IT Technical Regulatory Compliance Principal

Summary

The IT Technical Regulatory Compliance Principal leads and executes IT risk-based computer systems validation and associated technical compliance initiatives within ACM Global Laboratories' core businesses: laboratory services and clinical trials research. These operations adhere to US FDA, UK MHRA, EMEA, GCP, GLP, and other relevant regulations. This hybrid role combines hands-on computer systems validation with regulatory compliance execution. The Principal ensures that IT systems, including ACM’s data center infrastructure, cloud-hosted and SaaS applications, laboratory equipment, and LIMS systems, are implemented, validated, and maintained according to regulations such as 21 CFR Part 11, Part 820, ICH, and OECD 22, along with GLP, GCP requirements, and company policies. This role serves as the IT CSV department’s key resource for representing IT in internal, customer, and regulatory audits, managing observation responses, quality events, and CAPAs. A strong relationship with the Quality function is crucial. The role also oversees the IT CSV Change Management process and participates in the Change Approval Board.

Responsibilities

• Lead IT compliance initiatives, ensuring adherence to worldwide regulatory authorities, GLP, GCP, and other applicable regulations and standards (e.g., 21 CFR Part 11, 820, Annex 11, OECD 22).
• Manage and execute validation of cloud-based and hosted applications, including risk assessments, validation planning, IQ/OQ/PQ testing, and traceability documentation.
• Primary owner of the system development lifecycle (SDLC) and Computerized System Validation (CSV) process, policies, and procedures.
• Oversee the new system implementation process and IT change management process.
• Develop, review, and maintain key compliance and SDLC documents such such as validation protocols, test scripts, SOPs, configuration management, change control, and system release documentation.
• Prepare and lead IT-related activities for FDA, UK, EU, and other regulatory inspections or audits; provide expert responses to auditor queries; manage quality events, corrective and preventive actions (CAPAs) resulting from inspections.
• Author and maintain IT compliance policies, procedures, and standard operating procedures (SOPs) to ensure consistent, regulatory-aligned practices across systems and teams.
• Partner with IT infrastructure, cybersecurity, QA, and business system owners to ensure alignment of compliance and validation activities with business needs.
• Evaluate and enhance IT validation and compliance processes for efficiency and scalability in support of digital transformation and cloud adoption.
• Take Quality ownership, participate in cross-functional team discussions, provide quality guidance/decisions for projects that include new implementations, enhancements, quarterly releases, periodic reviews, and review and approve Quality events (deviations & CAPAs).
• Participate in and drive system assessments, review and approve project deliverables, including plans, test scripts, execution and outcomes, reports, and traceability.
• Actively participate in and guide discussions to resolution, adhering to all quality standards.

Required Qualifications

• Bachelor's degree in Computer Science.
• 10 years of experience in life sciences computer systems validation (biotech, pharma, medical device, laboratory services).
• 5 years of employment in a lab services environment.
• 5 years in a biotech, pharma, or device environment.

Preferred Qualifications

• Detailed knowledge of IT infrastructure equipment, utilities, and supporting processes and computerized system validation concepts for such; including servers, HVAC, physical security, virtual security, fire detection and protection, network architecture and layers.
• International Society of Pharmaceutical Engineers (ISPE) GAMP 5 training or equivalent experience.
• Familiarity with IT Infrastructure Library (ITIL), IT as-a-service Change process, service level agreements, some project management experience.
• 10 years of experience validating hosted, cloud GxP applications under ISPE Good Automated Manufacturing Processes (GAMP 5) methodology.
• 10 years of experience developing typical GAMP 5 deliverables such as validation plans, functional requirements, user requirements, system design documents, configuration specifications, OQ test scripts, PQ/UAT test scripts, requirements traceability matrix, validation summary reports, supporting SOPs, and work instructions.
• 10 years of experience supporting technology, software, and systems in US FDA regulated environment, UK MHRA, EMEA environments and regulations. Expert in 21 CFR Part 11, Part 820, OECD 22, GLP, GCP.
• 5 years of experience supporting worldwide regulatory inspections and direct inspector involvement.
• Deep understanding of on-premise data center, equipment, utilities, closets, servers, power, HVAC, lab instrumentation, lab utilities, interfaces to LIMS systems, GxP, 21 CFR Part 11, Annex 11, and CSV methodologies.
• Strong documentation and technical writing skills. Expert in using Microsoft Office tools and SharePoint.
• Familiarity with modern SDLC frameworks (Agile, DevOps) and change management systems.
• Experience with cloud service providers (AWS, Azure) and enterprise applications (e.g., Veeva, Salesforce, ServiceNow).
• Well versed in writing standard operating procedures, work instructions, and the full complement of ISPE GAMP 5 CSV documents for GAMP Category 4 and 5 systems.
• Sound knowledge of and embrace Data Integrity integral to system projects.
• Good communication skills and ability to fit well as a team player.
• Exceptional communication and leadership skills. Ability to present in front of executives.
• Strong analytical, problem-solving, and organizational abilities.
• Comfortable operating in a fast-paced, highly regulated, changing environment.
• Demonstrated competence and completion of migrating CSV to Computer Software Assurance (CSA) processes.

Key skills/competency

• Computer Systems Validation
• Regulatory Compliance
• GxP
• FDA Regulations
• 21 CFR Part 11
• Audit Management
• SDLC
• Cloud Compliance
• Data Integrity
• ISPE GAMP 5