GRC / Technical Controls Analyst II

Life changing therapies. Global impact. Bridge to thousands of biopharma companies and their patients.

We are PCI.

Our investment is in People who make an impact, drive progress and create a better tomorrow. Our strategy includes building teams across our global network to pioneer and shape the future of PCI.

The GRC / Technical Controls Analyst will manage PCI Pharma's cybersecurity governance, risk, and compliance program with specific focus on pharmaceutical regulatory requirements. This role bridges technical security controls with business compliance needs, ensuring the organization meets GxP, FDA 21 CFR Part 11, and industry security standards while supporting audit activities and risk management initiatives.

• Develop and maintain cybersecurity policies, standards, and procedures aligned with pharmaceutical regulations
• Manage technical controls auditing across 150+ applications and systems quarterly
• Coordinate GxP computer system validation activities with Quality Assurance team
• Conduct risk assessments for new systems, vendors, and business initiatives
• Maintain compliance evidence and documentation for regulatory audits (FDA, EMA)
• Lead internal security control assessments and gap remediation tracking
• Support third-party/vendor cyber risk management including security questionnaires and assessments
• Develop and track key risk indicators (KRIs) and security metrics
• Coordinate with external auditors and manage audit finding remediation
• Maintain security control framework mapping (NIST CSF, ISO 27001, SOC 2)
• Review and approve security exceptions with appropriate risk documentation
• Support business continuity and disaster recovery compliance requirements

• Bachelor's degree in Information Security, Risk Management, or related field
• 4+ years of experience in GRC, security compliance, or audit roles
• Strong knowledge of security frameworks (NIST CSF, ISO 27001, CIS Controls)
• Experience with pharmaceutical regulations (21 CFR Part 11, GxP, Annex 11)
• Proficiency in controls testing and evidence collection
• Experience with risk assessment methodologies
• Strong documentation and technical writing skills
• Excellent communication skills for audit and stakeholder interactions
• Project management capabilities for compliance initiatives

• CISA, CRISC, or CGEIT certification
• Direct pharmaceutical or life sciences industry experience
• Experience with GRC platforms (ServiceNow GRC, Archer, OneTrust)
• Knowledge of SOX IT general controls
• HITRUST or healthcare compliance experience
• Experience with vendor risk management programs

GRC platforms (ServiceNow GRC preferred) * Security control frameworks (NIST, ISO, CIS) * Risk assessment tools and methodologies * Audit management systems * Microsoft 365 compliance features * Documentation tools (SharePoint, Confluence) * Basic technical understanding of infrastructure and applications

• Audit finding closure rate (target: 100% within agreed timeline)
• Controls assessment coverage (target: 100% of critical systems)
• Policy review cycle compliance (target: 100% annual review)
• Vendor risk assessment completion (target: 100% of critical vendors)
• Risk register accuracy and currency (target: monthly updates)

Join us and be part of building the bridge between life changing therapies and patients. Let's talk future

Equal Employment Opportunity (EEO) Statement:
PCI Pharma Services is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status.

At PCI, Equity and Inclusion are at the core of our company's purpose: Together, delivering life-changing therapies. We are committed to cultivating an inclusive workplace by holding ourselves accountable to the highest standards of understanding, fairness, respect, and equal opportunity - at every level. We envision a PCI community where everyone can belong and grow, and we strive to bring this vision to reality by continuously and intentionally assessing our people practices, policies and programs, marketing approach, and workplace culture.