Director, IT Risk & Compliance

Company Description

At EVERSANA, we are proud to be certified as a Great Place to Work across the globe. We’re fueled by our vision to create a healthier world. How? Our global team of more than 7,000 employees is committed to creating and delivering next-generation commercialization services to the life sciences industry. We are grounded in our cultural beliefs and serve more than 650 clients ranging from innovative biotech start-ups to established pharmaceutical companies. Our products, services and solutions help bring innovative therapies to market and support the patients who depend on them. Our jobs, skills and talents are unique, but together we make an impact every day. Join us!

Across our growing organization, we embrace diversity in backgrounds and experiences. Improving patient lives around the world is a priority, and we need people from all backgrounds and swaths of life to help build the future of the healthcare and the life sciences industry. We believe our people make all the difference in cultivating an inclusive culture that embraces our cultural beliefs.  We are deliberate and self-reflective about the kind of team and culture we are building. We look for team members that are not only strong in their own aptitudes but also who care deeply about EVERSANA, our people, clients and most importantly, the patients we serve. We are EVERSANA.  

Job Description

The Director, IT Risk & Compliance is responsible for leading and managing the company's information security and technology risk management program. The Director will lead efforts to maintain compliance with relevant regulations, standards, and frameworks This role will play a critical part in identifying, assessing, and mitigating risks across the organization's IT infrastructure, applications, and data. The successful candidate will possess a strong understanding of industry best practices, regulatory requirements (e.g., SOX, HIPAA, GDPR), and emerging threats.

ESSENTIAL DUTIES AND RESPONSIBILITIES:
Our employees are tasked with delivering excellent business results through the efforts of their teams.  These results are achieved by:

• Manage and mentor a team of risk analysts and security professionals.
• Develop and maintain a comprehensive Enterprise IS/IT Risk Management framework, including risk assessments, threat modeling, and vulnerability management.
• Conduct regular risk assessments across the organization, including business impact analyses (BIA) and threat and vulnerability assessments (TVAs).
• Oversee the implementation of risk mitigation controls and monitor their effectiveness.
• Develop and maintain key risk indicators and key performance indicators (KPIs) to track and measure risk levels.
• Advise senior management on risk-related decisions and provide recommendations for improving the company's overall security posture.
• Stay abreast of emerging threats and vulnerabilities and advise on appropriate countermeasures.
• Collaborate with internal and external stakeholders, including IT, legal, compliance, and business units.
• Ensure compliance with relevant industry regulations and standards.
• Participate in incident response activities and post-mortem analysis.
• Develop and deliver presentations and reports to senior management and the Board of Directors.
• Ensure compliance with applicable laws, regulations, and industry standards.
• Develop and maintain IT policies, procedures, and standards.
• Conduct internal and external audits to assess compliance.
• Manage relationships with external auditors and regulatory bodies.
• Stay abreast of changes in regulatory requirements and industry best practices.
• Demonstrate a commitment to diversity, equity, and inclusion through continuous development, modeling inclusive behaviors, and proactively managing bias.
• All other duties as assigned.

Consistent with the Americans with Disabilities Act (ADA) and applicable state and local laws, it is the policy of EVERSANA to provide reasonable accommodation when requested by an employee with a disability, unless such accommodation would cause an undue hardship for EVERSANA. If reasonable accommodation is needed to perform the essential functions of your job position, please contact Human Resources.

PEOPLE LEADER:

People leaders must possess both the skills to effectively accomplish these tasks and the emotional intelligence to do so in alignment with our cultural values.  In addition to the critical management and leadership tasks listed above, this role also includes the following unique responsibilities:

• Responsible for and oversee their respective department.
• Interview, select and supervise the activities of the department staff; communicate interpret and discuss with team the company policies and procedures.
• Determine job objectives, work methods and performance standards; review performance relative to departmental objectives discussion appraisal with each employee and performance; authorize and communicate salary changes, promotions, transfers, discipline, and discharge and administer all other personnel actions.

EXPECTATIONS OF THE JOB:

• Travel (10-20%)
• Hours (40-45 hours per week, Monday through Friday)

The above list reflects the general details necessary to describe the expectations of the position and shall not be construed as the only expectations that may be assigned for the position.

An individual in this position must be able to successfully perform the expectations listed above.

Qualifications

MINIMUM KNOWLEDGE, SKILLS AND ABILITIES:

The requirements listed below are representative of the experience, education, knowledge, skill and/or abilities required.

• Bachelor's degree in Computer Science, Information Systems, or a related field.
• 10+ years of experience in information security and risk management roles, with at least 5 years in a leadership position.
• Proven experience in developing and implementing enterprise-wide risk management frameworks.
• Strong understanding of industry best practices, regulatory requirements (e.g., SOX, HIPAA, GDPR), and emerging threats.
• Experience with risk assessment methodologies, including threat modeling, vulnerability scanning, and penetration testing.
• Excellent analytical and problem-solving skills.
• Strong leadership and mentoring skills.

PREFERRED QUALIFICATIONS:

• Strong communication and presentation skills, with the ability to effectively communicate complex technical information to both technical and non-technical audiences.  
• Ability to work independently and as part of a team.
• Experience with GRC tools and technologies a plus.
• Relevant industry certifications (e.g., CISSP, CISM, CRISC) preferred.

PHYSICAL/MENTAL DEMANDS AND WORKING ENVIRONMENT:

The physical and mental requirements along with the work environment characteristics described here are representative of those an individual encounters while performing the essential functions of this position.

Office: While performing the essential functions of this job the employee is frequently required to reach, grasp, stand and/or sit for long periods of time (up to 90% of the shift), walk, talk and hear; occasionally required to lift and/or move up to 25 pounds. The noise level in the work environment is usually moderately quiet, with frequent interruptions and multiple demands.

Additional Information

OUR CULTURAL BELIEFS:

Patient Minded I act with the patient’s best interest in mind.

Client Delight I own every client experience and its impact on results.

Take Action I am empowered and empower others to act now.

Grow Talent I own my development and invest in the development of others. 

Win Together I passionately connect with anyone, anywhere, anytime to achieve results.

Communication Matters I speak up to create transparent, thoughtful and timely dialogue.

Embrace Diversity I create an environment of awareness and respect.

Always Innovate I am bold and creative in everything I do.

Our team is aware of recent fraudulent job offers in the market, misrepresenting EVERSANA. Recruitment fraud is a sophisticated scam commonly perpetrated through online services using fake websites, unsolicited e-mails, or even text messages claiming to be a legitimate company. Some of these scams request personal information and even payment for training or job application fees. Please know EVERSANA would never require personal information nor payment of any kind during the employment process. We respect the personal rights of all candidates looking to explore careers at EVERSANA.

From EVERSANA’s inception, Diversity, Equity & Inclusion have always been key to our success. We are an Equal Opportunity Employer, and our employees are people with different strengths, experiences, and backgrounds who share a passion for improving the lives of patients and leading innovation within the healthcare industry. Diversity not only includes race and gender identity, but also age, disability status, veteran status, sexual orientation, religion, and many other parts of one’s identity. All of our employees’ points of view are key to our success, and inclusion is everyone's responsibility.

Consistent with the Americans with Disabilities Act (ADA) and applicable state and local laws, it is the policy of EVERSANA to provide reasonable accommodation when requested by a qualified applicant or candidate with a disability, unless such accommodation would cause an undue hardship for EVERSANA. The policy regarding requests for reasonable accommodations applies to all aspects of the hiring process. If reasonable accommodation is needed to participate in the interview and hiring process, please contact us at applicantsupport@eversana.com.

Follow us on LinkedIn | Twitter