Senior Manager, GRC

eClinical Solutions helps life sciences organizations around the world accelerate clinical development initiatives with expert data services and the elluminate Clinical Data Cloud – the foundation of digital trials. Together, the elluminate platform and digital data services give clients self-service access to all their data from one centralized location plus advanced analytics that help them make smarter, faster business decisions. 

You will make an impact:

The Senior Manager, Governance, Risk, and Compliance (GRC) will design, implement, and scale a modern GRC capability that collaborates closely with Quality + Compliance, IT, Legal, People Ops, and Product + Engineering teams. This role offers the opportunity to build and lead the Governance, Risk, and Compliance (GRC) function at a growing SaaS organization. The role is remote within the United States, with occasional travel to company offices. This role requires both program leadership and technical hands-on execution. The ideal candidate is a builder who can align governance frameworks, manage risk, and oversee compliance activities, while also leveraging automation through a dedicated GRC platform (e.g., OneTrust).

Your day to day:

• Governance + Oversight
  • Drive the operation of the cross functional GRC Committee, preparing agendas, metrics, and reports that enable executive decision making
  • Establish and maintain governance frameworks aligned with NIST CSF 2.0, ISO 27001/27701, SOC 2, and applicable regulatory requirements
  • Partner closely with Quality + Compliance leadership to ensure integration of IT GRC and compliance obligations into enterprise oversight
• Risk Management
  • Build and manage the enterprise cyber/IT risk register, enabling impact-based risk assessment and consistent prioritization
  • Lead the risk acceptance process, ensuring risks are properly documented, escalated, and tracked
  • Maintain risk quantification practices over time to support board level reporting
• Compliance + Audit
  • Own external certification readiness (SOC 2, ISO, HIPAA, GDPR, etc.) and coordinate audit activities across teams
  • Manage evidence collection, remediation tracking, and reporting
  • Collaborate with Regulatory & Quality to align IT/cyber controls with broader compliance programs
• Technical Control Governance
  • Oversee governance of DLP, IAM, and other security controls, ensuring policies map to technical enforcement
  • Assist reports and analysts in implementing and monitoring selected controls (e.g., DLP tagging, Safe Links/Attachments, IAM governance)
  • Validation of control effectiveness
• GRC Tool Implementation + Automation
  • Lead the deployment of a GRC platform (OneTrust or equivalent) to automate vendor risk, risk management, audits, policies, and reporting
  • Scale continuous control monitoring and compliance automation through integration with security and IT systems
  • Build executive dashboards and metrics tied to business impact
• Team Leadership
  • Manage and mentor a team of GRC and Technical analysts)
  • Build a high-performance, scalable GRC team that operates lean while continuously maturing the company’s GRC capability
• Other duties as assigned

Education & Experience

• Bachelor’s degree or equivalent work experience preferred
• 5+ years in cybersecurity, GRC, compliance, or risk management roles preferred
• Demonstrated experience running audit/certification cycles (SOC 2, ISO 27001, HIPAA, GDPR, etc.)
• Experience standing up or maturing a GRC function in a SaaS or regulated industry context
• Relevant certifications (CISA, CRISC, CISSP) preferred

Professional Skills

• Strong governance and program management skills — able to run committees, drive cross-functional decisions, and set frameworks
• Skilled communicator: can translate technical risk into business impact for executives and boards
• Pragmatic and business context oriented
• Builder mindset, motivated to design and scale a function, not just operate one
  

Technical Skills

• Familiarity with GRC tools (OneTrust, LogicGate, ServiceNow GRC, etc.) and experience implementing or maintaining them
• Working knowledge of IAM governance, DLP, and endpoint, and cloud security capabilities
• Ability to design and monitor risk registers, control frameworks, and compliance automation
• Understanding of audit evidence workflows, continuous control monitoring, and risk quantification

Accelerate your skills and career within a fast-growing company while impacting the future of healthcare. We have shared our story, now we look forward to learning yours!

eClinical is a winner of the 2023 Top Workplaces USA national award! We have also received numerous Culture Excellence Awards celebrating our exceptional company vision, values, and employee experience. See all the details here: https://topworkplaces.com/company/eclinical-solutions/

eClinical Solutions is a people first organization. Our inclusive culture values the contribution that diversity brings to our business. We celebrate individual experiences that connect us and that inspire innovation in our community. Our team seeks out opportunities to learn, grow and continuously improve. Bring your authentic self, you are welcome here!

We are proud to be an equal opportunity employer that values diversity. Our management team is committed to the principle that employment decisions are based on qualifications, merit, culture fit and business need.