Head of IT Governance, Risk, and Compliance (GRC)

Overview

LabConnect improves lives by partnering with pharmaceutical and biotech companies, and clinical research organizations (CROs) to accelerate the development of new medicines around the world. We are an independent, global, one-stop-shop focused on delivering Central Laboratory Services that are tailor-made, timely and flexible to meet the evolving study demands of traditional to increasingly complex trials. Additionally, we provide Functional Service Provider (FSP) Solutions, supporting our clients with scientific and technical expertise, acting as an extension of their team, coordinating all laboratory related needs, advising on strategies for lab data collection and providing end-to-end analytical and logistical solutions. Job Summary The Senior Director, IT Governance, Risk, and Compliance (GRC) is responsible for developing and leading the company’s IT risk, compliance, and control strategy. The Senior Director will assess LabConnect’s current maturity, identify gaps, and establish the roadmap, governance processes, and cross-functional operating discipline needed to strengthen and evolve the control environment over time. The Senior Director will help build a sustainable foundation for audit readiness and ongoing alignment across key regulatory, privacy, and quality frameworks, including SOC 2, HIPAA, GDPR, and FDA 21 CFR Part 11, while also establishing governance for the company’s increasing use of AI in internal operations and healthcare-related product capabilities. This includes creating policies, review processes, and risk controls for AI adoption with attention to privacy, security, transparency, validation, and applicable healthcare regulatory expectations. Essential Duties And Responsibilities

• Define and oversee governance, risk, and compliance policies for modern access, endpoint, and virtual desktop environments, including secure approaches that support bring-your-own-device and remote work models.
• Assess the organization’s current-state controls, documentation, and operating practices across relevant frameworks, including SOC 2, HIPAA, GDPR, and FDA 21 CFR Part 11. Develop the strategy, roadmap, and governance processes needed to close gaps, strengthen compliance maturity, and support ongoing audit readiness and sustained regulatory alignment.
• Develop the governance framework, risk controls, and review processes needed to support LabConnect’s transition to AI-enabled internal workflows and product capabilities. Establish practical standards for acceptable AI use, model and vendor oversight, data handling, human review, auditability, and ongoing monitoring, with particular attention to HIPAA requirements for protected health information, the NIST AI Risk Management Framework, and FDA considerations where AI functionality may affect regulated healthcare use cases.
• Establish and enhance data protection controls, including data classification, monitoring, and loss prevention practices, to reduce risk and protect sensitive information across collaboration and operational platforms.
• Evaluate and monitor the compliance and security posture of external partners, vendors, and service providers that support business-critical and regulated processes.
• Partner with technology, quality, legal, privacy, and business leaders to embed compliance, validation, and risk management into operating processes in a manner that supports both operational rigor and organizational agility. Align IT controls, risk management, and audit readiness with validation requirements to ensure coordinated compliance with regulations such as FDA 21 CFR Part 11.

Education And Experience

• Bachelor’s degree in computer science, engineering, information systems, or a related field required; advanced degree preferred.
• 10+ years of progressive experience in IT security, compliance, risk management, or GRC leadership roles, ideally within a high-growth, cloud-enabled, or highly regulated environment.
• Demonstrated expertise in major security and privacy frameworks and standards, such as SOC 2, ISO 27001, HIPAA, and GDPR, along with practical knowledge of AI governance and healthcare AI compliance considerations.
• Experience applying risk-based controls to AI use cases, including privacy safeguards, vendor oversight, auditability, and model governance, is strongly preferred.
• Strong executive presence and the ability to influence stakeholders across technical, operational, and business functions.

Skills And Ability

• Ability to communicate complex risk, compliance, and security matters clearly to senior leadership, auditors, clients, and cross-functional stakeholders.
• Demonstrated success building credibility and leading in environments where technology, operations, and business processes are tightly interconnected.
• Experience establishing or enhancing governance models that improve decision quality, accountability, prioritization, and cross-functional alignment.
• Strong executive presence and the ability to build credibility with senior leaders as well as frontline operators and functional partners.
• Excellent communication skills, including the ability to translate complexity into clear, concise messages tailored to technical, operational, and executive audiences.
• Sound judgment and high initiative in ambiguous environments, with the capacity to create structure, momentum, and alignment quickly.
• A track record of influencing outcomes through collaboration, credibility, and thoughtful organizational leadership.
• The ability to balance strategic leadership with selective hands-on engagement in high-priority initiatives.

Supervisory Responsibilities: Director Physical Demands: While performing the duties of this job, the occupant is regularly required to:

• Prolonged periods of sitting at a desk and working on a computer.
• Prolonged use of computer and headphones for conference calls.
• Communicate effectively via phone, video, and email.
• Use hands and fingers to operate a computer and other office equipment.
• Occasional travel may be required for meetings, audits, or company events.

Travel Requirements: Minimal Join our team and discover how your work can impact patients' lives around the world! Some of the Perks our LabConnectors Love:

• Financial Security (Base Pay, 401k Match and Possible Annual Bonus Eligibility)
• Health Benefits beginning on date of hire
• PTO plan, plus 11 Paid Company Holidays, and 1 Day to Volunteer in your community
• Short and Long-Term Disability, Life Insurance, and AD&D
• We celebrate our differences, which enriches our culture!

In addition to great perks and challenging work assignments, we invest in our people with career growth opportunities, globally. We believe in a friendly and collaborative environment with open lines of communication. While living out our values of People First, Quality Focused, Customer Centered, Technology Driven, and Accountability Always. We are proud to be an Equal Employment Opportunity Employer and value the diversity of our workforce. We do not discriminate on the basis of race, gender, age, disability, religion, sexual orientation, or any other protected characteristic. To learn more about equal employment opportunity, please view the posters here: https://www.dol.gov/agencies/whd/posters LabConnect also prioritizes the privacy and security of your personal data. All candidate information is handled in accordance with General Data Protection Regulation (GDPR). To learn more, please review our Privacy Notice on our website, by navigating to https://www.labconnect.com/ If you need assistance to complete your job application, search for a job opening, or submit an online application at LabConnect, please email [email protected] or call +1 (423) 722-3155. Apply tot his job Apply To this Job