Director, IT – Governance, Risk & Compliance at Zentalis Pharmaceuticals | Hybrid Hired

About the role

Director of IT Governance, Risk & Compliance at Zentalis Pharmaceuticals developing GRC strategies. Leading compliance for FDA regulations in a clinical-stage biotech environment.

Responsibilities

Own and continuously evolve the IT governance framework aligned with COBIT, ITIL, or equivalent standards; set multi-year roadmap for IT GRC maturity.
Establish, maintain, and enforce IT policies, standards, and procedures in alignment with business objectives and regulatory requirements.
Lead the IT Governance Committee; prepare Board-and executive-level reporting on governance posture, KPIs, and strategic risk.
Drive IT portfolio governance to ensure alignment of technology investments with enterprise strategy and risk appetite; partner with Finance on IT spend decisions.
Lead the enterprise IT risk management lifecycle: identification, assessment, treatment, monitoring, and reporting.
Maintain and continuously update the IT risk register; escalate critical risks to senior leadership and the Board, as appropriate.
Partner with business units to conduct risk-based vendor and third-party assessments for critical technology partners and SaaS providers.
Own and manage IT compliance programs across GxP (21 CFR Part 11, Annex 11), SOX ITGCs, HIPAA, NIS2 Directive, and applicable data privacy regulations (GDPR, CCPA, when applicable).
Serve as the primary IT point of contact for internal and external auditors; coordinate IT audit requests, responses, and remediation.
Lead IT General Controls testing and documentation for SOX compliance cycles; partner with Finance and External Audit.
Participate in GxP computer system validation (CSV) oversight in coordination with QA — including URS, IQ/OQ/PQ documentation, and periodic reviews.
Track and drive closure of all IT audit findings, control deficiencies, and corrective and preventative actions (CAPAs).
Develop and maintain the IT policy library; ensure timely review cycles and version control.
Drive an IT compliance awareness culture through training programs, communications, and onboarding curriculum.
Advise IT project teams and technology owners on control requirements during system design and implementation.

Requirements

Required Bachelor's degree in Information Technology, Computer Science, Life Sciences, or a related field; Master's degree strongly preferred.
12+ years of progressive IT GRC, IT audit, or IT compliance experience, with at least 5 years in a biotech, pharmaceutical, or medical device environment.
Minimum 4 years of people management experience, including managing managers or senior individual contributors.
Deep expertise in FDA 21 CFR Part 11, GxP computer system validation (CSV), and SOX IT General Controls.
Proven track record managing IT audit processes and working directly with external auditors (Big 4 preferred) and regulatory agencies.
Strong knowledge of IT risk management frameworks (NIST CSF, ISO 27001/27002, COBIT) and demonstrated ability to set and execute multi-year GRC strategy.
Preferred Master's degree in Information Systems, Business Administration, or a related discipline.
Professional certifications: CISA, CRISC, CGEIT, CISSP, or CIPP.
Experience with cloud GRC platforms (ServiceNow GRC, Archer, Vanta, Drata) and validated cloud environments (AWS, Azure, GCP).
Familiarity with HIPAA/HITECH, NIS2 Directive, GDPR, and CCPA compliance in a clinical or research setting.
Prior experience supporting IND/NDA/BLA submissions or FDA facility inspections.
Experience standing up a GRC function or program from an early-stage maturity baseline.

Similar roles

Browse all Compliance jobs

1 hour ago

CO

Licensing Compliance Officer – Periodic

City of Hamilton, Ohio

Licensing Compliance Officer for the City of Hamilton ensuring by - law compliance and conducting inspections. Engaging with the community and liaising with businesses for adherence to regulations.

Hybrid Role

Hamilton Canada Compliance

CA$39 - CA$42 per hour

2 hours ago

TG

Commercial Regulatory Filing and Compliance Analyst

The Mutual Group

Regulatory & Compliance Analyst responsible for implementing insurance regulatory filings and compliance. Collaborating with teams to prepare submissions and maintain documentation in a hybrid environment.

Hybrid Role

United States Compliance

$51,600 - $75,000 per year

5 hours ago

DF

Manager, Post Market Compliance – Global Product Monitoring

Diabetes Youth Families

Manager of Post Market Compliance overseeing post - market surveillance for global medical device regulations. Engaging with cross - functional teams and maintaining compliance standards in a hybrid role.

Hybrid Role

Acton United States Compliance

$112,300 - $168,400 per year

6 hours ago

GT

IT Risk and Compliance Principal

General Dynamics Information Technology

IT Risk and Compliance Specialist ensuring security of technology systems for GDIT and its customers. Monitor security posture, assess risks, and implement improvements in security protocols.

Onsite Role

Germantown United States Compliance

$123,250 - $166,750 per year

7 hours ago

PP

Regulatory Affairs Analyst

Pension Insurance Corporation plc

Regulatory Affairs Analyst managing regulatory risks and compliance for Pension Insurance Corporation. Working collaboratively to maintain effective regulatory strategies and relationships with UK regulators.

Hybrid Role

London United Kingdom Compliance

9 hours ago

BO

Airworthiness & Regulatory Engineer

Boeing

Senior Engineer advising on certification processes for aerospace at Boeing. Engaging in compliance reviews and educational material development across multiple sites.

Hybrid Role

Oklahoma City United States Compliance

$122,400 - $190,900 per year

10 hours ago

PH

Compliance & Quality Systems Specialist

Pharmascience

Responsable de la conformité et des systèmes qualité au sein de Pharmascience sur le site de Candiac. Participation à la gestion des audits internes et des systèmes qualité pour assurer la conformité.

Hybrid Role

Candiac Canada Compliance

10 hours ago

PH

Manager, Compliance Training

Pharmascience

Chef Formation Conformité supervisant activités de formation conformité dans l’industrie pharmaceutique. Gestion du programme de formation et conformité aux exigences réglementaires.

Hybrid Role

Montréal Canada Compliance

10 hours ago

PH

Principal Specialist, Regulatory Strategy

Pharmascience

Lead regulatory affairs strategies ensuring compliance for pharmaceutical submissions. Collaborate with cross - functional teams and regulatory authorities for product development success.

Hybrid Role

Montréal Canada Compliance

10 hours ago

PH

Specialist, Compliance & Quality Systems

Pharmascience

Spécialiste en conformité et systèmes qualité gérant les systèmes qualité pour Pharmascience. Gestion des audits, déviations, et spécifications sur le site de Candiac.

Hybrid Role

Candiac Canada Compliance