GRC / Technical Controls Analyst II
About The Position
Life changing therapies. Global impact. Bridge to thousands of biopharma companies and their patients. We are PCI. Our investment is in People who make an impact, drive progress and create a better tomorrow. Our strategy includes building teams across our global network to pioneer and shape the future of PCI. Position Summary The GRC / Technical Controls Analyst will manage PCI Pharma's cybersecurity governance, risk, and compliance program with specific focus on pharmaceutical regulatory requirements. This role bridges technical security controls with business compliance needs, ensuring the organization meets GxP, FDA 21 CFR Part 11, and industry security standards while supporting audit activities and risk management initiatives.
Requirements
- Bachelor's degree in Information Security, Risk Management, or related field
- 4+ years of experience in GRC, security compliance, or audit roles
- Strong knowledge of security frameworks (NIST CSF, ISO 27001, CIS Controls)
- Experience with pharmaceutical regulations (21 CFR Part 11, GxP, Annex 11)
- Proficiency in controls testing and evidence collection
- Experience with risk assessment methodologies
- Strong documentation and technical writing skills
- Excellent communication skills for audit and stakeholder interactions
- Project management capabilities for compliance initiatives
Nice To Haves
- CISA, CRISC, or CGEIT certification
- Direct pharmaceutical or life sciences industry experience
- Experience with GRC platforms (ServiceNow GRC, Archer, OneTrust)
- Knowledge of SOX IT general controls
- HITRUST or healthcare compliance experience
- Experience with vendor risk management programs
Responsibilities
- Develop and maintain cybersecurity policies, standards, and procedures aligned with pharmaceutical regulations
- Manage technical controls auditing across 150+ applications and systems quarterly
- Coordinate GxP computer system validation activities with Quality Assurance team
- Conduct risk assessments for new systems, vendors, and business initiatives
- Maintain compliance evidence and documentation for regulatory audits (FDA, EMA)
- Lead internal security control assessments and gap remediation tracking
- Support third-party/vendor cyber risk management including security questionnaires and assessments
- Develop and track key risk indicators (KRIs) and security metrics
- Coordinate with external auditors and manage audit finding remediation
- Maintain security control framework mapping (NIST CSF, ISO 27001, SOC 2)
- Review and approve security exceptions with appropriate risk documentation
- Support business continuity and disaster recovery compliance requirements
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
