Head of IT Governance, Risk, and Compliance; GRC

Position: Head of IT Governance, Risk, and Compliance (GRC)
Overview

Lab Connect improves lives by partnering with pharmaceutical and biotech companies, and clinical research organizations (CROs) to accelerate the development of new medicines around the world.

We are an independent, global, one-stop-shop focused on delivering Central Laboratory Services that are tailor-made, timely and flexible to meet the evolving study demands of traditional to increasingly complex trials. Additionally, we provide Functional Service Provider (FSP) Solutions, supporting our clients with scientific and technical expertise, acting as an extension of their team, coordinating all laboratory related needs, advising on strategies for lab data collection and providing end-to-end analytical and logistical solutions.

Job Summary

The Senior Director, IT Governance, Risk, and Compliance (GRC) is responsible for developing and leading the company's IT risk, compliance, and control strategy. The Senior Director will assess Lab Connect's current maturity, identify gaps, and establish the roadmap, governance processes, and cross-functional operating discipline needed to strengthen and evolve the control environment over time. The Senior Director will help build a sustainable foundation for audit readiness and ongoing alignment across key regulatory, privacy, and quality frameworks, including SOC 2, HIPAA, GDPR, and FDA 21 CFR Part 11, while also establishing governance for the company's increasing use of AI in internal operations and healthcare-related product capabilities.

This includes creating policies, review processes, and risk controls for AI adoption with attention to privacy, security, transparency, validation, and applicable healthcare regulatory expectations.

Essential Duties and Responsibilities

• Define and oversee governance, risk, and compliance policies for modern access, endpoint, and virtual desktop environments, including secure approaches that support bring-your-own-device and remote work models.
• Assess the organization's current-state controls, documentation, and operating practices across relevant frameworks, including SOC 2, HIPAA, GDPR, and FDA 21 CFR Part 11. Develop the strategy, roadmap, and governance processes needed to close gaps, strengthen compliance maturity, and support ongoing audit readiness and sustained regulatory alignment.
• Develop the governance framework, risk controls, and review processes needed to support Lab Connect's transition to AI-enabled internal workflows and product capabilities. Establish practical standards for acceptable AI use, model and vendor oversight, data handling, human review, auditability, and ongoing monitoring, with particular attention to HIPAA requirements for protected health information, the NIST AI Risk Management Framework, and FDA considerations where AI functionality may affect regulated healthcare use cases.
• Establish and enhance data protection controls, including data classification, monitoring, and loss prevention practices, to reduce risk and protect sensitive information across collaboration and operational platforms.
• Evaluate and monitor the compliance and security posture of external partners, vendors, and service providers that support business-critical and regulated processes.
• Partner with technology, quality, legal, privacy, and business leaders to embed compliance, validation, and risk management into operating processes in a manner that supports both operational rigor and organizational agility. Align IT controls, risk management, and audit readiness with validation requirements to ensure coordinated compliance with regulations such as FDA 21 CFR Part 11.

Education and Experience

• Bachelor's degree in computer science, engineering, information systems, or a related field required; advanced degree preferred.

• 10+ years of progressive experience in IT security, compliance, risk management, or GRC leadership roles, ideally within a high-growth, cloud-enabled, or highly regulated environment.

• Demonstrated expertise in major security and privacy frameworks and standards, such as SOC 2, ISO 27001, HIPAA, and GDPR, along with practical knowledge of AI governance and healthcare AI compliance considerations.

• Experience applying risk-based controls to AI use cases, including privacy safeguards, vendor oversight, auditability, and model governance, is strongly preferred.

• Strong executive presence and the ability to influence stakeholders across technical, operational, and business functions.

Skills and Ability

• Ability to communicate complex risk, compliance, and security matters clearly to senior leadership, auditors, clients, and cross-functional stakeholders.

• Demonstrated success building credibility and leading in environments where technology, operations, and business processes are tightly interconnected.

• Experience establishing or enhancing governance models that improve decision quality, accountability, prioritization, and cross-functional alignment.

• Strong executive presence and the ability to build credibility with senior leaders as well…