Novotech Logo

Novotech

Associate Director IT Compliance

Posted 6 Days Ago
Be an Early Applicant
In-Office or Remote
2 Locations
Senior level
In-Office or Remote
2 Locations
Senior level
Lead global IT service delivery and Enterprise Service Management (ESM), manage regional service teams, own ServiceNow, enforce SLAs/KPIs, implement QA and compliance frameworks, oversee incident/problem/request/knowledge processes, drive continuous improvement and automation, manage budgets and stakeholder reporting, and ensure regulatory validated system adherence.
The summary above was generated by AI

About the Role 

The Associate Director, IT Compliance is responsible for organising, leading and continuously improving Novotech’s IT Compliance function across a global CRO environment. The role provides leadership for IT governance, compliance assurance, audit readiness, vendor and sponsor audit responses, ISMS governance, ISO/IEC 27001:2022 certification activities, and regulatory compliance guidance for GxP computerised systems.


Responsibilities: 

Leadership of the IT Compliance Function

  • Lead, organise and manage the global IT Compliance function, ensuring clear priorities, operating cadence, responsibilities, documentation standards and service expectations.
  • Act as the primary IT Compliance lead for technology governance, IT control assurance, IT audit readiness and regulatory support.
  • Maintain effective relationships with IT Operations, Information Security, Quality Assurance, Legal, Privacy, Clinical Systems, Business Operations and regional stakeholders.
  • Provide clear advice to IT and business teams on technology compliance obligations, risks, required evidence and remediation expectations.
  • Drive continuous improvement in IT compliance processes, templates, registers, control evidence, audit responses and stakeholder engagement.
  • Support development of IT Compliance capability, including mentoring team members, improving ways of working and ensuring continuity of critical compliance activities.

Vendor, Sponsor and Regulatory Audit Management

  • Manage and coordinate vendor, sponsor, client and regulatory reviews in relation to emerging AI and Machine Learning capabilities, as well as participate in strategy discussions related to AI
  • Continued Development of a compliance approach to emerging AI tools and capabiltities
  • Prepare, review and coordinate audit evidence, control narratives, system documentation, policy references, process descriptions and follow-up responses.
  • Represent IT Compliance in sponsor audits, vendor assessments, client due diligence activities and regulatory inspection support activities.
  • Coordinate with IT, QA, Legal, Privacy, Information Security and business system owners to ensure responses are accurate, consistent, timely and aligned with approved Novotech documentation.
  • Track audit observations, findings, commitments, corrective actions and preventive actions through to closure.
  • Maintain a reusable audit evidence library and standardised response materials to improve audit efficiency and consistency.
  • Support client-facing and internal control discussions covering IT governance, GxP systems, data integrity, system validation, information security controls, privacy controls and supplier oversight.

3. ISMS Governance and ISO/IEC 27001:2022 Certification

  • Manage and maintain Information Security Management System records, registers, evidence repositories and governance documentation.
  • Support the ongoing operation, monitoring and continual improvement of Novotech’s ISMS.
  • Guide IT and business stakeholders through ISO/IEC 27001:2022 certification, surveillance audit and recertification activities.
  • Maintain and coordinate documentation associated with the ISMS, including policies, procedures, work instructions, control evidence, risk records, audit records, management review inputs and improvement actions.
  • Support the development, maintenance and review of the Statement of Applicability, control mappings, ISMS scope, risk treatment activities and compliance evidence.
  • Coordinate ISMS internal audits, management review inputs, control performance reporting and remediation tracking.
  • Ensure ISMS records are accurate, complete, traceable, current and ready for internal or external audit review.
  • Partner with Information Security and IT Operations to ensure technical and organisational controls are appropriately documented, monitored and evidenced.

4. GxP and Computerised System Compliance Guidance

  • Provide guidance to IT, Quality Assurance, system owners and business process owners on regulatory compliance expectations for GxP computerised systems.
  • Support interpretation and practical application of relevant regulatory and industry expectations, including GxP, computerised system validation, data integrity, 21 CFR Part 11, EU Annex 11 and GAMP 5-aligned risk-based validation principles.
  • Advise on validation strategy, system risk assessments, vendor qualification, system classification, validation deliverables, periodic reviews and change control considerations.
  • Review or support preparation of compliance documentation for GxP systems, including validation plans, user requirements, traceability matrices, test evidence, validation reports, periodic reviews and supplier assessment records.
  • Support compliant adoption of SaaS and cloud-based systems by ensuring appropriate vendor assessment, qualification evidence, data protection assessment and risk-based validation activities are performed.
  • Provide compliance input into new system implementations, system changes, decommissioning activities, integrations and technology projects impacting regulated data or GxP processes.
  • Ensure technology teams understand the distinction between technical deployment, business process ownership, validation responsibility and quality approval expectations.

5. Governance, Risk and Control Assurance

  • Lead or support technology risk assessments for new and existing systems, vendors, services and IT processes.
  • Identify control gaps, compliance risks and documentation deficiencies, and work with accountable owners to define appropriate remediation or risk treatment plans.
  • Maintain effective IT compliance reporting for risks, audit findings, control performance, non-conformances and remediation status.
  • Contribute to IT governance forums, risk reviews, compliance committees and management review activities.
  • Support alignment between IT Compliance, Information Security, Quality Assurance, Privacy and enterprise risk management processes.
  • Ensure IT policies, procedures, standards and supporting records remain current, controlled and aligned with applicable regulatory, legal, contractual and certification obligations.

6. Vendor and Third-Party Compliance Oversight

  • Support supplier and vendor compliance assessments for technology vendors, cloud service providers, SaaS platforms and GxP-relevant suppliers.
  • Review supplier control evidence such as ISO certifications, SOC reports, validation documentation, security questionnaires, privacy documentation and contractual compliance requirements.
  • Assess vendor compliance risks, including hosting arrangements, data protection, cross-border data transfer considerations, security controls, validation expectations and supplier quality controls.
  • Support vendor requalification, periodic review and ongoing compliance monitoring activities.
  • Partner with Procurement, Legal, Privacy, Quality Assurance and system owners to ensure IT vendor compliance obligations are appropriately assessed and documented.

7. Documentation, Training and Business Guidance

  • Own or contribute to IT Compliance policies, SOPs, work instructions, templates, guidance materials and evidence packs.
  • Translate complex regulatory, security and quality requirements into practical, business-friendly guidance.
  • Provide training, coaching and awareness to IT and business stakeholders on IT compliance requirements, audit readiness, GxP system expectations and ISMS obligations.
  • Promote a culture of documentation quality, inspection readiness, risk awareness and continual improvement.
  • Ensure IT Compliance documentation is written clearly, maintained under appropriate document control and aligned with Novotech’s quality expectations.

Key Deliverables

  • Effective operation of the global IT Compliance function.
  • Timely, accurate and defensible IT responses to vendor, sponsor, client and regulatory audits.
  • Maintained and audit-ready ISMS records, evidence, registers and governance artefacts.
  • Successful support for ISO/IEC 27001:2022 certification, surveillance and recertification activities.
  • Clear compliance guidance for GxP systems, SaaS platforms, cloud services and technology projects.
  • Improved audit evidence reuse, response consistency and inspection readiness.
  • Well-maintained IT Compliance SOPs, work instructions, templates and control documentation.
  • Measurable tracking of IT compliance risks, findings, corrective actions and continual improvement initiatives.

Required Qualifications and Experience

  • Bachelor’s degree in Information Technology, Computer Science, Information Security, Quality, Life Sciences, Regulatory Compliance, or a related discipline.
  • Significant experience in IT compliance, technology risk, governance, information security, quality systems or regulated technology environments.
  • Experience working in a regulated industry such as clinical research, pharmaceutical, biotechnology, medical device, healthcare or life sciences.
  • Demonstrated experience supporting vendor, sponsor, client, regulatory or certification audits.
  • Practical knowledge of ISO/IEC 27001, preferably ISO/IEC 27001:2022.
  • Experience maintaining ISMS records, control evidence, risk registers, audit records, policies, procedures or compliance documentation.
  • Understanding of GxP computerised system compliance and risk-based validation principles.
  • Familiarity with regulatory frameworks and expectations such as 21 CFR Part 11, EU Annex 11, GAMP 5, data integrity principles, GDPR or other privacy/security obligations.
  • Experience working with SaaS, cloud-hosted systems, vendor qualification, supplier audits or third-party risk assessments.
  • Experience engaging with cross-functional stakeholders across IT, QA, Legal, Privacy, Information Security and business operations.

Desirable Qualifications and Certifications

  • ISO/IEC 27001 Lead Implementer, Lead Auditor, Internal Auditor or equivalent certification.
  • CISA, CRISC, CISM, CISSP, CGEIT or other relevant governance, risk, audit or information security certification.
  • GxP, CSV, CSA, GAMP 5 or life sciences validation training.
  • Privacy or data protection certification such as CIPP/E, CIPM or equivalent.
  • Experience in a Contract Research Organisation, clinical trial technology environment, pharmaceutical sponsor environment or regulated SaaS ecosystem.
  • Experience with ServiceNow, SharePoint, Smartsheet, Microsoft 365, GRC platforms, audit management tools or document management systems.
  • Experience with emerging AI technologies as related to the GxP system validation and functions.


We offer hybrid working arrangements and full flexibility in working hours to ensure our staff achieve the work-life balance often missing in this role.

Novotech is proud to offer a great workplace. We are committed to being an employer of choice for gender equality and providing an inclusive work environment where everyone is treated fairly and with respect. Our team members are passionate about what we do, but we understand work is only of the things that is important to them. We support our team members with flexible working options, paid parental leave for both parents, flexible leave entitlements, wellness programs and ongoing development programs.

We are looking for people who are passionate about working clinical research and biotech, including people who identify as LGBTIQ+, have a disability or have caring responsibilities.
We are a Circle Back Initiative Employer and commit to respond to every application. We look forward to contacting you regarding your application.


You must have full unrestricted working rights in Australia to be considered for this role. We unfortunately cannot provide sponsorship for this role.


About Us

Novotech is a global full-service clinical Contract Research Organization (CRO).


At Novotech, ambition meets opportunity. As a globally recognized leader in clinical research and scientific advisory services, we are proud to combine our position at the forefront of the industry with an award-winning workplace culture that values ambition, innovation, and growth. Named Employer of Choice, Great Place to Work and Employer of Choice for Gender Equality (EOCGE), we are committed to fostering an environment that reflects the life-changing work we do.

Since 1997, we have expanded our global footprint, now with 30+ offices across Asia-Pacific, the United States, and Europe. This growing network unites professionals from diverse backgrounds and disciplines to advance therapies that improve patient outcomes worldwide. 


At Novotech, our employees are at the heart of our success. By offering trust, flexibility, and autonomy through programs like NovoLife, our flexible benefits framework, we empower team members to create an effective work-life balance that delivers professional satisfaction and maximum results for clients.


With access to mentorship opportunities, professional development programs, and a dynamic community, Novotech offers a platform for driven individuals to achieve personal growth while shaping the future of healthcare. Join us to be a part of a team that values your contributions and supports your ambition to make a global impact.

About the Team

At Novotech we have advanced therapeutic and regulatory expertise, the ability to execute across markets and a client-centric service model, so that our clients get a trusted, long-term partner and an accelerated path to bring their life-changing advances to market. This gives our employees the opportunity to develop their careers by joining a diverse and supportive global organization with a collaborative culture, whilst working with clients on the cutting-edge of life sciences. 
At Novotech you will work alongside empowered teams with a shared commitment to success.

  • Strategic vs transactional mindset.
  • Ability to gain insights and make proactive decisions quickly.
  • Culture that fosters partnership and collaboration, where every voice is heard and valued.
  • Ongoing support from senior stakeholders and leadership team.
.
HQ

Novotech Sydney, New South Wales, AUS Office

Sydney, Australia

Similar Jobs

9 Hours Ago
Remote
Queensland, AUS
Senior level
Senior level
Aerospace • Information Technology • Software • Cybersecurity • Design • Defense • Manufacturing
Manage disposal and quarantine of defective, deficient, or surplus items for the F/A-18F and EA-18G sustainment program. Ensure compliance with policies, prepare documentation, recommend disposal methods, liaise with logistics, engineering, supply chain and stakeholders, and report risks and system health.
Top Skills: DeflogmanEscmMilisSap S/4Hanna
16 Hours Ago
Easy Apply
Remote
Australia
Easy Apply
Entry level
Entry level
Information Technology • Cybersecurity
Provide first-line SOC support and act as intermediary between partners/customers and the SOC. Deliver phone/email/chat support, explain SOC actions, lead partner calls, troubleshoot product issues, collaborate with internal teams, and contribute to knowledge-base content.
Top Skills: EntraMicrosoft 365NetworkingSIEM
16 Hours Ago
Easy Apply
Remote
Australia
Easy Apply
Mid level
Mid level
Information Technology • Cybersecurity
Manage and grow a book of SaaS customers in APAC, driving renewals, expansion, adoption, and satisfaction while coordinating with reseller/VAR partners and internal teams to remove blockers and document CRM activity.
Top Skills: Crm PlatformsSaaSSalesforce

What you need to know about the Sydney Tech Scene

From opera to comedy shows, the Sydney Opera House hosts more than 1,600 performances a year, yet its entertainment sector isn't the only one taking center stage. The city's tech sector has earned a reputation as one of the fastest-growing in the region. More specifically, its IT sector stands out as the country's third-largest, growing at twice the rate of overall employment in the past decade as businesses continue to digitize their operations to stay competitive.

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account