Director, IT – Governance, Risk & Compliance
San Diego, California, United States of America
Full Time
2 hours ago
$210,000 - $250,000 USD
No Visa Sponsorship
Key skills
AWSAzureCloudGoogle Cloud PlatformServiceNowGCPGoogle CloudVersion ControlSaaSLeadershipRisk Management
About this role
Role Overview
- Own and continuously evolve the IT governance framework aligned with COBIT, ITIL, or equivalent standards; set multi-year roadmap for IT GRC maturity.
- Establish, maintain, and enforce IT policies, standards, and procedures in alignment with business objectives and regulatory requirements.
- Lead the IT Governance Committee; prepare Board-and executive-level reporting on governance posture, KPIs, and strategic risk.
- Drive IT portfolio governance to ensure alignment of technology investments with enterprise strategy and risk appetite; partner with Finance on IT spend decisions.
- Lead the enterprise IT risk management lifecycle: identification, assessment, treatment, monitoring, and reporting.
- Maintain and continuously update the IT risk register; escalate critical risks to senior leadership and the Board, as appropriate.
- Partner with business units to conduct risk-based vendor and third-party assessments for critical technology partners and SaaS providers.
- Own and manage IT compliance programs across GxP (21 CFR Part 11, Annex 11), SOX ITGCs, HIPAA, NIS2 Directive, and applicable data privacy regulations (GDPR, CCPA, when applicable).
- Serve as the primary IT point of contact for internal and external auditors; coordinate IT audit requests, responses, and remediation.
- Lead IT General Controls testing and documentation for SOX compliance cycles; partner with Finance and External Audit.
- Participate in GxP computer system validation (CSV) oversight in coordination with QA — including URS, IQ/OQ/PQ documentation, and periodic reviews.
- Track and drive closure of all IT audit findings, control deficiencies, and corrective and preventative actions (CAPAs).
- Develop and maintain the IT policy library; ensure timely review cycles and version control.
- Drive an IT compliance awareness culture through training programs, communications, and onboarding curriculum.
- Advise IT project teams and technology owners on control requirements during system design and implementation.
Requirements
- Required Bachelor's degree in Information Technology, Computer Science, Life Sciences, or a related field; Master's degree strongly preferred.
- 12+ years of progressive IT GRC, IT audit, or IT compliance experience, with at least 5 years in a biotech, pharmaceutical, or medical device environment.
- Minimum 4 years of people management experience, including managing managers or senior individual contributors.
- Deep expertise in FDA 21 CFR Part 11, GxP computer system validation (CSV), and SOX IT General Controls.
- Proven track record managing IT audit processes and working directly with external auditors (Big 4 preferred) and regulatory agencies.
- Strong knowledge of IT risk management frameworks (NIST CSF, ISO 27001/27002, COBIT) and demonstrated ability to set and execute multi-year GRC strategy.
- Preferred Master's degree in Information Systems, Business Administration, or a related discipline.
- Professional certifications: CISA, CRISC, CGEIT, CISSP, or CIPP.
- Experience with cloud GRC platforms (ServiceNow GRC, Archer, Vanta, Drata) and validated cloud environments (AWS, Azure, GCP).
- Familiarity with HIPAA/HITECH, NIS2 Directive, GDPR, and CCPA compliance in a clinical or research setting.
- Prior experience supporting IND/NDA/BLA submissions or FDA facility inspections.
- Experience standing up a GRC function or program from an early-stage maturity baseline.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- ServiceNow