Corporate Compliance Officer

Summary

The Corporate Compliance Officer will support the transition of compliance oversight from the Legal function to Enterprise Risk Management (ERM). This is a hybrid role combining compliance program leadership/support with risk-based oversight. The Director will lead near-term policy cleanup and modernization, help establish a scalable compliance operating model, and own the compliance hotline and case management process. Over time, this position will help define and mature compliance-related processes and integrate them into ERM governance, prioritization, and reporting.

Job Responsibilities

Compliance program leadership (build, run, and enable)

• Lead execution of the compliance program charter, annual plan, and maturity roadmap in partnership with ERM leadership, Legal, and other key stakeholders.
• Provide practical compliance guidance and implementation support to business leaders and teams, coordinating closely with partners to align with applicable laws, regulations, and organizational standards.
• Design, deliver, and maintain core compliance program elements, including:
  • Developing a training and awareness strategy (role-based training, refresh cadence, targeted campaigns, micro-burst training, etc.)
  • Policy communications and employee attestations tied to policy publication
  • Risk-based monitoring and thematic reviews, including follow-up on corrective actions
  • Developing and maintaining compliance dashboards, metrics and reporting mechanisms

Policy cleanup, rationalization, and enterprise policy governance ownership

• Lead an enterprise-wide policy inventory and cleanup initiative: identify duplicates/conflicts, retire outdated content, close gaps, and assign accountable owners.
• Establish and operate the policy governance framework, including:
  • Policy taxonomy/tiering (policy, standard, procedure, guideline) and document hierarchy
  • Standard templates and minimum content requirements
  • Approval authorities, review cycles, version control, publication standards, and evidence retention
  • Policy exception/waiver process with documented risk acceptance and periodic review
• Partner with Legal, Quality, Privacy, Security, People, and other business functions to ensure policies are clear, usable, and embedded across all corporate operations.

Hotline ownership, concerns intake/triage, and case management

• Own the compliance hotline and related reporting channels (including hotline vendor management where applicable), ensuring accessibility, confidentiality, and reinforcement of non-retaliation expectations.
• Ensure privacy-related concerns and potential privacy incidents are appropriately categorized, routed, managed with the right stakeholders, and tracked through remediation.
• Run case intake, triage, categorization, severity/risk rating, routing, documentation standards, and service levels.
• Transfer investigations to Legal when appropriate; ensure consistent case handling, appropriate escalation, and clear documentation through closure.
• Produce regular analytics and trend reporting on allegations, substantiation outcomes, themes, and corrective actions.

Issue management, corrective actions, and remediation governance

• Implement standardized enterprise issue management: intake, root cause, corrective action plans, due dates, evidence requirements, validation, and closure criteria.
• Track remediation commitments from monitoring, hotline cases, audits, and quality findings; escalate aging/high-risk items through defined governance forums.
• Coordinate with Internal Audit and Quality to align findings management and reduce duplicate testing/tracking.

Compliance risk oversight and ERM integration (risk types will mature over time)

• Execute an initial compliance risk assessment approach aligned with ERM to prioritize program work (policy, training, monitoring) and identify areas requiring additional controls.
• As the Director becomes acclimated, help define a pragmatic compliance risk taxonomy (“risk types”) suitable for a biotech/research environment and support integration into ERM reporting and governance.
• Develop and maintain metrics and dashboards (policy currency, training completion/attestations, hotline trends, remediation aging, monitoring results).

Governance, audit/inspection readiness, and stakeholder partnership

• Support compliance governance cadence (e.g., Compliance & Ethics Committee and/or Risk Committee reporting) through materials development, reporting, and issue escalation coordination.
• Support external audits/inspections and partner assessments by coordinating evidence readiness and tracking remediation deliverables.
• Partner closely with enterprise stakeholders to ensure compliance expectations are practical, implemented, and sustained.

Team leadership and capability build

• Contribute to building a high-performing program over time; may provide informal leadership, project leadership, and/or direct people management as the function grows.
• Help evaluate and implement tooling to support policy management, attestations, and case/issue tracking.

Education, Experience, And Skills

• Bachelor's degree in Business Administration, Risk Management, Healthcare Administration, Life Sciences, or related field required; advanced degree (MBA, JD, or Master's in Compliance/Risk Management) preferred.
• 8–12+ years of progressive experience in compliance, enterprise risk, ethics, governance, quality/regulatory compliance, privacy, or related fields; biotech/research or healthcare experience strongly preferred.
• Demonstrated experience building and operating compliance program components (policy governance, training, monitoring, hotline/case management, remediation).
• Working knowledge of healthcare privacy requirements (e.g., HIPAA/HITECH).
• Prior experience in a diagnostic laboratory setting a plus.
• Strong stakeholder management skills and ability to influence across functions without direct authority.
• Strong written and verbal communication skills; ability to produce clear executive-ready reporting.
• Proven ability to build foundational frameworks where structures and “risk types” will evolve over time.

Work Environment

This is a fully remote position. The employee will work from a home office or other suitable remote location with reliable high-speed internet access. Work is performed in a climate-controlled environment using standard office equipment including computer, phone, and video conferencing tools. Your standard work schedule and hours will be established in collaboration with your leader and may be adjusted to align with evolving business needs.

Key skills/competency

• Compliance Program Management
• Enterprise Risk Management (ERM)
• Policy Governance
• Case Management
• Regulatory Compliance
• Healthcare Privacy (HIPAA/HITECH)
• Internal Audit Coordination
• Stakeholder Management
• Risk Assessment
• Remediation Governance