Quality & Compliance Manager

Role:

The Compliance, Quality & Data Fiduciary Manager is responsible for ensuring the organizations compliance with ISO 9001 (Quality Management System), ISO 27001 (Information Security Management System) standards, also fulfilling the duties of data fiduciary. This role involves managing the quality and information security frameworks, ensuring data protection & privacy compliance and overseeing all related processes to maintain the highest standards of integrity and trust.

Responsibilities:

A. ISO 9001Quality Management System (QMS)

Design, Development and Implementation

• Design, implement and maintain QMS in accordance with ISO 9001 standards
• Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards.

Monitoring and Auditing

• Conduct regular interval audits to ensure ISO 9001 Compliance
• Monitor key performance indicators (KPIs) to access and improve effectiveness of QMS
• Lead continuous improvement initiatives in quality management

Training and Awareness

• Provide training on ISO 9001 standards and quality management best practices
• Ensure all employees understand their role within the QMS framework

B. ISO 27001 Information Security Management System (ISMS)

Development and Implementation

• Establish, implement the ISMS standards as per ISO 27001
• Develop and maintain robust information security policies, procedures and controls.

Risk Management

• Conduct risk assessments to identify potential threats to information security.
• Implement appropriate security measures to mitigate identified risks.

Monitoring and Auditing

• Conduct regular interval audits to ensure ISO 27001 Compliance
• Address any non-conformities identified during audits and ensure continuous improvement

Incident Management

• Develop and manage an incident response plan for handling security breaches.
• Lead investigation into security incidents and coordinate remedies efforts.

C. ISO 27701 Privacy Information Management System (PIMS)

Development and Implementation

• Establish, implement the PIMS standards as per ISO 27701
• Develop and maintain robust personal data protection policies, procedures and controls

Data security and Privacy

• Regularly review and update data protection policy to align with changing regulation
• Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically.

Monitoring and Auditing

• Conduct regular interval audits to ensure ISO 27701 Compliance
• Address any non-conformities identified during audits and ensure continuous improvement

Transparency and Accountability

• Maintain transparent data practices, clearly communicating how personal data is used and stored.
• Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request.

D. Training and Awareness

• Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers
• Promote a culture of privacy and data protection within the organization

E. Compliance Management

Regulatory Compliance

• Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security
• Keep up to date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701

Documentation and Reporting

• Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews
• Prepare and present compliance and quality reports to senior management

F. Continuous Improvement

Process Optimization

• Identify opportunities for process improvements for across quality, information security and data protection functions
• Lead initiatives to enhance organizational practices and promote a culture of continuous improvement

G. Stakeholder Engagement

• Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements.
• Act as a primary contact for all compliance certification such as quality, information security and data protection related matters.

Preferred candidate profile

Key Competencies:

Functional

• Strong knowledge of ISO 9001, ISO 27001 and ISO 27701 along with data protection regulations
• Excellent analytical, problem solving and decision-making skills
• Strong communication skills with ability to influence and lead cross functional teams
• Should have excellent presentation skills and should be able to present to senior management
• High attention to details and strong organizational skills
• Should be able to conduct and manage audits of different business units within the organization
• Should be able to manage vendors and possess good negotiation skills

Experience:

• Proven experience in managing, implementing and getting certification on ISO 9001 and ISO 27001 for at least 9-11 years of experience
• Last experience along with ISO 9001 and ISO 27001, preferably in managing ISO 27701 for at least 2-3 years
• Experience in conducting audits, vendor assessments/ due diligence with respect to ISMS and data protection as requested by the clients. Leading all compliance initiatives
• Must possess strong technical knowledge and hands-on experience in cybersecurity and data security product lines. This includes expertise in implementing and managing security solutions to protect organizational assets and data