The organisation is currently going through a period of technology enabled transformation and rapid growth. The successful in-house development of client-facing products and services, underpinned by a robust and scalable enterprise technology platform, is central to the company's strategy. This has led to a new role within the technology team, playing an integral part in the governance of our quality, compliance, and Information Security, requirements.
Technology solutions must comply to many standards, including ISO 9001, ISO 27001, BS10012, PCI DSS, Information Security, Data Protection & GDPR, Client requirements and audit readiness, Clinical regulatory & ethical standards, our Software Development Life Cycle framework (SDLC), and our company processes, methodologies, and quality framework.
In this role you will oversee and drive this compliance, throughout all aspects of the technology teams development and implementation of technical solutions; for patients, clients and staff. You will be responsible for ensuring we have the correct processes, documentation, and practices in place, for the technology team to meet and exceed our security, compliance, regulatory, and quality, requirements.
You will provide guidance, advice, training, and awareness, across our compliance, quality and security initiatives. You will have responsibility for the technology and software development elements of my client's ISO certifications, particularly ISO27001. And will liaise directly with internal and external auditors, and assessment bodies, including clients, to co-ordinate and plan, managing and driving forward any actions and improvement plans identified, as well as reporting regularly at a senior level around these.
Your relationship building and communication skills will be vital to ensure that you are able to influence at both senior and team levels, ensuring that compliance is embedded. You'll therefore need gravitas, drive, passion and tenacity, with the ability to articulate and understand technical concepts across various audiences.
You will work closely with the company's quality and compliance team, ensuring technology compliance is aligned. You will regularly interact with the wider business, including at times, the CEO and executive team.
Main Purpose of the Job;
- Design and implement the processes, documentation, and practices, the technology team requires to ensure it delivers solutions that are compliant with various security, compliance, and quality standards including ITIL for processes.
- Oversee and drive the technology team compliance against these processes, documentation, and practices.
- Understand and be immersed in our Agile software development processes, and work with the development team to ensure compliance is "baked in", from requirements through development and testing to deployment.
- Respond to external or internal audits, owning all responses, and driving action from the technology team and 3rd parties, when required, in order to pass these audits.
- Maintain a schedule of compliance activity and audits, that must be regularly undertaken. Ensure the technology team and/or wider business is aware and plans time and resource to undertake any actions required.
- Drive continual improvements to any aspect of our security, compliance and quality frameworks, and ways of working within the technology team
- Management of security, compliance, and quality processes, documentation and practices, for the technology team and solutions.
- Review current security, compliance, and quality processes, documentation and practices, for the technology team and solutions. And produce gap analyses identifying areas of difference and the necessary activities to bridge the gap, along with recommendations for action in accordance with ISO27001 control sets.
- Work with the software development and test teams to ensure successful outcome of product delivery, in a secure and compliant way.
- Own, plan, and manage internal and external audit responses for the technology team, directing activity during the audit, supporting colleagues in evidencing processes, and communicate results and actions plans
- Provide knowledge, advice and guidance to the technology team on all matters relating to quality, compliance and security process, documentation and practices.
- Act as a focal point for technology compliance and information security-related queries from colleagues, clients and vendors, including during tender processes
- Brief teams on the requirements of internal and external audits and the evidence that needs to be retained and presented to show compliance.
- Track and manage to resolution non-conformances from internal and external audits
- Act as subject matter expert in formal management reviews of GDPR, QMS, ISMS, ISO9001, ISO27001, BS10012, client audits, clinical practices and compliance.
- Propose and implement any toolkits required
- Plan, lead and document risk analyses to company standards and processes including management of risk registers for the technology team
- Propose and develop appropriate security and compliance policies and procedures along with internal stakeholders to ensure viability
- Lead on activities required to update current certifications as requirements change
- Adopt an understanding of clinical best practice, compliance, and safety for company compliance
- Review and align IT policies and processes to current and emerging legislation and industry best practice.
- Ensure day to day communication with the team and business
- Manage the information security risk assessments for onboarding suppliers for the business.
- Evidence of success in a similar role within a software development focused organization or department, within a SDLC framework, using comprehensive tools and techniques.
- Demonstrable experience of influencing and driving a technology or development team to adhere to compliance requirements
- Experience working with auditors
- Experience of planning and conducting audits for ISO 9001, 27001 and BS10012.
- Ability to present security, compliance and quality requirements, must haves, ideas, etc, to stakeholders at all levels
- Experience in creating and monitoring compliance programmes
- Highly developed compliance analytical skills with a keen eye for detail. Ability to analyse and understand policies and practices and to assess risks
- Knowledge of Information Systems, security and controls
- Awareness of General Data Protection Regulation (GDPR) and Data Protection more broadly
- Evidence of strong stakeholder management skills, and the ability to communicate and build relationships effectively with a broad range of people
- Experience of working in a flexible, fast paced, evolving environment that relies on high collaboration and iterative improvements
- Knowledge and awareness of the software development lifecycle
- Knowledge of clinical compliance eg; GCP (Goof Clinical Practices), regulations, ethics
- PCI DSS experience
- Experience within the pharmaceutical or clinical sector
- Experience of clinical trials or patient related technology
- Relevant professional qualification in Security, Compliance or Quality management