Quality & Compliance Manager

Area of Responsibility

A.ISO 9001Quality Management System (QMS)

1. Design, Development and Implementation

• Design, implement and maintain QMS in accordance with ISO 9001 standards
• Develop and document quality policies, procedures and processes which are aligned with prevailing ISO 9001 standards.

2. Monitoring and Auditing

• Conduct regular interval audits to ensure ISO 9001 Compliance
• Monitor key performance indicators(KPIs) to access and improve effectiveness of QMS
• Lead continuous improvement initiatives in quality management

3. Training and Awareness

• Provide training on ISO 9001 standards and quality management best practices
• Ensure all employees understand their role within the QMS framework

B.ISO 27001 Information Security Management System (ISMS)

1. Development and Implementation

• Establish, implement the ISMS standards as per ISO 27001
• Develop and maintain robust information security policies, procedures and controls.

2. Risk Management

• Conduct risk assessments to identify potential threats to information security.
• Implement appropriate security measures to mitigate identified risks.

3. Monitoring and Auditing

• Conduct regular interval audits to ensure ISO 27001 Compliance
• Address any non-conformities identified during audits and ensure continuous improvement

4. Incident Management

• Develop and manage an incident response plan for handling security breaches.
• Lead investigation into security incidents and coordinate remedies efforts.

C.ISO 27701 Privacy Information Management System (PIMS)

1. Development and Implementation

• Establish, implement the PIMS standards as per ISO 27701
• Develop and maintain robust personal data protection policies, procedures and controls

2. Data security and Privacy

• Regularly review and update data protection policy to align with changing regulation
• Implement appropriate data protection measures, ensuring that personal data is secured and handled ethically.

3. Monitoring and Auditing

• Conduct regular interval audits to ensure ISO 27701 Compliance
• Address any non-conformities identified during audits and ensure continuous improvement

4. Transparency and Accountability

• Maintain transparent data practices, clearly communicating how personal data is used and stored.
• Ensure that the organization can demonstrate compliance with data protection principles and respond effectively to data principles request.

5. Training and Awareness

• Provide training on ISO 27701 standards and train employees on data protection laws DPDP Act 2023, emphasizing their roles and responsibilities as data handlers
• Promote a culture of privacy and data protection within the organization

D. Compliance Management

1. Regulatory Compliance

• Ensure the organization complies with all relevant legal and regulatory requirements related to quality, privacy information and information security
• Keep up-to date with changes in legislation and standards that impact ISO 9001, ISO 27001 and ISO 27701

2. Documentation and Reporting

• Maintain comprehensive record of compliance activity, include audit findings, corrective actions and management reviews
• Prepare and present compliance and quality reports to senior management

E. Continuous Improvement

1. Process Optimization

• Identify opportunities for process improvements for across quality, information security and data protection functions
• Lead initiatives to enhance organizational practices and promote a culture of continuous improvement

2. Stakeholder Engagement

• Collaborate with internal and external stakeholders to ensure alignment with these ISO 90001, ISO 27001 and ISO 27701 requirements.
• Act as a primary contact for all compliance certification such as quality, information security and data protection related matters.

Qualification:

• Bachelor Degree, relevant certifications( ISO 9001 lead auditor, ISO 27001 Lead Auditor, Data Protection Officer)