ISO Compliance Manager
Reporting to: Data Security & Protection Director
Location: Homebased (with onsite visits to any Graphnet sites required)
To be responsible for ensuring compliance of Graphnet’s portfolio of International Standards Organisations (ISO) and related certifications, including the ISO 27001 Information Security Management Systems standard. Leading on the coordination of all activities to support these certifications including:
- Maintaining and delivering an internal audit diary and conducting the audits.
- Acting as Information Security Management and Quality Systems expert.
- Ensuring conformance to business risk tolerances.
- Supporting Cyber, Information Governance, Medical Device, Quality, Legal and related teams.
- Delivering training and awareness.
- Compliance responses for bids.
- Sales and general customer enquiries.
- Collating accurate business reporting regarding ISO and related risks and issues.
Implementing and supporting certification to Graphnet’s increasing portfolio of ISO and related standards across the business and its products, currently including:
- ISO 9001 – Quality Management System.
- ISO 13485 – Medical Devices Quality Management Systems.
- ISO 27001 – Information Security Management Systems.
- Managing product and business standards compliance ensuring appropriate stakeholder representation and ownership of actions to ensure product compliance with those standards.
- Acting as an Information Security Management Systems subject matter expert, supporting service owners in obtaining and maintaining conformance to business risk tolerances.
- Supporting the Information Governance team with applicable Information Governance standards, including the Data Security and Protection Toolkit.
- Providing input and responding to queries raised by customers relating to ISO and related certification programmes.
- Co-ordinating policies and conducting regular audits to enhance the programme of works.
- Implementing the quality and security policies, procedure and standards, and guiding management on the requirements of quality standards.
- Ensuring that the required management reporting is prepared and regularly reviewed by senior management.
- Developing key staff and decision maker awareness training course materials in respect of the ISO and related standards.
- Ensuring all employees are thoroughly updated about the organisation’s policies, regulations, and processes.
- Preparing annual training content regarding ISO and related compliance.
- Acting as point of contact to manage and administer quality control tickets, ensuring reviewers are aware and complete corrective action plans, lessons learnt and risk scoring, and ensuring continuous improvements.
- Managing quality control ticketing dashboards for data quality.
- Management of the Board’s corporate risk register.
- Ensuring all issues are scored, classified, and assessed for controls and departmental ownership is current and identified.
- Working directly with departmental leads to review risks and issues and facilitating improvement.
- Coaching departmental leads on generation and maintaining their Quality and Security intranet pages, based on ISO and related templates for use with external auditors and KPI/KRI planning.
- Coaching senior staff on setting departmental Quality & Security Objectives, using SMART methodology.
- Producing and controlling Graphnet’s ISO and related compliance documentation.
- Acting as the contact on ISO and related issues with customers, suppliers and subcontractors.
- Ensuring all departments can clearly evidence, continual improvement, customer feedback and consistent failure analysis techniques.
- Support the development of software by providing ISO and related standard expertise.
- Provide feedback to senior management regarding issues and status of ISO and related standards and Information Security risk management compliance.
- Keeping up to date with changes in ISO and related standards.
- Manage quotations, billing, and selection of appropriate certification bodies, ensuring good value for money. Recontacting to other providers, where service can be improved and managing certification third parties.
Education & Qualifications:
- Two or more years implementing, supporting and maintaining ISO standards including 27001 and 9001, to the standard or Lead Auditor.
- BSI ISO 9001 and/or ISO 27001 Lead Auditor.
- BCS Practitioner Certificate in Information Risk Management.
- Information Security professional qualification / certification, e.g. CISSP, CISM or similar)
- Project management qualification or equivalent work experience.
Knowledge & Experience:
- Thorough understanding of the NHS quality and security processes and requirements.
- Up-to-date understanding of the issues, concepts, knowledge of relevant laws and regulations, quality, security, and technical requirements, and preferably a good understanding of data protection principles, NHS and Department of Health and Social Care-related frameworks/ISO and security requirements.
- Experience with information systems, processes, and uses of information with the NHS.
- A broad knowledge of technologies, including common vulnerabilities and exploits.
- Familiarity with the National Cyber Security Centre suite of security policy, guidance, and standards.
- Ability to produce reports, including KPIs, that evaluate and present complex data in an understandable way.
- High degree of competence in the use of IT databases, Microsoft Office and desktop applications.
- Excellent verbal, written and presentation skills.
- Ability to work in a pressurised environment.
- Ability to meet deadlines.
- Ability to respond to unpredictable work patterns and interruptions.
- Ability to work as part of a team or in a stand-alone capacity.
Please apply in writing, sending an updated CV to firstname.lastname@example.org