Director, IT – Governance, Risk & Compliance at Zentalis Pharmaceuticals | Hybrid Hired

About the role

Director of IT Governance, Risk & Compliance at Zentalis Pharmaceuticals developing GRC strategies. Leading compliance for FDA regulations in a clinical-stage biotech environment.

Responsibilities

Own and continuously evolve the IT governance framework aligned with COBIT, ITIL, or equivalent standards; set multi-year roadmap for IT GRC maturity.
Establish, maintain, and enforce IT policies, standards, and procedures in alignment with business objectives and regulatory requirements.
Lead the IT Governance Committee; prepare Board-and executive-level reporting on governance posture, KPIs, and strategic risk.
Drive IT portfolio governance to ensure alignment of technology investments with enterprise strategy and risk appetite; partner with Finance on IT spend decisions.
Lead the enterprise IT risk management lifecycle: identification, assessment, treatment, monitoring, and reporting.
Maintain and continuously update the IT risk register; escalate critical risks to senior leadership and the Board, as appropriate.
Partner with business units to conduct risk-based vendor and third-party assessments for critical technology partners and SaaS providers.
Own and manage IT compliance programs across GxP (21 CFR Part 11, Annex 11), SOX ITGCs, HIPAA, NIS2 Directive, and applicable data privacy regulations (GDPR, CCPA, when applicable).
Serve as the primary IT point of contact for internal and external auditors; coordinate IT audit requests, responses, and remediation.
Lead IT General Controls testing and documentation for SOX compliance cycles; partner with Finance and External Audit.
Participate in GxP computer system validation (CSV) oversight in coordination with QA — including URS, IQ/OQ/PQ documentation, and periodic reviews.
Track and drive closure of all IT audit findings, control deficiencies, and corrective and preventative actions (CAPAs).
Develop and maintain the IT policy library; ensure timely review cycles and version control.
Drive an IT compliance awareness culture through training programs, communications, and onboarding curriculum.
Advise IT project teams and technology owners on control requirements during system design and implementation.

Requirements

Required Bachelor's degree in Information Technology, Computer Science, Life Sciences, or a related field; Master's degree strongly preferred.
12+ years of progressive IT GRC, IT audit, or IT compliance experience, with at least 5 years in a biotech, pharmaceutical, or medical device environment.
Minimum 4 years of people management experience, including managing managers or senior individual contributors.
Deep expertise in FDA 21 CFR Part 11, GxP computer system validation (CSV), and SOX IT General Controls.
Proven track record managing IT audit processes and working directly with external auditors (Big 4 preferred) and regulatory agencies.
Strong knowledge of IT risk management frameworks (NIST CSF, ISO 27001/27002, COBIT) and demonstrated ability to set and execute multi-year GRC strategy.
Preferred Master's degree in Information Systems, Business Administration, or a related discipline.
Professional certifications: CISA, CRISC, CGEIT, CISSP, or CIPP.
Experience with cloud GRC platforms (ServiceNow GRC, Archer, Vanta, Drata) and validated cloud environments (AWS, Azure, GCP).
Familiarity with HIPAA/HITECH, NIS2 Directive, GDPR, and CCPA compliance in a clinical or research setting.
Prior experience supporting IND/NDA/BLA submissions or FDA facility inspections.
Experience standing up a GRC function or program from an early-stage maturity baseline.

Similar roles

Browse all Compliance jobs

1 hour ago

DE

VAT Compliance Manager

Deloitte

Manager for Deloitte Luxembourg's VAT Compliance department overseeing high - quality compliance services for international clients. Leading client interactions and supporting junior staff development.

Onsite Role

Luxembourg Luxembourg Compliance

6 hours ago

NV

Compliance Intern

Ninja Van

Compliance Intern involved in monitoring medicine inventory and supporting clinic roles. Responsibilities include documentation, compliance checks, and data organization.

Hybrid Role

Taguig Philippines Compliance

8 hours ago

II

Senior Regulatory Compliance Analyst

Instant Impact

Senior Regulatory Compliance Analyst supporting the delivery of regulatory compliance framework in a leading global Financial Services firm. Contributing to compliance reporting and maintaining governance policies across jurisdictions.

Hybrid Role

London United Kingdom Compliance

£55,000 - £57,000 per year

9 hours ago

ST

Environmental Regulatory Specialist

Stantec

Join Stantec as an Environmental Regulatory Specialist in Atlantic Canada. Collaborate with a multi - disciplinary team supporting environmental assessment and permitting across various industries.

Hybrid Role

Dartmouth Canada Compliance

12 hours ago

MS

Executive Director, Regulatory Affairs Liaison

MSD

Executive Director, Regulatory Affairs Liaison driving the strategy for ophthalmology drug development in General Medicine. Leading a team and ensuring regulatory objectives align with development and commercialization priorities.

Hybrid Role

Rahway United States Compliance

$231,900 - $365,000 per year

12 hours ago

NU

Compliance Analyst, Licensing & Risks

Nuvei

Compliance Analyst managing licensing obligations for Nuvei, focusing on regulatory compliance across U.S. and Canada jurisdictions. Collaborating with internal teams for timely applications and renewals.

Hybrid Role

Bogotá Colombia Compliance

13 hours ago

OG

Compliance Services Manager – FTC, 8 months

Ogier

Compliance Services Manager overseeing Schedule 2 compliance for various clients. Collaborating with client - facing teams and ensuring adherence to the Jersey compliance requirements.

Hybrid Role

St Helier Jersey Compliance

13 hours ago

RB

Compliance Specialist, Bilingual

RBC

Associate, Compliance Specialist managing high quality client experiences for Commercial Clients at RBC. Serving as SME for margin and covenant processes in commercial banking.

Onsite Role

Montréal Canada Compliance

19 hours ago

BO

License Compliance Intern

Boomi

License Compliance Intern at Boomi helping customers comply with license agreements. Analyzing business data and supporting compliance audits in a dynamic work environment.

Hybrid Role

Vancouver Canada Compliance

CA$17 - CA$25 per hour

19 hours ago

DO

Compliance Specialist

Dominium

Compliance Specialist managing compliance functions for a diverse portfolio of affordable housing units. Ensuring adherence to federal, state, and local regulations in affordable housing.

Hybrid Role

Atlanta United States Compliance