Associate Director, IT Compliance & Governance

Job Overview

Lead IT compliance and governance programs in a regulated pharmaceutical environment. Ensure adherence to global regulations (GxP, FDA, EMA), manage IT risk, and oversee Business Continuity and Disaster Recovery. Partner with QA, Regulatory, and IT teams to maintain secure, compliant, audit-ready systems.

Job Duties And Responsibilities

Regulatory Compliance & GxP Oversight

• Ensure IT systems supporting GxP processes comply with FDA 21 CFR Part 11, EU Annex 11, and other applicable regulations.
• Maintain IT compliance documentation including validation protocols, SOPs, and audit trails.
• Oversee periodic IT compliance assessments and manage remediation plans.
• Ensure ongoing compliance with ISO 27001 by supporting the ISMS framework, monitoring control effectiveness, and coordinating evidence and documentation for certification and surveillance audits.

Governance & Risk Management

• Develop and maintain IT governance frameworks aligned with pharmaceutical industry standards and corporate policies.
• Conduct IT risk assessments for systems supporting clinical, manufacturing, and commercial operations.
• Implement risk mitigation strategies and maintain risk registers.

Business Continuity & Disaster Recovery (BC/DR)

• Own and manage the enterprise BC/DR program for IT systems.
• Develop, maintain, and test disaster recovery plans to ensure resilience and rapid recovery of critical systems.
• Coordinate with business units to align continuity strategies with operational priorities.
• Ensure compliance with regulatory expectations for BC/DR in pharmaceutical environments.

Audit & Inspection Readiness

• Serve as the primary IT contact for internal audits, regulatory inspections, and third-party assessments.
• Ensure timely resolution of audit findings and continuous improvement of compliance posture.

Policy & Standards Development

• Establish IT policies and standards for data integrity, cybersecurity, system lifecycle management, and BC/DR.
• Ensure consistent application of governance principles across GxP and non-GxP systems.

Training & Awareness

• Develop and deliver IT compliance and BC/DR training programs for system owners and end-users.
• Promote a culture of compliance and resilience across IT and business teams.

Cross-Functional Collaboration

• Partner with Quality, Regulatory, Clinical, and Manufacturing teams to ensure IT solutions meet compliance and continuity requirements.
• Provide guidance on regulatory impacts for new technologies and digital initiatives.

Qualifications

Education: Bachelor’s degree in Information Technology, Computer Science, or related field; advanced degree preferred.

Experience:

• 8+ years in IT compliance, governance, or risk management within a pharmaceutical or life sciences environment.
• Strong knowledge of GxP, FDA 21 CFR Part 11, EU Annex 11, and global regulatory frameworks.
• Proven experience managing audits, inspections, and BC/DR programs in a regulated industry.

Key Core Competencies

• Deep understanding of IT systems validation, data integrity principles, cybersecurity controls, and BC/DR best practices.
• Excellent communication and stakeholder management skills.
• Ability to influence and lead cross-functional teams.

Preferred Certifications

• CISA, CRISC, CGEIT
• ITIL Foundation
• GAMP 5 knowledge or certification
• CBCP (Certified Business Continuity Professional) or equivalent

Key skills/competency

• GxP Compliance
• FDA 21 CFR Part 11
• EU Annex 11
• IT Governance
• Risk Management
• Business Continuity
• Disaster Recovery
• ISO 27001
• Audit Management
• Data Integrity