Corporate Compliance Officer
Summary
The Corporate Compliance Officer will support the transition of compliance oversight from the Legal function to Enterprise Risk Management (ERM). This is a hybrid role combining compliance program leadership/support with risk-based oversight. The Director will lead near-term policy cleanup and modernization, help establish a scalable compliance operating model, and own the compliance hotline and case management process. Over time, this position will help define and mature compliance-related processes and integrate them into ERM governance, prioritization, and reporting.
Job Responsibilities
Compliance program leadership (build, run, and enable)
β’ Lead execution of the compliance program charter, annual plan, and maturity roadmap in partnership with ERM leadership, Legal, and other key stakeholders.
β’ Provide practical compliance guidance and implementation support to business leaders and teams, coordinating closely with partners to align with applicable laws, regulations, and organizational standards.
β’ Design, deliver, and maintain core compliance program elements, including:
β’ Developing a training and awareness strategy (role-based training, refresh cadence, targeted campaigns, micro-burst training, etc.)
β’ Policy communications and employee attestations tied to policy publication
β’ Risk-based monitoring and thematic reviews, including follow-up on corrective actions
β’ Developing and maintaining compliance dashboards, metrics and reporting mechanisms
Policy cleanup, rationalization, and enterprise policy governance ownership
β’ Lead an enterprise-wide policy inventory and cleanup initiative: identify duplicates/conflicts, retire outdated content, close gaps, and assign accountable owners.
β’ Establish and operate the policy governance framework, including:
β’ Policy taxonomy/tiering (policy, standard, procedure, guideline) and document hierarchy
β’ Standard templates and minimum content requirements
β’ Approval authorities, review cycles, version control, publication standards, and evidence retention
β’ Policy exception/waiver process with documented risk acceptance and periodic review
β’ Partner with Legal, Quality, Privacy, Security, People, and other business functions to ensure policies are clear, usable, and embedded across all corporate operations.
Hotline ownership, concerns intake/triage, and case management
β’ Own the compliance hotline and related reporting channels (including hotline vendor management where applicable), ensuring accessibility, confidentiality, and reinforcement of non-retaliation expectations.
β’ Ensure privacy-related concerns and potential privacy incidents are appropriately categorized, routed, managed with the right stakeholders, and tracked through remediation.
β’ Run case intake, triage, categorization, severity/risk rating, routing, documentation standards, and service levels.
β’ Transfer investigations to Legal when appropriate; ensure consistent case handling, appropriate escalation, and clear documentation through closure.
β’ Produce regular analytics and trend reporting on allegations, substantiation outcomes, themes, and corrective actions.
Issue management, corrective actions, and remediation governance
β’ Implement standardized enterprise issue management: intake, root cause, corrective action plans, due dates, evidence requirements, validation, and closure criteria.
β’ Track remediation commitments from monitoring, hotline cases, audits, and quality findings; escalate aging/high-risk items through defined governance forums.
β’ Coordinate with Internal Audit and Quality to align findings management and reduce duplicate testing/tracking.
Compliance risk oversight and ERM integration (risk types will mature over time)
β’ Execute an initial compliance risk assessment approach aligned with ERM to prioritize program work (policy, training, monitoring) and identify areas requiring additional controls.
β’ As the Director becomes acclimated, help define a pragmatic compliance risk taxonomy (βrisk typesβ) suitable for a biotech/research environment and support integration into ERM reporting and governance.
β’ Develop and maintain metrics and dashboards (policy currency, training completion/attestations, hotline trends, remediation aging, monitoring results).
Governance, audit/inspection readiness, and stakeholder partnership
β’ Support compliance governance cadence (e.g., Compliance & Ethics Committee and/or Risk Committee reporting) through materials development, reporting, and issue escalation coordination.
β’ Support external audits/inspections and partner assessments by coordinating evidence readiness and tracking remediation deliverables.
β’ Partner closely with enterprise stakeholders to ensure compliance expectations are practical, implemented, and sustained.
Team leadership and capability build
β’ Contribute to building a high-performing program over time; may provide informal leadership, project leadership, and/or direct people management as the function grows.
β’ Help
Apply tot his job
Apply To this Job
The Corporate Compliance Officer will support the transition of compliance oversight from the Legal function to Enterprise Risk Management (ERM). This is a hybrid role combining compliance program leadership/support with risk-based oversight. The Director will lead near-term policy cleanup and modernization, help establish a scalable compliance operating model, and own the compliance hotline and case management process. Over time, this position will help define and mature compliance-related processes and integrate them into ERM governance, prioritization, and reporting.
Job Responsibilities
Compliance program leadership (build, run, and enable)
β’ Lead execution of the compliance program charter, annual plan, and maturity roadmap in partnership with ERM leadership, Legal, and other key stakeholders.
β’ Provide practical compliance guidance and implementation support to business leaders and teams, coordinating closely with partners to align with applicable laws, regulations, and organizational standards.
β’ Design, deliver, and maintain core compliance program elements, including:
β’ Developing a training and awareness strategy (role-based training, refresh cadence, targeted campaigns, micro-burst training, etc.)
β’ Policy communications and employee attestations tied to policy publication
β’ Risk-based monitoring and thematic reviews, including follow-up on corrective actions
β’ Developing and maintaining compliance dashboards, metrics and reporting mechanisms
Policy cleanup, rationalization, and enterprise policy governance ownership
β’ Lead an enterprise-wide policy inventory and cleanup initiative: identify duplicates/conflicts, retire outdated content, close gaps, and assign accountable owners.
β’ Establish and operate the policy governance framework, including:
β’ Policy taxonomy/tiering (policy, standard, procedure, guideline) and document hierarchy
β’ Standard templates and minimum content requirements
β’ Approval authorities, review cycles, version control, publication standards, and evidence retention
β’ Policy exception/waiver process with documented risk acceptance and periodic review
β’ Partner with Legal, Quality, Privacy, Security, People, and other business functions to ensure policies are clear, usable, and embedded across all corporate operations.
Hotline ownership, concerns intake/triage, and case management
β’ Own the compliance hotline and related reporting channels (including hotline vendor management where applicable), ensuring accessibility, confidentiality, and reinforcement of non-retaliation expectations.
β’ Ensure privacy-related concerns and potential privacy incidents are appropriately categorized, routed, managed with the right stakeholders, and tracked through remediation.
β’ Run case intake, triage, categorization, severity/risk rating, routing, documentation standards, and service levels.
β’ Transfer investigations to Legal when appropriate; ensure consistent case handling, appropriate escalation, and clear documentation through closure.
β’ Produce regular analytics and trend reporting on allegations, substantiation outcomes, themes, and corrective actions.
Issue management, corrective actions, and remediation governance
β’ Implement standardized enterprise issue management: intake, root cause, corrective action plans, due dates, evidence requirements, validation, and closure criteria.
β’ Track remediation commitments from monitoring, hotline cases, audits, and quality findings; escalate aging/high-risk items through defined governance forums.
β’ Coordinate with Internal Audit and Quality to align findings management and reduce duplicate testing/tracking.
Compliance risk oversight and ERM integration (risk types will mature over time)
β’ Execute an initial compliance risk assessment approach aligned with ERM to prioritize program work (policy, training, monitoring) and identify areas requiring additional controls.
β’ As the Director becomes acclimated, help define a pragmatic compliance risk taxonomy (βrisk typesβ) suitable for a biotech/research environment and support integration into ERM reporting and governance.
β’ Develop and maintain metrics and dashboards (policy currency, training completion/attestations, hotline trends, remediation aging, monitoring results).
Governance, audit/inspection readiness, and stakeholder partnership
β’ Support compliance governance cadence (e.g., Compliance & Ethics Committee and/or Risk Committee reporting) through materials development, reporting, and issue escalation coordination.
β’ Support external audits/inspections and partner assessments by coordinating evidence readiness and tracking remediation deliverables.
β’ Partner closely with enterprise stakeholders to ensure compliance expectations are practical, implemented, and sustained.
Team leadership and capability build
β’ Contribute to building a high-performing program over time; may provide informal leadership, project leadership, and/or direct people management as the function grows.
β’ Help
Apply tot his job
Apply To this Job