Director, IS Governance, Risk and Compliance

Revolution Medicines is a late-stage clinical oncology company developing novel targeted therapies for patients with RAS-addicted cancers. The companys R&D pipeline comprises RAS(ON) inhibitors designed to suppress diverse oncogenic variants of RAS proteins. The companys RAS(ON) inhibitors daraxonrasib (RMC-6236) a RAS(ON) multi-selective inhibitor; elironrasib (RMC-6291) a RAS(ON) G12C-selective inhibitor; zoldonrasib (RMC-9805) a RAS(ON) G12D-selective inhibitor; and RMC-5127 a RAS(ON) G12V-selective inhibitor are currently in clinical development. As a new member of the Revolution Medicines team you will join other outstanding professionals in a tireless commitment to patients with cancers harboring mutations in the RAS signaling pathway.

The Opportunity:

We are seeking an experienced and strategic leader to serve as Director Information Sciences Governance Risk & Compliance (IS GRC) reporting directly to the VP IS Security Risk and Compliance. This person will be responsible for leading and maturing the IS GRC program ensuring that IS governance processes technology risk management practices third-party risk management and compliance activities effectively support business objectives and protect the organization.

As a key leader within Information Sciences this individual will partner closely with Security Infrastructure Enterprise Applications Data & Analytics Legal Privacy Quality Finance HR Procurement and other cross-functional stakeholders to establish a scalable and pragmatic IS GRC framework. They will help the organization navigate a dynamic regulatory technology and business environment by strengthening controls driving compliance readiness improving risk visibility managing third-party risk and enabling informed decision-making across IS.

This role is ideal for a leader who can balance strategic program development with operational execution build trusted partnerships across the organization and translate regulatory technical and control requirements into practical processes that enable the business.

Key Responsibilities:

• IS GRC Program Leadership: Lead and evolve the Information Sciences Governance Risk & Compliance program including policies standards risk frameworks compliance processes and reporting.

• IS Governance: Develop implement and maintain governance structures policies standards and procedures to support IS objectives regulatory obligations and internal accountability.

• Technology Risk Management: Establish and manage processes to identify assess prioritize track and report key IS cybersecurity data third-party and operational risks. Partner with stakeholders to develop mitigation and remediation plans.

• Third-Party Risk Management: Lead and mature the third-party risk management program for Information Sciences including risk assessment and oversight of vendors service providers and technology partners. Partner with Procurement Legal Security Privacy and business stakeholders to evaluate third-party controls contractual requirements and remediation plans to ensure third-party services meet company risk and compliance expectations.

• Compliance Management: Oversee IS compliance initiatives related to applicable laws regulations contractual obligations and internal policies. Coordinate control assessments compliance reviews and readiness efforts for audits and inspections.

• Internal Controls: Partner with IS and business teams to design document evaluate and improve IT and IS-related controls and monitor their effectiveness over time.

• Policy and Standards Management: Drive the development review communication and maintenance of IS policies standards baselines and related procedures to ensure consistency usability and alignment with company requirements.

• Audit and Assessment Support: Coordinate and support internal and external audits risk assessments and evidence requests related to Information Sciences systems processes and controls. Track observations and corrective actions through closure.

• Cross-Functional Partnership: Build strong relationships across the business to understand technology risks compliance obligations and operational challenges and to promote a culture of accountability and continuous improvement.

• Metrics and Reporting: Develop meaningful dashboards metrics and executive reporting to communicate IS program health compliance posture risk trends and remediation progress to senior leadership.

• Training and Awareness: Promote awareness of IS governance risk and compliance responsibilities across Information Sciences and the broader organization through communication training and stakeholder engagement.

• Continuous Improvement: Stay informed about emerging regulations industry trends and best practices in IT/IS governance cybersecurity compliance privacy and risk management and incorporate them into program enhancements.

• This person will also coordinate with existing service delivery teams in Information Sciences to ensure that high levels of service and support are maintained.

Required Skills Experience and Education:

• Bachelors degree or equivalent and a minimum of 10 years of experience in Information Technology Information Sciences governance risk management compliance internal audit cybersecurity compliance or related functions including leadership experience in a regulated industry.

• Proven track record of building managing and scaling IS or IT GRC programs in complex organizations.

• Experience partnering across IS security legal privacy quality procurement finance and business teams to drive risk-informed and compliant technology practices.

• Strong understanding of IT governance technology risk management internal controls policy management third-party risk management and compliance operations.

• Experience working in regulated environments and with relevant frameworks and requirements such as SOX GxP GDPR/CCPA ISO 27001 HITRUST cybersecurity privacy IT general controls vendor risk management and audit readiness as applicable.

• Experience supporting or leading control design risk assessments remediation activities and audit or certification readiness efforts related to ISO 27001 HITRUST or other relevant compliance frameworks.

• Ability to translate regulatory audit and control requirements into practical business friendly IS processes standards and guidance.

• Entrepreneurial spirit; thrives in a fast-paced high-growth midsize company environment.

• Comfortable handling ambiguity and navigating through evolving processes priorities and organizational needs.

• Highly organized with strong attention to detail and accuracy.

• Committed to meeting and exceeding high standards for quality and continuous improvement.

• Builds rapport and credibility as an effective strategic partner.

• Fosters team collaboration breaks down silos and is able to influence without authority.

• Skilled at conflict resolution negotiation and driving alignment across diverse stakeholder groups.

• Acts with urgency and sound judgment. Enjoys enabling others and solving complex problems.

• Ability to manage multiple initiatives activities and priorities simultaneously and autonomously.

• Strong written and verbal communication presentation and facilitation skills with the ability to distill complex information for senior leadership.

Preferred Skills:

• Masters degree or equivalent in Information Technology Business Risk Management Cybersecurity or a related field.

• Relevant certifications such as CISA CISM CRISC CISSP CGEIT ISO 27001 Lead Implementer ISO 27001 Lead Auditor HITRUST CCSFP or similar are preferred.

• Experience leading or supporting ISO 27001 and/or HITRUST implementation certification surveillance or readiness programs is strongly preferred.

• Experience leading or supporting IT/IS governance cybersecurity compliance privacy audit or risk programs in the pharmaceutical biotechnology life sciences or other highly regulated industries.

• Experience with third-party risk management policy governance platforms GRC tooling control automation and audit management solutions is a plus.

• Experience developing and operationalizing IS policies standards procedures and control frameworks across enterprise applications infrastructure cloud environments and data platforms is desirable.

• Experience developing executive-level reporting and dashboards for IT or IS risk and compliance programs is desirable.

• Experience standing up or maturing enterprise IT governance security governance third-party risk management or technology compliance monitoring programs is a plus.

• Experience working with cross-functional stakeholders to align security privacy compliance and business requirements into scalable operational processes is preferred.

  #LI-Hybrid #LI-YG1

We are aware of recent recruitment scams in which individuals or organizations falsely represent themselves as being affiliated with Revolution Medicines. These scams may appear as false job advertisements or unsolicited contacts through communication or chat platforms email phone or text message.

Please note that Revolution Medicines does not extend unsolicited employment offers and will never ask candidates to provide financial information purchase equipment or pay fees as part of the hiring process. All legitimate communication from Revolution Medicines will come from an official @ email address.

If you believe youve been contacted by someone impersonating a Revolution Medicines recruiter please report it to so we can share these impersonations with our IT team for tracking and awareness.