About the Role
The Associate Director, IT Compliance is responsible for organising, leading and continuously improving Novotech’s IT Compliance function across a global CRO environment. The role provides leadership for IT governance, compliance assurance, audit readiness, vendor and sponsor audit responses, ISMS governance, ISO/IEC 27001:2022 certification activities, and regulatory compliance guidance for GxP computerised systems.
Responsibilities:
Leadership of the IT Compliance Function
- Lead, organise and manage the global IT Compliance function, ensuring clear priorities, operating cadence, responsibilities, documentation standards and service expectations.
- Act as the primary IT Compliance lead for technology governance, IT control assurance, IT audit readiness and regulatory support.
- Maintain effective relationships with IT Operations, Information Security, Quality Assurance, Legal, Privacy, Clinical Systems, Business Operations and regional stakeholders.
- Provide clear advice to IT and business teams on technology compliance obligations, risks, required evidence and remediation expectations.
- Drive continuous improvement in IT compliance processes, templates, registers, control evidence, audit responses and stakeholder engagement.
- Support development of IT Compliance capability, including mentoring team members, improving ways of working and ensuring continuity of critical compliance activities.
Vendor, Sponsor and Regulatory Audit Management
- Manage and coordinate vendor, sponsor, client and regulatory reviews in relation to emerging AI and Machine Learning capabilities, as well as participate in strategy discussions related to AI
- Continued Development of a compliance approach to emerging AI tools and capabiltities
- Prepare, review and coordinate audit evidence, control narratives, system documentation, policy references, process descriptions and follow-up responses.
- Represent IT Compliance in sponsor audits, vendor assessments, client due diligence activities and regulatory inspection support activities.
- Coordinate with IT, QA, Legal, Privacy, Information Security and business system owners to ensure responses are accurate, consistent, timely and aligned with approved Novotech documentation.
- Track audit observations, findings, commitments, corrective actions and preventive actions through to closure.
- Maintain a reusable audit evidence library and standardised response materials to improve audit efficiency and consistency.
- Support client-facing and internal control discussions covering IT governance, GxP systems, data integrity, system validation, information security controls, privacy controls and supplier oversight.
3. ISMS Governance and ISO/IEC 27001:2022 Certification
- Manage and maintain Information Security Management System records, registers, evidence repositories and governance documentation.
- Support the ongoing operation, monitoring and continual improvement of Novotech’s ISMS.
- Guide IT and business stakeholders through ISO/IEC 27001:2022 certification, surveillance audit and recertification activities.
- Maintain and coordinate documentation associated with the ISMS, including policies, procedures, work instructions, control evidence, risk records, audit records, management review inputs and improvement actions.
- Support the development, maintenance and review of the Statement of Applicability, control mappings, ISMS scope, risk treatment activities and compliance evidence.
- Coordinate ISMS internal audits, management review inputs, control performance reporting and remediation tracking.
- Ensure ISMS records are accurate, complete, traceable, current and ready for internal or external audit review.
- Partner with Information Security and IT Operations to ensure technical and organisational controls are appropriately documented, monitored and evidenced.
4. GxP and Computerised System Compliance Guidance
- Provide guidance to IT, Quality Assurance, system owners and business process owners on regulatory compliance expectations for GxP computerised systems.
- Support interpretation and practical application of relevant regulatory and industry expectations, including GxP, computerised system validation, data integrity, 21 CFR Part 11, EU Annex 11 and GAMP 5-aligned risk-based validation principles.
- Advise on validation strategy, system risk assessments, vendor qualification, system classification, validation deliverables, periodic reviews and change control considerations.
- Review or support preparation of compliance documentation for GxP systems, including validation plans, user requirements, traceability matrices, test evidence, validation reports, periodic reviews and supplier assessment records.
- Support compliant adoption of SaaS and cloud-based systems by ensuring appropriate vendor assessment, qualification evidence, data protection assessment and risk-based validation activities are performed.
- Provide compliance input into new system implementations, system changes, decommissioning activities, integrations and technology projects impacting regulated data or GxP processes.
- Ensure technology teams understand the distinction between technical deployment, business process ownership, validation responsibility and quality approval expectations.
5. Governance, Risk and Control Assurance
- Lead or support technology risk assessments for new and existing systems, vendors, services and IT processes.
- Identify control gaps, compliance risks and documentation deficiencies, and work with accountable owners to define appropriate remediation or risk treatment plans.
- Maintain effective IT compliance reporting for risks, audit findings, control performance, non-conformances and remediation status.
- Contribute to IT governance forums, risk reviews, compliance committees and management review activities.
- Support alignment between IT Compliance, Information Security, Quality Assurance, Privacy and enterprise risk management processes.
- Ensure IT policies, procedures, standards and supporting records remain current, controlled and aligned with applicable regulatory, legal, contractual and certification obligations.
6. Vendor and Third-Party Compliance Oversight
- Support supplier and vendor compliance assessments for technology vendors, cloud service providers, SaaS platforms and GxP-relevant suppliers.
- Review supplier control evidence such as ISO certifications, SOC reports, validation documentation, security questionnaires, privacy documentation and contractual compliance requirements.
- Assess vendor compliance risks, including hosting arrangements, data protection, cross-border data transfer considerations, security controls, validation expectations and supplier quality controls.
- Support vendor requalification, periodic review and ongoing compliance monitoring activities.
- Partner with Procurement, Legal, Privacy, Quality Assurance and system owners to ensure IT vendor compliance obligations are appropriately assessed and documented.
7. Documentation, Training and Business Guidance
- Own or contribute to IT Compliance policies, SOPs, work instructions, templates, guidance materials and evidence packs.
- Translate complex regulatory, security and quality requirements into practical, business-friendly guidance.
- Provide training, coaching and awareness to IT and business stakeholders on IT compliance requirements, audit readiness, GxP system expectations and ISMS obligations.
- Promote a culture of documentation quality, inspection readiness, risk awareness and continual improvement.
- Ensure IT Compliance documentation is written clearly, maintained under appropriate document control and aligned with Novotech’s quality expectations.
Key Deliverables
- Effective operation of the global IT Compliance function.
- Timely, accurate and defensible IT responses to vendor, sponsor, client and regulatory audits.
- Maintained and audit-ready ISMS records, evidence, registers and governance artefacts.
- Successful support for ISO/IEC 27001:2022 certification, surveillance and recertification activities.
- Clear compliance guidance for GxP systems, SaaS platforms, cloud services and technology projects.
- Improved audit evidence reuse, response consistency and inspection readiness.
- Well-maintained IT Compliance SOPs, work instructions, templates and control documentation.
- Measurable tracking of IT compliance risks, findings, corrective actions and continual improvement initiatives.
Required Qualifications and Experience
- Bachelor’s degree in Information Technology, Computer Science, Information Security, Quality, Life Sciences, Regulatory Compliance, or a related discipline.
- Significant experience in IT compliance, technology risk, governance, information security, quality systems or regulated technology environments.
- Experience working in a regulated industry such as clinical research, pharmaceutical, biotechnology, medical device, healthcare or life sciences.
- Demonstrated experience supporting vendor, sponsor, client, regulatory or certification audits.
- Practical knowledge of ISO/IEC 27001, preferably ISO/IEC 27001:2022.
- Experience maintaining ISMS records, control evidence, risk registers, audit records, policies, procedures or compliance documentation.
- Understanding of GxP computerised system compliance and risk-based validation principles.
- Familiarity with regulatory frameworks and expectations such as 21 CFR Part 11, EU Annex 11, GAMP 5, data integrity principles, GDPR or other privacy/security obligations.
- Experience working with SaaS, cloud-hosted systems, vendor qualification, supplier audits or third-party risk assessments.
- Experience engaging with cross-functional stakeholders across IT, QA, Legal, Privacy, Information Security and business operations.
Desirable Qualifications and Certifications
- ISO/IEC 27001 Lead Implementer, Lead Auditor, Internal Auditor or equivalent certification.
- CISA, CRISC, CISM, CISSP, CGEIT or other relevant governance, risk, audit or information security certification.
- GxP, CSV, CSA, GAMP 5 or life sciences validation training.
- Privacy or data protection certification such as CIPP/E, CIPM or equivalent.
- Experience in a Contract Research Organisation, clinical trial technology environment, pharmaceutical sponsor environment or regulated SaaS ecosystem.
- Experience with ServiceNow, SharePoint, Smartsheet, Microsoft 365, GRC platforms, audit management tools or document management systems.
- Experience with emerging AI technologies as related to the GxP system validation and functions.
We offer hybrid working arrangements and full flexibility in working hours to ensure our staff achieve the work-life balance often missing in this role.
Novotech is proud to offer a great workplace. We are committed to being an employer of choice for gender equality and providing an inclusive work environment where everyone is treated fairly and with respect. Our team members are passionate about what we do, but we understand work is only of the things that is important to them. We support our team members with flexible working options, paid parental leave for both parents, flexible leave entitlements, wellness programs and ongoing development programs.
We are looking for people who are passionate about working clinical research and biotech, including people who identify as LGBTIQ+, have a disability or have caring responsibilities.
We are a Circle Back Initiative Employer and commit to respond to every application. We look forward to contacting you regarding your application.
You must have full unrestricted working rights in Australia to be considered for this role. We unfortunately cannot provide sponsorship for this role.
About Us
Novotech is a global full-service clinical Contract Research Organization (CRO).
At Novotech, ambition meets opportunity. As a globally recognized leader in clinical research and scientific advisory services, we are proud to combine our position at the forefront of the industry with an award-winning workplace culture that values ambition, innovation, and growth. Named Employer of Choice, Great Place to Work and Employer of Choice for Gender Equality (EOCGE), we are committed to fostering an environment that reflects the life-changing work we do.
Since 1997, we have expanded our global footprint, now with 30+ offices across Asia-Pacific, the United States, and Europe. This growing network unites professionals from diverse backgrounds and disciplines to advance therapies that improve patient outcomes worldwide.
At Novotech, our employees are at the heart of our success. By offering trust, flexibility, and autonomy through programs like NovoLife, our flexible benefits framework, we empower team members to create an effective work-life balance that delivers professional satisfaction and maximum results for clients.
With access to mentorship opportunities, professional development programs, and a dynamic community, Novotech offers a platform for driven individuals to achieve personal growth while shaping the future of healthcare. Join us to be a part of a team that values your contributions and supports your ambition to make a global impact.
At Novotech we have advanced therapeutic and regulatory expertise, the ability to execute across markets and a client-centric service model, so that our clients get a trusted, long-term partner and an accelerated path to bring their life-changing advances to market. This gives our employees the opportunity to develop their careers by joining a diverse and supportive global organization with a collaborative culture, whilst working with clients on the cutting-edge of life sciences.
At Novotech you will work alongside empowered teams with a shared commitment to success.
- Strategic vs transactional mindset.
- Ability to gain insights and make proactive decisions quickly.
- Culture that fosters partnership and collaboration, where every voice is heard and valued.
- Ongoing support from senior stakeholders and leadership team.
Novotech Sydney, New South Wales, AUS Office
Sydney, Australia


