Skip to content

Your Cookie Settings.

We’re using cookies as specified in our cookies policy to give you the best experience on our website. You can find out more about which cookies we are using or switch them off by clicking Manage settings

Accept and continueManage settings

View navigation

About Us.

ISO Compliance Manager

Reporting to

Chief Delivery Officer


Home based – with travel to customer sites


To be responsible for ensuring compliance of Graphnet and the Company’s product portfolio’s Quality and Information Security Certification programmes for ISO ISO27001, ISO9001 and ISO27018. Lead on the coordination of all activities to support these certificates including; maintenance and delivery of an internal audit diary, support for Security, IG and Medical Device Quality teams, training and awareness, compliance responses for bids, sales and general customer enquiries for all businesses in the Graphnet Group or Businesses. Leading the collation of accurate business reporting for all risks and issues that affect any ISO controls using the Jira risk management systems.

The Role

  • Manages product and business standards compliance ensuring appropriate stakeholder representation and ownership of actions to ensure product compliance with those standards.
  • Support the Information Governance team with ensuring applicable IG standards, guidance and detail is added within the corporate BMS library
  • Provide input and respond to queries raised by customers relating to any of our certification programmes
  • Support the ISO 13485 Medical Devices Quality management, co-ordinating policies or audits with them to enhance their programme of works with your 9001 activities
  • Implementation of the Quality and Security policies and guiding management on the requirements of national quality standards (ISO 900, ISO 27001, ISO 27018).
  • Keep and ensure up to date copies of both ISO 9001, ISO 27001, ISO 27018 standards (and supporting allied documents) are kept by the company.
  • Ensure that the required Management Reporting is prepared and reviewed by top management regularly.
  • Develop key staff and decision maker awareness training course materials in respect the ISO 9001, ISO 27001 ISO 27018 or any other ISO and certificates of interest to the business
  • Prepare content for the annual refresher awareness training on IS / IG and ISOs
  • Coordinate Graphnet’s staff that are required during external ISO surveillance, or certificate renewal visits, in terms of schedules, site and operational areas that are to be reviewed.
  • Point of contact to manage and administer AQMAS/GQS issue, NC/Improvement tickets, ensuring reviewers are aware and complete corrective action plans, lessons learnt and risk scoring
  • Manage the AQMAS and GQS ticketing dashboards for data quality. Ensuring all issues are scored, classified and assessed for controls and departmental Ownership is current and identified
  • Work directly with senior departmental leads to review their risks and issues, to deliver progress and outcome their risks
  • Coach departmental leads on generation and maintaining their “Quality and Security” confluence pages, based on the ISO templates for use with external auditors and KPI/KRI planning
  • Coach and lead senior staff on setting departmental Quality & Security Objectives, checking these are evidenced and SMART, to fulfil external audit requirements
  • Producing and controlling Company Quality and Security documentation and the combined QMS/ISMS (BMS) library.
  • Acting as the contact on Quality and Security issues with customers, suppliers and sub-contractors, especially in matters relating to the obtaining and maintenance of National Approvals such as ISO 9001 and ISO 27001.
  • Ensuring all departments can clearly evidence, continual improvement, “Customer” feedback and consistent failure analysis techniques.
  • Support the development of software by providing ISO standard domain expertise as required.
  • Co-ordinate and deliver knowledge transfer as required ensuring colleagues have an overview of their requirements to be compliant with IG and Information Security.
  • Provide feedback on ISO compliance issues and status to senior management.
  • Keep up to date with changes in ISO standards
  • Manage quotations, billing and selection of appropriate certification bodies, ensuring good value for money. Recontacting to other providers, where service can be improved and managing certification third parties.

Education, Experience & Skills

Education and Qualifications

  • Qualification in an information related subject or equivalent work experience.
  • Project management qualification or equivalent work experience.

Knowledge and Experience

  • Thorough understanding of the NHS quality and security requirements and purchasing frameworks, that will need to be included in bid responses and tenders
  • An up-to-date understanding of the issues, concepts, legal, quality, security and technical requirements, and preferably a good understanding of data protection principles, NHS and Department of Health related frameworks/ISO and security requirements.
  • Experience with information systems, processes and uses of information with the NHS.

Key Skills

  • Ability to produce reports that evaluate and present complex data in an understandable way.
  • Have a high degree of competence in the use of Jira, Confluence, Microsoft Office and desktop applications and can demonstrate good skills with respect to database and spread sheet management.
  • Excellent verbal, written and presentation skills.
  • Excellent interpersonal and communication skills.
  • Ability to use laptops, projectors and other presentation equipment effectively.
  • Ability to work in a pressurised environment.
  • Ability to meet deadlines.
  • Ability to respond to unpredictable work patterns and interruptions.
  • Ability to work as part of a team or in a stand-alone capacity


Please apply in writing, sending a covering letter & CV to