IT Technical Regulatory Compliance Principal at Rochester Regional Health – ROCHESTER, New York

Job Title: IT Technical Regulatory Compliance Principal

Department: Information Technology

Location: Remote, United States

Hours Per Week: 40

Schedule: Monday – Friday, Days

SUMMARY

The IT Technical Regulatory Compliance Principal is responsible for leading and executing IT risk-based computer systems validation and associated technical compliance initiatives within ACM’s two core businesses: laboratory services and clinical trials research. These businesses operate under US FDA, UK MHRA, EMEA, GCP, GLP, laboratory and other regulations. This hybrid role combines technical hands-on computer systems validation and regulatory compliance execution. The role ensures that IT systems—particularly ACM’s data center infrastructure at RRH, cloud-hosted and SaaS applications, laboratory equipment, LIMS systems —are implemented, validated, and maintained in accordance with regulations (21 CFR Part 11, Part 820, ICH, OECD 22), GLP, GCP requirements, and company policies and procedures. This role will be the IT CSV department’s key resource for representing IT in internal, customer, and regulatory audits, observations response and all follow-up for observations, quality events and CAPA’s. Managing the relationship with the Quality function is paramount to being successful here. The role will oversee the IT CSV Change Management process and be a member of the Change Approval Board.

RESPONSIBILITIES

• Lead IT compliance initiatives ensuring adherence to world-wide regulatory authorities, GLP, GCP, and other applicable regulations and standards (e.g., 21 CFR Part 11, 820, Annex 11, OECD 22).
• Manage and execute validation of cloud-based and hosted applications, including risk assessments, validation planning, IQ/OQ/PQ testing, and traceability documentation.
• Primary owner of the system development lifecycle and CSV process and policies and procedures for such.
• Oversee the new system implementation process and IT change management process.
• Develop, review, and maintain key compliance and SDLC documents such as validation protocols, test scripts, SOPs, configuration management, change control, and system release documentation.
• Prepare and lead IT-related activities for FDA, UK, EU and other regulatory inspections or audits; provide expert responses to auditor queries; manage quality events, corrective and preventive actions (CAPAs) resulting from inspections.
• Author and maintain IT compliance policies, procedures, and standard operating procedures (SOPs) to ensure consistent, regulatory-aligned practices across systems and teams.
• Partner with IT infrastructure, cybersecurity, QA, and business system owners to ensure alignment of compliance and validation activities with business needs.
• Evaluate and enhance IT validation and compliance processes for efficiency and scalability in support of digital transformation and cloud adoption.
• Take Quality ownership, participate in cross-functional team discussions, provide quality guidance/decisions for the projects that include new implementation, enhancements, quarterly releases, periodic reviews, review and approve Quality events (deviations & CAPS), etc.
• Participate and drive system assessments, review and approve the project deliverables, including plan, test scripts, execution and its outcome, reports, and traceability.
• Actively participate in and guide discussions to resolution, adhering to all quality standards.

REQUIRED QUALIFICATIONS

• Bachelor degree in computer science.
• 10 years experience in life sciences computer systems validation (biotech, pharma, medical device, laboratory services).
• Five years employment in a lab services environment.
• Five years in a biotech, pharma or device environment.

PREFERRED QUALIFICATIONS

• Detailed knowledge of IT infrastructure equipment, utilities and supporting processes and computerized system validation concepts for such; including servers, HVAC, physical security, virtual security, fire detection and protection, network architecture and layers.
• International Society of Pharmaceutical Engineers (ISPE) GAMP 5 training or equivalent experience.
• Familiarity with IT Infrastructure Library (ITIL), IT as-a-service Change process, service level agreements, some project management experience.
• 10 years of experience validating hosted, cloud GxP applications under International Society of Pharmaceutical Engineers (ISPE) Good Automated Manufacturing Processes (GAMP 5) methodology.
• 10 years of experience developing typical GAMP 5 deliverables such as validation plans, functional requirements, user requirements, system design documents, configuration specifications, OQ test scripts, PQ/UAT test scripts, requirements traceability matrix, validation summary reports, supporting SOP’s, work instructions.
• 10 years of experience supporting technology, software and systems in US FDA regulated environment, UK MHRA, EMEA environments and regulations. Expert in 21 CFR Part 11, Part 820, OECD 22, GLP, GCP.
• 5 years of experience supporting worldwide regulatory inspections and direct inspector involvement.
• Deep understanding of on-premise data center, equipment, utilities, closets, servers, power, HVAC, lab instrumentation, lab utilities, interfaces to LIMS systems, GxP, 21 CFR Part 11, Annex 11, and CSV methodologies.
• Strong documentation and technical writing skills. Expert in using Microsoft Office tools and Sharepoint.
• Familiarity with modern SDLC frameworks (Agile, DevOps) and change management systems.
• Experience with cloud service providers (AWS, Azure) and enterprise applications (e.g. Veeva, Salesforce, ServiceNow).
• Well versed in writing standard operating procedures, work instructions, and the full complement of ISPE GAMP 5 CSV documents for GAMP Category 4 and 5 systems.
• Sound knowledge of and Embrace Data Integrity integral to the system projects.
• Should possess good communication skills and fit well as a team player.
• Exceptional communication and leadership skills. Ability to present in front of Executives.
• Strong analytical, problem-solving, and organizational abilities.
• Comfortable operating in a fast-paced, highly regulated, changing environment.
• Demonstrated competence and completion of migrating CSV to Computer Software Assurance (CSA) processes.

PHYSICAL REQUIREMENTS: L - Light Work - Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly; requires occasional walking, standing or squatting.

PAY RANGE: $105,000.00 - $150,000.00

The listed base pay range is a good faith representation of current potential base pay for successful applicants. It may be modified in the future. Pay is determined by factors including experience, clinical licensure date, relevant qualifications, specialty, internal equity, location, and contracts.