Job Description

Job Summary:  

The IT Compliance Expert is responsible for ensuring that the organization’s IT systems, policies, and procedures meet regulatory, industry, and internal compliance requirements. This role will lead initiatives related to IT compliance, risk management, audit readiness, and process improvement -focusing on regulatory frameworks such as 21 CFR Part 11, ISO 27001, NIST, ITSM, and ITIL.

This position reports to the Director of IT and will be based in Glen Rock, PA.

Essential Functions:

• Develop, implement, and maintain IT compliance programs aligned with 21 CFR Part 11, ISO 27002, NIST, and other relevant standards.
• Collaborate with QA, and business units to ensure regulatory requirements are integrated into IT operations, applications, and infrastructure.
• Lead and support IT compliance assessments, gap analyses, internal audits, and remediation planning.
• Maintain and continuously improve policies and procedures that support compliance, data integrity, system validation, change management, access controls and operational efficiencies.
• Guide ITSM and ITIL-based process improvements to enhance service quality, traceability, and regulatory alignment.
• Develop our IT project management methodology and process.
• Provide subject matter expertise during audits, inspections, and regulatory reviews.
• Oversee compliance documentation, training, and records management.
• Promote a culture of accountability and continuous improvement through training and awareness programs. 
• Monitor regulatory changes and assess their impact on IT systems and controls.
• Drive continuous improvement initiatives to ensure operational efficiency and risk reduction.
  • Coordinate with project teams to ensure compliance is embedded in the project lifecycle (validation, risk assessment, change control).
  • Along with IT management, update regulatory and security policies and procedures based on the latest industry standards and best practices.
  • Provide strategic advice to senior management of IT governance and compliance matters.
  • Partner with cross function groups to oversee computer systems validation (CSV) activities in accordance with GxP and FDA regulations.  

Additional Responsibilities:

Performs other duties and responsibilities as assigned. 

Job Specifications:

• Bachelor’s degree in computer science, or a related field (relevant certifications may be considered in lieu of a degree).  
• Minimum of 5-7 years of experience in IT compliance, audit, or information security within a regulated industry (e.g., life sciences, healthcare, or manufacturing).
• Proven knowledge of 21 CFR Part 11, ISO/IEC 27001, NIST series, GxP, and data integrity standards.
• Hands-on experience with **ITSM tools** and frameworks like **ITIL v3/v4**.
• Strong understanding of system validation, access management, incident response, and documentation controls.
• Familiarity with cloud platforms (e.g., Azure, AWS) and compliance impacts.
• Effective communication and interpersonal skills—able to explain regulatory concepts to both technical and non-technical audiences.
• Experience with project management practices; PMP, Agile or CAPM certification is a plus.
• Experience with disaster recovery planning and testing. 
• Experience with cybersecurity incident response.
• Strong communication skills, including the ability to communicate complex technical concepts to non-technical stakeholders. 
• Relevant certifications (e.g., CISSP, CISA, ITIL, ISO 27001 Lead Implementer) are highly desirable.

***Company does not support sponsorship***