Director, IS Governance, Risk and Compliance

Revolution MedicinesRedwood City, CA
Hybrid
Match Resume

About The Position

Revolution Medicines is a late-stage clinical oncology company developing novel targeted therapies for patients with RAS-addicted cancers. The company’s R&D pipeline comprises RAS(ON) inhibitors designed to suppress diverse oncogenic variants of RAS proteins. The company’s RAS(ON) inhibitors daraxonrasib (RMC-6236), a RAS(ON) multi-selective inhibitor; elironrasib (RMC-6291), a RAS(ON) G12C-selective inhibitor; zoldonrasib (RMC-9805), a RAS(ON) G12D-selective inhibitor; and RMC-5127, a RAS(ON) G12V-selective inhibitor, are currently in clinical development. As a new member of the Revolution Medicines team, you will join other outstanding professionals in a tireless commitment to patients with cancers harboring mutations in the RAS signaling pathway. The Opportunity: We are seeking an experienced and strategic leader to serve as Director, Information Sciences Governance, Risk & Compliance (IS GRC), reporting directly to the VP, IS Security, Risk, and Compliance. This person will be responsible for leading and maturing the IS GRC program, ensuring that IS governance processes, technology risk management practices, third-party risk management, and compliance activities effectively support business objectives and protect the organization. As a key leader within Information Sciences, this individual will partner closely with Security, Infrastructure, Enterprise Applications, Data & Analytics, Legal, Privacy, Quality, Finance, HR, Procurement, and other cross-functional stakeholders to establish a scalable and pragmatic IS GRC framework. They will help the organization navigate a dynamic regulatory, technology, and business environment by strengthening controls, driving compliance readiness, improving risk visibility, managing third-party risk, and enabling informed decision-making across IS. This role is ideal for a leader who can balance strategic program development with operational execution, build trusted partnerships across the organization, and translate regulatory, technical, and control requirements into practical processes that enable the business.

Requirements

  • Bachelor’s degree or equivalent and a minimum of 10+ years of experience in Information Technology, Information Sciences, governance, risk management, compliance, internal audit, cybersecurity compliance, or related functions, including leadership experience in a regulated industry.
  • Proven track record of building, managing, and scaling IS or IT GRC programs in complex organizations.
  • Experience partnering across IS, security, legal, privacy, quality, procurement, finance, and business teams to drive risk-informed and compliant technology practices.
  • Strong understanding of IT governance, technology risk management, internal controls, policy management, third-party risk management, and compliance operations.
  • Experience working in regulated environments and with relevant frameworks and requirements such as SOX, GxP, GDPR/CCPA, ISO 27001, HITRUST, cybersecurity, privacy, IT general controls, vendor risk management, and audit readiness, as applicable.
  • Experience supporting or leading control design, risk assessments, remediation activities, and audit or certification readiness efforts related to ISO 27001, HITRUST, or other relevant compliance frameworks.
  • Ability to translate regulatory, audit, and control requirements into practical, business friendly IS processes, standards, and guidance.
  • Entrepreneurial spirit; thrives in a fast-paced, high-growth, midsize company environment.
  • Comfortable handling ambiguity and navigating through evolving processes, priorities, and organizational needs.
  • Highly organized, with strong attention to detail and accuracy.
  • Committed to meeting and exceeding high standards for quality and continuous improvement.
  • Builds rapport and credibility as an effective strategic partner.
  • Fosters team collaboration, breaks down silos, and is able to influence without authority.
  • Skilled at conflict resolution, negotiation, and driving alignment across diverse stakeholder groups.
  • Acts with urgency and sound judgment. Enjoys enabling others and solving complex problems.
  • Ability to manage multiple initiatives, activities, and priorities simultaneously and autonomously.
  • Strong written and verbal communication, presentation, and facilitation skills, with the ability to distill complex information for senior leadership.

Nice To Haves

  • Master’s degree or equivalent in Information Technology, Business, Risk Management, Cybersecurity, or a related field.
  • Relevant certifications such as CISA, CISM, CRISC, CISSP, CGEIT, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, HITRUST CCSFP, or similar are preferred.
  • Experience leading or supporting ISO 27001 and/or HITRUST implementation, certification, surveillance, or readiness programs is strongly preferred.
  • Experience leading or supporting IT/IS governance, cybersecurity compliance, privacy, audit, or risk programs in the pharmaceutical, biotechnology, life sciences, or other highly regulated industries.
  • Experience with third-party risk management, policy governance platforms, GRC tooling, control automation, and audit management solutions is a plus.
  • Experience developing and operationalizing IS policies, standards, procedures, and control frameworks across enterprise applications, infrastructure, cloud environments, and data platforms is desirable.
  • Experience developing executive-level reporting and dashboards for IT or IS risk and compliance programs is desirable.
  • Experience standing up or maturing enterprise IT governance, security governance, third-party risk management, or technology compliance monitoring programs is a plus.
  • Experience working with cross-functional stakeholders to align security, privacy, compliance, and business requirements into scalable operational processes is preferred.

Responsibilities

  • Lead and evolve the Information Sciences Governance, Risk & Compliance program, including policies, standards, risk frameworks, compliance processes, and reporting.
  • Develop, implement, and maintain governance structures, policies, standards, and procedures to support IS objectives, regulatory obligations, and internal accountability.
  • Establish and manage processes to identify, assess, prioritize, track, and report key IS, cybersecurity, data, third-party, and operational risks. Partner with stakeholders to develop mitigation and remediation plans.
  • Lead and mature the third-party risk management program for Information Sciences, including risk assessment and oversight of vendors, service providers, and technology partners. Partner with Procurement, Legal, Security, Privacy, and business stakeholders to evaluate third-party controls, contractual requirements, and remediation plans to ensure third-party services meet company risk and compliance expectations.
  • Oversee IS compliance initiatives related to applicable laws, regulations, contractual obligations, and internal policies. Coordinate control assessments, compliance reviews, and readiness efforts for audits and inspections.
  • Partner with IS and business teams to design, document, evaluate, and improve IT and IS-related controls and monitor their effectiveness over time.
  • Drive the development, review, communication, and maintenance of IS policies, standards, baselines, and related procedures to ensure consistency, usability, and alignment with company requirements.
  • Coordinate and support internal and external audits, risk assessments, and evidence requests related to Information Sciences systems, processes, and controls. Track observations and corrective actions through closure.
  • Build strong relationships across the business to understand technology risks, compliance obligations, and operational challenges, and to promote a culture of accountability and continuous improvement.
  • Develop meaningful dashboards, metrics, and executive reporting to communicate IS program health, compliance posture, risk trends, and remediation progress to senior leadership.
  • Promote awareness of IS governance, risk, and compliance responsibilities across Information Sciences and the broader organization through communication, training, and stakeholder engagement.
  • Stay informed about emerging regulations, industry trends, and best practices in IT/IS governance, cybersecurity compliance, privacy, and risk management, and incorporate them into program enhancements.
  • Coordinate with existing service delivery teams in Information Sciences to ensure that high levels of service and support are maintained.

Benefits

  • competitive cash compensation
  • robust equity awards
  • strong benefits
  • significant learning and development opportunities

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Director

Job Search Resources

Similar Director, IS Governance, Risk and Compliance job opportunities

Director Governance Risk and Compliance
Advance Stores Company
Advance Stores Company • Raleigh, NC12d • Hybrid
Director Governance Risk and Compliance
Advance Auto Parts
Advance Auto Parts • Raleigh, NC13d • Hybrid
Governance Risk and Compliance Manager
The Timken Company
The Timken Company • North Canton, OH12d
Governance, Risk, and Compliance Engineer
Baker Botts
Baker Botts • Houston, TX7d • Hybrid
Governance, Risk and Compliance Analyst
Northeastern University
Northeastern University • Boston, MA5d • Hybrid
Governance, Risk, and Compliance Engineer
Baker Botts
Baker Botts • Austin, TX6d • Remote

Tools

Templates & Examples

Resources

Comparisons

Company

Over 4 Million Users
Free AI tools and resources to help you land your next job, faster
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service