Senior Director, GxP Systems

About The Position

Requirements

• Bachelor’s degree in Computer Science, Computer Engineering, Information Technology, Life Sciences, or a related field. Advanced degree (MBA, MS) preferred.
• 12+ years of progressive experience in IT GxP compliance, computer system validation, software quality assurance, or IT governance within the pharmaceutical, biotechnology, or medical device industries, with at least 5 years in a senior or leadership capacity (Director level or above).
• Demonstrated experience building or scaling a CSV/CSA program within a regulated life sciences environment, ideally at a clinical-stage or pre-commercial biotech company.
• Deep working knowledge of global regulatory requirements for computerized systems including 21 CFR Part 11, EU Annex 11, GAMP 5, ICH guidelines, data integrity (ALCOA+), and FDA’s CSA guidance.
• Hands-on experience leading or supporting regulatory agency inspections (FDA, EMA, MHRA) as an IT SME, with a track record of successful inspection outcomes.
• Strong experience in validation lifecycle management for SaaS, cloud-based, and on-premises GxP applications including QMS, CTMS, eTMF, safety, RIMS, ERP, and supply chain systems.
• Proven track record managing third-party risk and vendor oversight programs for technology providers, including supplier assessments, audits, and contract negotiations.
• Experience supporting SOX IT General Controls and participating in internal and external audits.
• Excellent communication and stakeholder management skills, with the ability to translate complex regulatory and technical concepts for non-technical audiences, including executive leadership and Board members.
• Self-directed and highly motivated, with the ability to operate effectively in a lean, fast-paced organization and balance strategic leadership with hands-on execution.

Nice To Haves

• Experience with Veeva Vault, ServiceNow, Veeva RIMS, or similar enterprise GxP platforms.
• Industry certifications such as GAMP, PMP, ITIL, CISA, or ASQ certifications (e.g., CSQE, CQA).
• Experience managing distributed or global teams and coordinating with international regulatory counterparts.
• Knowledge of AI/ML governance and its intersection with GxP data integrity and validation requirements.

Responsibilities

• Build and lead the enterprise IT Computer System Validation (CSV) and Computer Software Assurance (CSA) program from the ground up, establishing risk-based validation methodologies aligned with GAMP 5, 21 CFR Part 11, EU Annex 11, and ICH guidelines.
• Define and implement validation lifecycle governance including system risk assessments, validation planning, requirements specifications, testing protocols, traceability matrices, validation reports, and periodic reviews for all GxP-regulated systems.
• Develop, author, and maintain IT GxP policies, standard operating procedures (SOPs), and work instructions that provide regulatory requirements interpretation and operational direction to the organization.
• Oversee the validation and ongoing compliance of enterprise GxP applications including, but not limited to, QMS, CTMS, CDMS, eTMF, safety/pharmacovigilance, RIMS, LIMS, ERP, and supply chain systems.
• Lead the transition from traditional CSV to a modern, risk-based CSA approach consistent with FDA’s 2022 draft guidance on Computer Software Assurance, ensuring the organization adopts efficient and inspection-ready practices.
• Establish metrics and Key Performance Indicators (KPIs) for the validation program to identify opportunities and drive continuous improvement.
• Serve as the IT subject matter expert (SME) for all regulatory agency inspections (FDA, EMA, MHRA, PMDA, and other global health authorities), ensuring inspection readiness across IT systems, data integrity controls, and validation documentation.
• Partner with Quality Assurance and Regulatory Affairs to ensure alignment of IT practices with GxP requirements, including data integrity (ALCOA+ principles), electronic records, and electronic signatures.
• Lead IT compliance activities supporting SOX IT General Controls (ITGCs) related to validated systems, including access management, change management, and security monitoring.
• Conduct gap analyses for new and existing (legacy) systems and develop remediation plans to address compliance findings and support the company’s Inspection Readiness Program.
• Monitor and interpret changes in global regulations and guidance documents (FDA, EMA, MHRA, ICH, PIC/S, WHO) and proactively adapt IT compliance practices to maintain continuous regulatory alignment.
• Support internal audits and manage CAPAs related to IT GxP findings, driving root cause analysis and timely remediation.
• Develop and execute IT vendor audit programs, including supplier assessments, qualification questionnaires, and on-site or remote audits of technology vendors and service providers.
• Ensure appropriate security, privacy, and validation requirements are incorporated into vendor contracts and service-level agreements in partnership with Procurement and Legal.
• Serve as the IT relationship owner for GxP technology vendors, defining and managing SLAs, performance metrics, and escalation procedures.
• Serve as the IT Business Partner for Regulatory, Quality Assurance, Clinical Operations, Pharmacovigilance, Technical Operations, Supply Chain, and Manufacturing teams in support of all GxP-regulated system implementations.
• Contribute to the short- and long-term strategic planning for the IT department, including resource planning, budgeting, and asset management for the GxP systems function.
• Partner with the Cybersecurity lead to ensure alignment between GxP data integrity requirements and the company’s cybersecurity and data privacy programs.