IT Compliance and Governance Manager

SUMMARY:

The IT Compliance and Governance Manager (ICGM) will oversee and manage IT governance frameworks, ensuring Elligo's adherence to regulatory requirements (FDA, HIPAA, NIST, CIS), industry standards, and internal policies. This highly collaborative role needs to build relationships and ensure communication across various departments. This role is accountable for managing compliance audits, risk management objectives, and coordinating with various departments to foster a culture of security, compliance, and effective IT governance. This ICGM will ensure that systems, applications, and processes align with internal policies, industry standards, and regulatory requirements.

ESSENTIAL DUTIES: 

• Develop, implement, and oversee comprehensive IT governance and compliance programs.
• Ensure adherence to relevant regulatory requirements and frameworks (e.g. FDA, HIPAA, SOC2, NIST, CIS, HITRUST).
• Coordinate internal and external IT audits, ensuring readiness, compliance, and remediation of findings.
• Conduct regular risk assessments to identify vulnerabilities and compliance gaps, recommending corrective actions and ensuring implementation. 
• Maintain and enhance policies and procedures that support compliance and IT governance frameworks.
• Collaborate with Quality Assurance to execute internal and external audits.
• Act as a liaison between IT and business partners, providing guidance on compliance requirements and governance practices.
• Advise business partners and technical leads to ensure software acquisition, implementation, and development align with SOP and policy requirements.
• Maintain a working knowledge of technical quality guidance from NIST, FDA, US-HHS, EMA, International Council for Harmonization of Technical Requirements, and other regulatory authorities.
• Keep current with regulatory developments and industry standards, assessing impact and recommending necessary actions.
• Other duties as required and/or assigned. 

QUALIFICATIONS:

• Proven experience conducting risk assessments, compliance audits, and implementing governance frameworks.
• Expert knowledge of technology controls, risk assessments and information security. 
• Excellent project management skills, including documenting a high-level project plan, status reporting, managing scope/changes and leading a project team to success.
• Strong leadership skills, especially motivating, communicating effectively, and influencing team members and other stakeholders to work together effectively. 
• Working knowledge of security, compliance, and regulatory requirements related to HIPAA, data privacy, clinical research, and corporate proprietary information. 
• Ability to oversee and manage multiple complex projects and tasks. 
• Strong sense of ownership, detail-oriented approach, and takes satisfaction in driving projects to successful completion.
• Adept at creating and delivering technical presentations that clearly articulate compliance and governance requirements to technical and non-technical stakeholders.
• Exceptional writing skills, excellent communication skills, and proofreading abilities
• Ability to work with functional groups and different levels of employees throughout Elligo to achieve business results effectively and professionally.
• Strong organizational skills with the ability to accomplish multiple tasks within the agreed-upon timeframes through effective prioritization of duties and functions in a fast-paced environment.
• Self-motivated; able to work independently to complete tasks, respond to department requests, and collaborate with others to utilize their resources and knowledge to identify quality solutions.
• Clear and concise written and oral communication skills, including clearly and effectively presenting ideas and recommendations.
• Proficient with Microsoft Office Suite

 EDUCATION AND EXPERIENCE:

• Bachelor of Science in Information Technology, Information Systems, Business, Computer Science, or related field or equivalent job experience.
• Minimum 5 or more years of experience in IT Compliance, IT Governance, Risk Management, or related role, ideally within the Life Sciences industry. 
• 2 years minimum professional experience leading technology quality frameworks.
• Strong knowledge and experience with HIPAA, FDA, SOC2, NIST, CIS.
• Certifications such as CISA, CRISC, CISSP, CISM or equivalent are highly preferred.
• Strong analytical and problem-solving capabilities.