Governance Risk & Compliance Specialist (Life Sciences, Remote)

Job summary

The Governance Risk & Compliance Specialist will play a key role in embedding information security within the organization by implementing and managing an Information Security Management System (ISMS) and ensuring compliance with relevant regulations. This position requires strong stakeholder management and the ability to translate security risks into business impacts.

Qualifications

• Several years of experience in information security, particularly within the life sciences sector.
• Proven track record of implementing and operating an ISMS using recognized frameworks such as ISO, NIST CSF, or CIS Controls.
• Strong skills in stakeholder management and advisory communication across various organizational levels.
• Experience in conducting risk assessments and maintaining risk registers, preferably using OneTrust.
• Familiarity with Third Party Risk Management practices, including vendor assessments and contractual security requirements.
• Foundational technical knowledge in identity, endpoints, cloud, and networking concepts.
• Interest in leveraging AI tools for productivity and understanding their security implications.

Responsibilities

• Coordinate and enhance the ISMS, ensuring compliance with NIS2 and FDA's 21 CFR Part 11.
• Advise stakeholders by translating security risks into actionable business recommendations.
• Develop and maintain information security policies and standards for daily operations.
• Establish a structured approach to Third Party Risk Management, focusing on vendor security assessments and risk scoring.
• Drive compliance with NIS2 by mapping obligations to controls and preparing governance reports.
• Support disaster recovery and business continuity planning, including documentation and exercise facilitation.
• Foster security awareness through targeted communication and presentations.

Skills

• Strong communication and presentation skills, capable of engaging diverse audiences.
• Proactive and collaborative mindset, with a focus on continuous improvement.

Education

• Relevant degree or equivalent experience in information security or a related field.

Tools

• Experience with OneTrust for risk management and compliance tracking.