Governance Risk And Compliance Jobs in USA with Visa Sponsorship

INTRODUCTION

Revolution Medicines is a late-stage clinical oncology company developing novel targeted therapies for patients with RAS-addicted cancers. The company’s R&D pipeline comprises RAS(ON) inhibitors designed to suppress diverse oncogenic variants of RAS proteins. The company’s RAS(ON) inhibitors daraxonrasib (RMC-6236), a RAS(ON) multi-selective inhibitor; elironrasib (RMC-6291), a RAS(ON) G12C-selective inhibitor; zoldonrasib (RMC-9805), a RAS(ON) G12D-selective inhibitor; and RMC-5127, a RAS(ON) G12V-selective inhibitor, are currently in clinical development. As a new member of the Revolution Medicines team, you will join other outstanding professionals in a tireless commitment to patients with cancers harboring mutations in the RAS signaling pathway.

The Opportunity:

We are seeking an experienced and strategic leader to serve as Director, Information Sciences Governance, Risk & Compliance (IS GRC), reporting directly to the VP, IS Security, Risk, and Compliance. This person will be responsible for leading and maturing the IS GRC program, ensuring that IS governance processes, technology risk management practices, third-party risk management, and compliance activities effectively support business objectives and protect the organization.

As a key leader within Information Sciences, this individual will partner closely with Security, Infrastructure, Enterprise Applications, Data & Analytics, Legal, Privacy, Quality, Finance, HR, Procurement, and other cross-functional stakeholders to establish a scalable and pragmatic IS GRC framework. They will help the organization navigate a dynamic regulatory, technology, and business environment by strengthening controls, driving compliance readiness, improving risk visibility, managing third-party risk, and enabling informed decision-making across IS.

This role is ideal for a leader who can balance strategic program development with operational execution, build trusted partnerships across the organization, and translate regulatory, technical, and control requirements into practical processes that enable the business.

Key Responsibilities:

- IS GRC Program Leadership: Lead and evolve the Information Sciences Governance, Risk & Compliance program, including policies, standards, risk frameworks, compliance processes, and reporting.
- IS Governance: Develop, implement, and maintain governance structures, policies, standards, and procedures to support IS objectives, regulatory obligations, and internal accountability.
- Technology Risk Management: Establish and manage processes to identify, assess, prioritize, track, and report key IS, cybersecurity, data, third-party, and operational risks. Partner with stakeholders to develop mitigation and remediation plans.
- Third-Party Risk Management: Lead and mature the third-party risk management program for Information Sciences, including risk assessment and oversight of vendors, service providers, and technology partners. Partner with Procurement, Legal, Security, Privacy, and business stakeholders to evaluate third-party controls, contractual requirements, and remediation plans to ensure third-party services meet company risk and compliance expectations.
- Compliance Management: Oversee IS compliance initiatives related to applicable laws, regulations, contractual obligations, and internal policies. Coordinate control assessments, compliance reviews, and readiness efforts for audits and inspections.
- Internal Controls: Partner with IS and business teams to design, document, evaluate, and improve IT and IS-related controls and monitor their effectiveness over time.
- Policy and Standards Management: Drive the development, review, communication, and maintenance of IS policies, standards, baselines, and related procedures to ensure consistency, usability, and alignment with company requirements.
- Audit and Assessment Support: Coordinate and support internal and external audits, risk assessments, and evidence requests related to Information Sciences systems, processes, and controls. Track observations and corrective actions through closure.
- Cross-Functional Partnership: Build strong relationships across the business to understand technology risks, compliance obligations, and operational challenges, and to promote a culture of accountability and continuous improvement.
- Metrics and Reporting: Develop meaningful dashboards, metrics, and executive reporting to communicate IS program health, compliance posture, risk trends, and remediation progress to senior leadership.
- Training and Awareness: Promote awareness of IS governance, risk, and compliance responsibilities across Information Sciences and the broader organization through communication, training, and stakeholder engagement.
- Continuous Improvement: Stay informed about emerging regulations, industry trends, and best practices in IT/IS governance, cybersecurity compliance, privacy, and risk management, and incorporate them into program enhancements.
- This person will also coordinate with existing service delivery teams in Information Sciences to ensure that high levels of service and support are maintained.

Required Skills, Experience and Education:

- Bachelor’s degree or equivalent and a minimum of 10+ years of experience in Information Technology, Information Sciences, governance, risk management, compliance, internal audit, cybersecurity compliance, or related functions, including leadership experience in a regulated industry.
- Proven track record of building, managing, and scaling IS or IT GRC programs in complex organizations.
- Experience partnering across IS, security, legal, privacy, quality, procurement, finance, and business teams to drive risk-informed and compliant technology practices.
- Strong understanding of IT governance, technology risk management, internal controls, policy management, third-party risk management, and compliance operations.
- Experience working in regulated environments and with relevant frameworks and requirements such as SOX, GxP, GDPR/CCPA, ISO 27001, HITRUST, cybersecurity, privacy, IT general controls, vendor risk management, and audit readiness, as applicable.
- Experience supporting or leading control design, risk assessments, remediation activities, and audit or certification readiness efforts related to ISO 27001, HITRUST, or other relevant compliance frameworks.
- Ability to translate regulatory, audit, and control requirements into practical, business friendly IS processes, standards, and guidance.
- Entrepreneurial spirit; thrives in a fast-paced, high-growth, midsize company environment.
- Comfortable handling ambiguity and navigating through evolving processes, priorities, and organizational needs.
- Highly organized, with strong attention to detail and accuracy.
- Committed to meeting and exceeding high standards for quality and continuous improvement.
- Builds rapport and credibility as an effective strategic partner.
- Fosters team collaboration, breaks down silos, and is able to influence without authority.
- Skilled at conflict resolution, negotiation, and driving alignment across diverse stakeholder groups.
- Acts with urgency and sound judgment. Enjoys enabling others and solving complex problems.
- Ability to manage multiple initiatives, activities, and priorities simultaneously and autonomously.
- Strong written and verbal communication, presentation, and facilitation skills, with the ability to distill complex information for senior leadership.

Preferred Skills:

- Master’s degree or equivalent in Information Technology, Business, Risk Management, Cybersecurity, or a related field.
- Relevant certifications such as CISA, CISM, CRISC, CISSP, CGEIT, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, HITRUST CCSFP, or similar are preferred.
- Experience leading or supporting ISO 27001 and/or HITRUST implementation, certification, surveillance, or readiness programs is strongly preferred.
- Experience leading or supporting IT/IS governance, cybersecurity compliance, privacy, audit, or risk programs in the pharmaceutical, biotechnology, life sciences, or other highly regulated industries.
- Experience with third-party risk management, policy governance platforms, GRC tooling, control automation, and audit management solutions is a plus.
- Experience developing and operationalizing IS policies, standards, procedures, and control frameworks across enterprise applications, infrastructure, cloud environments, and data platforms is desirable.
- Experience developing executive-level reporting and dashboards for IT or IS risk and compliance programs is desirable.
- Experience standing up or maturing enterprise IT governance, security governance, third-party risk management, or technology compliance monitoring programs is a plus.
- Experience working with cross-functional stakeholders to align security, privacy, compliance, and business requirements into scalable operational processes is preferred.

Base Pay Salary Range

$211,000 — $264,000 USD

The base pay salary range for this full-time position for candidates working onsite at our headquarters in Redwood City, CA is listed below. The range displayed on each job posting is intended to be the base pay salary range for an individual working onsite in Redwood City and will be adjusted for the local market a candidate is based in. Our base pay salary ranges are determined by role, level, and location. Individual base pay salary is determined by multiple factors, including job-related skills, experience, market dynamics, and relevant education or training.

Please note that base pay salary range is one part of the overall total rewards program at RevMed, which includes competitive cash compensation, robust equity awards, strong benefits, and significant learning and development opportunities.

Revolution Medicines is an equal opportunity employer and prohibits unlawful discrimination based on race, color, religion, gender, sexual orientation, gender identity/expression, national origin/ancestry, age, disability, marital status, medical condition, and veteran status.

Revolution Medicines takes protection and security of personal data very seriously and respects your right to privacy while using our website and when contacting us by email or phone. We will only collect, process and use any personal data that you provide to us in accordance with our CCPA Notice and Privacy Policy. For additional information, please contact privacy@revmed.com.

We are aware of recent recruitment scams in which individuals or organizations falsely represent themselves as being affiliated with Revolution Medicines. These scams may appear as false job advertisements or unsolicited contacts through communication or chat platforms, email, phone, or text message.

Please note that Revolution Medicines does not extend unsolicited employment offers and will never ask candidates to provide financial information, purchase equipment, or pay fees as part of the hiring process. All legitimate communication from Revolution Medicines will come from an official @revmed.com email address.

If you believe you’ve been contacted by someone impersonating a Revolution Medicines recruiter, please report it to careers@revmed.com so we can share these impersonations with our IT team for tracking and awareness.