

  • Co-ordinating and delivering knowledge transfer as required, ensuring colleagues have an overview of their requirement to be compliant with Information and Cyber Security.

  • Responsibility for compliance with Cyber Essentials Plus certification.

  • Monitoring, managing, reporting, and reviewing any Information Governance and linked incidents.

  • Assisting and contributing to the clinical safety cases for product releases providing IG assurances and confirming that changes do not contravene the IG compliance.

  • Providing input and responding to queries raised by customers relating to IG/ISO processes and controls of products.

  • Supporting the ISO 13485 Medical Devices Quality management, co-ordinating policies or audits with them to enhance their programme of works with your 9001 activities.

  • Responsibility for the implementation of the Quality and Security policies and guiding management on the requirements of national quality standards (ISO 900, ISO 27001, ISO 27018).

  • Keeping and ensuring up to date copies of both ISO 9001, ISO 27001, ISO 27018 standards (and supporting allied documents) are kept by the company.

  • Ensuring that the required Management Reporting is prepared and regularly reviewed by top management.

  • Working with customers to ensure appropriate and lawful implementation of product deployment and business as usual functions.

  • Developing staff awareness through training course materials in connection with Information Governance, ISO and Compliance.

  • Coordinating staff, who are needed to cover site and operational areas that are to be reviewed, during external ISO surveillance, or certificate renewal visits.

  • Being the point of contact to manage and administer GQS issue, NC/Improvement tickets, ensuring reviewers are aware and complete corrective action plans, lessons learnt and risk scoring.

  • Managing the GQS ticketing dashboards for data quality; ensuring all issues are scored, classified and assessed for controls and that departmental ownership is current and identified.

  • Working directly with senior departmental leads to review their risks and issues, to deliver progress and outcome their risks.

  • Ensuring new starters undertake timely awareness training in respect of IG and Security and that all staff receive annual refresher awareness training on IG.

  • Developing and maintaining records of processing activities and data flow mapping of corporate, customer and product data.

  • Co-ordinating and delivering knowledge transfer as required ensuring colleagues have an overview of their requirements to be compliant with IG, Security and ISO.

  • Provide feedback on IG, Security and ISO compliance to senior management.

  • Keeping up to date with legislation in relation to The Data Protection Act, GDPR, Caldicott principles, Common Law of Confidentiality, Human Rights Act, Freedom of Information Act, Computer Misuse Act, as well as the NHS and Department of Health-related IG policies.

  • Undertaking other duties, which are similar to those above, allocated to the role by the directors of the company needed for its secure and efficient operation.

Knowledge and Experience

  • Familiarity with the NCSC suite of security policy, guidance and standards.

  • Experience in a senior Information Governance role

  • Experience in using good practice standards such as ISO 27001 and ISO9001 (Implementation, Compliance, Certification and audit reviews).

  • Experience of undertaking information security in both a waterfall and an agile context.

  • Experience of Security Architecture Design.

  • An understanding of the NHS definitions

  • An up-to-date understanding of the issues, concepts, legal and technical requirements of data protection legislations, NHS and Department of Health-related IG requirements.

  • Experience with information systems, processes and uses of information with the NHS.  

  • Demonstratable knowledge of Information Governance as applied in the NHS for the management of Patient Data and Confidentiality

  • Management of response to external audits for ISO and Information Commissioners

Key Skills

  • Ability to provide advice and guidance to all levels of stakeholders around IG, Security and Compliance.
  • Ability to produce reports that evaluate and present complex data in an understandable way.
  • Have a high degree of competence in the use of Microsoft Office and desktop applications and can demonstrate good skills with respect to database and spread sheet management.
  • Excellent verbal, written and presentation skills.
  • Excellent interpersonal and communication skills.
  • Ability to use laptops, projectors and other presentation equipment effectively.
  • Ability to work in a high-pressure environment.
  • Ability to meet deadlines.
  • Ability to respond to unpredictable work patterns and interruptions.
  • Ability to work as part of a team or in a stand-alone capacity.
  • Available for ad hoc travel.
  • Ability to manage a team


Please apply in writing, sending a covering letter & CV to


We’re using cookies as specified in our cookies policy to give you the best experience on our website.You can find out more about which cookies we are using or switch them off by clicking Manage settings

Accept and continueManage settings