Director, IT Governance, Risk, and Compliance (GRC)

Role Summary

The Director, IT GRC will establish, maintain, and operate the IT governance, risk management, and compliance framework for a regulated biotechnology environment. This role is the primary IT authority for regulatory compliance, IT risk management, policy governance, and validation oversight, partnering with Quality, Clinical, Finance, and Legal to ensure IT systems meet regulatory and business requirements. It combines strategic leadership with hands-on execution and project management for IT initiatives, with success measured by audit readiness and scalable governance that supports long-term objectives. This is a full-time, on-site position based in Boston, MA.

Responsibilities

• IT Governance & Policy Management
  • Own the development, maintenance, and enforcement of IT policies, SOPs, work instructions, and department- and company-wide processes
  • Establish and maintain a scalable IT governance framework aligned with company growth and regulatory expectations
  • Ensure policies and procedures align with industry best practices and regulatory standards, including NIST, GxP, and SOX
  • Partner with IT and business stakeholders to operationalize governance requirements across the organization
• IT Risk Management
  • Lead IT risk identification, assessment, and mitigation activities across systems and processes
  • Support enterprise risk management initiatives as they relate to IT, cybersecurity, and regulated systems
  • Ensure IT risks are documented, tracked, and addressed in a risk-based and pragmatic manner
  • Align IT risk management practices with recognized frameworks such as NIST
• Regulatory Compliance
  • Serve as the primary IT owner for external regulatory compliance initiatives, including SOX, GxP, EU Annex 11, and other applicable U.S., EU, and UK regulations
  • Ensure IT controls are designed, implemented, and operating effectively to support audit and inspection readiness
  • Act as a key IT liaison during internal audits, external audits, and regulatory inspections
  • Manage IT-related audit responses, findings, and corrective and preventive actions (CAPAs)
• IT Validation & Quality Oversight
  • Oversee IT system validation activities for new and existing systems in regulated environments
  • Ensure validation documentation, testing, approvals, and traceability are completed in a compliant and inspection-ready manner
  • Own or support IT change control processes, ensuring changes are properly assessed, approved, tested, and documented
  • Partner closely with Quality and system owners to ensure validation activities meet regulatory and company standards
• IT Project Management
  • Provide governance and oversight for IT initiatives, ensuring delivery aligns with compliance, risk, and business priorities
  • Integrate compliance, validation, and risk considerations into project planning and execution
  • Coordinate with internal teams and external vendors to drive accountability and delivery
  • Track project risks, dependencies, and milestones, escalating issues as appropriate
• Vendor & Third-Party Oversight
  • Support IT vendor qualification and oversight activities in partnership with Quality
  • Participate in vendor assessments and audits as needed, including occasional travel with Quality for inspections
  • Ensure vendor-managed systems and services meet governance and compliance expectations

Qualifications

• Required: Bachelor’s degree in Information Systems, Computer Science, or a related field
• Required: 10+ years of experience in IT governance, compliance, validation, risk, or quality roles within a regulated life sciences environment
• Required: Demonstrated experience supporting GxP, SOX, and Annex 11 compliance
• Required: Strong understanding of IT system validation, change control, and documentation requirements
• Required: Hands-on experience creating and maintaining IT policies, SOPs, and governance frameworks
• Required: Experience supporting internal and external audits and regulatory inspections
• Required: Proven ability to operate as a senior individual contributor with ownership and accountability
• Required: Strong project management skills with the ability to manage multiple initiatives concurrently
• Required: Excellent written and verbal communication skills, with the ability to translate regulatory requirements into practical implementation
• Required: Detail-oriented, risk-aware, and pragmatic in approach
• Preferred: Experience in a clinical-stage or commercializing biotech or pharmaceutical company
• Preferred: Familiarity with FDA regulations (e.g., 21 CFR Part 11) and global regulatory expectations
• Preferred: Experience partnering closely with Quality, Clinical Operations, Finance, and Legal teams
• Preferred: Exposure to enterprise systems such as QMS/eQMS, RIMS, CTMS, ERP, or financial systems
• Preferred: Formal project management training or certification (e.g., PMP) a plus

Education

• Bachelor’s degree in Information Systems, Computer Science, or a related field

Skills

• IT governance, policy management, and regulatory compliance
• IT risk management and mitigation
• IT validation and quality oversight
• Change control, documentation, and audit readiness
• Project management and program oversight
• Vendor and third-party oversight
• Strong written and verbal communication

Additional Requirements

• Occasional travel for inspections with Quality