Information Security GxP Specialist

What you will do

Let's do this. Let's change the world. In this lead role you will support the GRC Governance / Policy & Audit team working closely with Technology teams to help ensure that GxP controls are in place, GxP deviations are managed and monitored, and security standards are met. The GxP Specialist will assist in owning and maintaining GxP deviation records, performing GxP assessments, managing controlled documents, and supporting regulatory compliance efforts.

Roles & Responsibilities:

GxP Governance Leadership:

Support the GRC organization in leading a team of GxP and/or policy analysts performing tasks related to governance, GxP deviation management, document management, and policy exception processes.

GxP Deviation and CAPA Management

• Manage and own technology related GxP deviations, CAPA, and CAPA-EV records
• Manage GxP reporting and monitoring metrics for Technology/IT records
• Collaborate with record owners and QA to ensure timely record resolution
• Assist in the identification and evaluation of risks associated with GxP deviation records.
• Identify and support new record owners across IT/Technology (e.g. office hours, ad-hoc meetings, document management support).
• Attend enterprise network meetings as needed to represent the Technology / IT function.

GxP Deviation Monitoring and Improvements:

• Recommend deviation management improvement strategies across Technology/IT.
• Collaborate with Quality, IT application, cybersecurity, and business teams to supervise and resolve identified risks and vulnerabilities associated with deviations and CAPA's.
• Assist in conducting CAPA applicability assessments, time studies, and related initiatives to identify impacts and improvement opportunities in IT systems, processes, and policies.
• Supervise, monitor, and report on the efficiency of existing GxP records, trends, and recommend improvements as needed.

Governance and Regulatory Support:

• Ensure compliance with relevant industry standards and regulatory requirements (e.g., GxP, GDPR, SOX, NIST).
• Assist in proactive measures to facilitate compliance, such as collaborating with stakeholders to initiate periodic reviews
• Assist in the preparation for audits and inspections by internal and external parties, providing documentation and evidence of IT GxP deviation management practices.
• Support the development and implementation of IT governance, risk, and compliance frameworks and continuous improvements.
• Support the development and implementation of IT governance, risk, and compliance policies as well as supporting documentation, and their continuous improvements.
• Track and monitor document reviews, and support document owners to ensure timely periodic review completion.

What we expect of you

We are all different, yet we all use our unique contributions to serve patients. The GxP security professional we seek is collaborative and action-oriented with these qualifications.

Basic Qualifications:

• 5+ years of experience in IT GxP deviation management, IT quality management, IT auditing, or information security.
• Hands-on experience with deviation management tools and associated frameworks (e.g., ISO 27001, NIST, COBIT).
• Master's degree and 4 to 6 years of information technology, Cybersecurity, Risk Management, or a related field experience OR
• Bachelor's degree and 6 to 8 years of information technology, Cybersecurity, Risk Management, or a related field experience OR
• Diploma and 10 to 12 years of information technology, Cybersecurity, Risk Management, or a related field experience

Preferred Qualifications:

• Good understanding of GxP deviation management, controlled document management, IT infrastructure & systems, and security standard methodologies.
• Ability to assess technical and business risk related to information systems.
• Excellent problem-solving, analytical, and communication skills.
• Ability to communicate complex GxP and risk concepts to non-technical collaborators.
• Familiarity with regulatory frameworks and compliance standards (e.g., GxP, GDPR, HIPAA, SOX).

Technical Knowledge

• Proficiency with GxP deviation management tools, GRC (Governance, Risk, and Compliance) software, controlled document management tools, enterprise change management tools, and security incident management tools.
• Experience with security controls related to networks, databases, and cloud environments.