Head of IT Governance, Risk, and Compliance (GRC)

LabConnect•Johnson City, TN

About The Position

LabConnect improves lives by partnering with pharmaceutical and biotech companies, and clinical research organizations (CROs) to accelerate the development of new medicines around the world. We are an independent, global, one-stop-shop focused on delivering Central Laboratory Services that are tailor-made, timely and flexible to meet the evolving study demands of traditional to increasingly complex trials. Additionally, we provide Functional Service Provider (FSP) Solutions, supporting our clients with scientific and technical expertise, acting as an extension of their team, coordinating all laboratory related needs, advising on strategies for lab data collection and providing end-to-end analytical and logistical solutions. The Senior Director, IT Governance, Risk, and Compliance (GRC) is responsible for developing and leading the company’s IT risk, compliance, and control strategy. The Senior Director will assess LabConnect’s current maturity, identify gaps, and establish the roadmap, governance processes, and cross-functional operating discipline needed to strengthen and evolve the control environment over time. The Senior Director will help build a sustainable foundation for audit readiness and ongoing alignment across key regulatory, privacy, and quality frameworks, including SOC 2, HIPAA, GDPR, and FDA 21 CFR Part 11, while also establishing governance for the company’s increasing use of AI in internal operations and healthcare-related product capabilities. This includes creating policies, review processes, and risk controls for AI adoption with attention to privacy, security, transparency, validation, and applicable healthcare regulatory expectations.

Requirements

Bachelor’s degree in computer science, engineering, information systems, or a related field required; advanced degree preferred.
10+ years of progressive experience in IT security, compliance, risk management, or GRC leadership roles, ideally within a high-growth, cloud-enabled, or highly regulated environment.
Demonstrated expertise in major security and privacy frameworks and standards, such as SOC 2, ISO 27001, HIPAA, and GDPR, along with practical knowledge of AI governance and healthcare AI compliance considerations.
Strong executive presence and the ability to influence stakeholders across technical, operational, and business functions.
Ability to communicate complex risk, compliance, and security matters clearly to senior leadership, auditors, clients, and cross-functional stakeholders.
Demonstrated success building credibility and leading in environments where technology, operations, and business processes are tightly interconnected.
Experience establishing or enhancing governance models that improve decision quality, accountability, prioritization, and cross-functional alignment.
Strong executive presence and the ability to build credibility with senior leaders as well as frontline operators and functional partners.
Excellent communication skills, including the ability to translate complexity into clear, concise messages tailored to technical, operational, and executive audiences.
Sound judgment and high initiative in ambiguous environments, with the capacity to create structure, momentum, and alignment quickly.
A track record of influencing outcomes through collaboration, credibility, and thoughtful organizational leadership.
The ability to balance strategic leadership with selective hands-on engagement in high-priority initiatives.

Nice To Haves

Experience applying risk-based controls to AI use cases, including privacy safeguards, vendor oversight, auditability, and model governance, is strongly preferred.

Responsibilities

Define and oversee governance, risk, and compliance policies for modern access, endpoint, and virtual desktop environments, including secure approaches that support bring-your-own-device and remote work models.
Assess the organization’s current-state controls, documentation, and operating practices across relevant frameworks, including SOC 2, HIPAA, GDPR, and FDA 21 CFR Part 11. Develop the strategy, roadmap, and governance processes needed to close gaps, strengthen compliance maturity, and support ongoing audit readiness and sustained regulatory alignment.
Develop the governance framework, risk controls, and review processes needed to support LabConnect’s transition to AI-enabled internal workflows and product capabilities. Establish practical standards for acceptable AI use, model and vendor oversight, data handling, human review, auditability, and ongoing monitoring, with particular attention to HIPAA requirements for protected health information, the NIST AI Risk Management Framework, and FDA considerations where AI functionality may affect regulated healthcare use cases.
Establish and enhance data protection controls, including data classification, monitoring, and loss prevention practices, to reduce risk and protect sensitive information across collaboration and operational platforms.
Evaluate and monitor the compliance and security posture of external partners, vendors, and service providers that support business-critical and regulated processes.
Partner with technology, quality, legal, privacy, and business leaders to embed compliance, validation, and risk management into operating processes in a manner that supports both operational rigor and organizational agility. Align IT controls, risk management, and audit readiness with validation requirements to ensure coordinated compliance with regulations such as FDA 21 CFR Part 11.

Benefits

Financial Security (Base Pay, 401k Match and Possible Annual Bonus Eligibility)
Health Benefits beginning on date of hire
PTO plan, plus 11 Paid Company Holidays, and 1 Day to Volunteer in your community
Short and Long-Term Disability, Life Insurance, and AD&D
career growth opportunities, globally
friendly and collaborative environment with open lines of communication

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume