Senior Director, IT Compliance and Privacy

Role Summary

The Senior Director, IT Compliance and Privacy ensures all technology operations meet regulatory, legal, and corporate governance requirements while enabling business agility. This role leads a team responsible for SOX ITGC, GxP validation, data privacy (GDPR, HIPAA), and comprehensive risk management across the technology portfolio.

Responsibilities

• Regulatory Compliance Leadership
  • Lead quarterly Sarbanes-Oxley IT General Controls testing across all financial systems, coordinate audit evidence preparation, and manage external auditor interactions
  • Oversee pharmaceutical system validation processes, ensuring compliance with FDA requirements and supporting regulatory inspections and audit preparation
  • Maintain comprehensive compliance programs for all public company IT obligations and regulatory reporting requirements
  • Conduct enterprise-wide IT compliance risk assessments and develop mitigation strategies across the technology landscape

• Data Privacy & Governance
  • Implement and maintain comprehensive data privacy programs covering GDPR, HIPAA, and state privacy regulations
  • Establish enterprise data classification, handling procedures, and governance frameworks across clinical, commercial, and corporate data
  • Conduct privacy reviews for all new technology implementations and system changes
  • Parter with Cybersecurity lead on data breach response coordination across IT pillars and business units, ensuring proper regulatory notification and remediation

• Cross-Pillar Integration
  • Review all technology decisions for regulatory impact before implementation, embedding compliance checkpoints into standard IT workflows
  • Translate complex regulatory requirements into practical IT policies, procedures, and training programs
  • Manage internal and external audit activities, coordinating evidence gathering across Business Technology, Infrastructure, and Security teams
  • Interface with external auditors, regulators, compliance consultants, and legal counsel on IT-related matters

• Team Leadership & Development
  • Direct IT Compliance and Privacy & Data Governance teams, providing strategic guidance and professional development
  • Develop and deliver compliance training programs tailored to specific IT roles and business functions
  • Continuously improve compliance processes to balance regulatory requirements with business agility and operational efficiency
  • Manage escalation of significant compliance risks to CIO and executive leadership

Qualifications

• Bachelors in IT, Computer Science, or related field; advanced degree or JD preferred with 10+ years of IT compliance experience with 5+ years in leadership roles or equivalent experience
• Pharmaceutical, biotechnology, or regulated life sciences industry experience required
• Proven track record managing compliance for technology portfolios in public company environments
• Extensive experience with Sarbanes-Oxley IT General Controls testing, documentation, and audit support
• Deep knowledge of pharmaceutical validation requirements, FDA regulations (21 CFR Part 11), and quality management systems
• Expert-level understanding of GDPR, HIPAA, CCPA, and other privacy regulations with hands-on implementation experience
• Strong background in IT risk assessment methodologies, business continuity planning, and compliance program management
• Understanding of enterprise applications, databases, cloud platforms, and integration architectures from a compliance perspective
• Experience coordinating internal and external audits, evidence collection, and remediation planning
• Proven ability to translate regulatory requirements into practical business processes and technical controls
• Exceptional skills in communicating complex compliance requirements to technical and business audiences
• Experience leading cross-functional compliance initiatives in matrix organizations
• Proven ability to influence without authority across business units and IT teams
• Experience managing relationships with external auditors, consultants, and regulatory bodies
• Travel: 10%

Preferred Qualifications

• CISA, CRISC, CIPP, CIPM, or other relevant compliance and privacy certifications
• Knowledge of ISO 27001, NIST frameworks, and life sciences industry best practices
• Familiarity with evolving privacy laws, AI governance requirements, and digital health regulations