Director, Digital Governance
McKesson · Tennessee, United States · 2 wk ago
RemoteRemoteManagementFull-time
About the role
The Director, Digital Governance is SCRI’s accountable owner for IT governance, including data, AI and agent governance, in a GxP clinical-research environment — designing and operating the lifecycle controls that govern AI and autonomous agents powering the Agent Factory, in alignment with Enterprise Governance standards.
Responsibilities
- Operate IT SOPs as inspection-defensible controls through ownership, SOP-to-control traceability, change-impact governance, and effectiveness monitoring.
- Author, maintain, and operationalize IT SOPs and controlled documents to GxP, 21 CFR Part 11/Annex 11, and ALCOA+ expectations; ensure SCRI is audit- and inspection-ready on a continuous basis.
- Design, build, and operate SCRI’s AI and agent governance framework, aligned with Enterprise controls and suitable for a GxP clinical-research environment.
- Define and operationalize lifecycle governance for AI and agentic systems: intended-use definition, model and agent documentation (model cards), validation, monitoring of non-deterministic behavior, and retirement/archival.
- Establish governance requirements including clinical-expertise review for GxP AI, participant-disclosure handling for AI used in clinical trials, and model-archival protocols.
- Partner with the Responsible AI Board/Office and Quality to translate Responsible AI principles into inspection-ready, executable controls for SCRI’s Agent Factory use cases.
- Own SCRI’s data governance framework — policies, standards, and controls for data quality, integrity, lineage, and compliance.
- Establish metadata, lineage, classification, and data-quality standards, with access and lifecycle controls embedded in the platforms where data resides.
- Serve as the escalation point for data-integrity risks affecting clinical, operational, or regulatory outcomes, ensuring they are surfaced, tracked, and remediated.
- Define, build, and operate KPI-driven governance dashboards that give leadership a continuous, evidence-based view of control health, risk, and remediation across data, AI, and agent governance.
- Identify gaps, drive corrective actions to closure, and report governance posture to executive leadership.
- Serve as SCRI’s hands-on governance lead — directly accountable for design and execution, not oversight alone — building toward a future AI Governance Analyst as agent deployments scale.
- Communicate complex governance and risk topics clearly to executive leadership, regulators, and non-technical stakeholders; influence outcomes across a matrixed organization without direct authority.
Requirements
- Bachelor’s degree in Information Systems, Computer Science, Engineering, or related field.
- 10+ years experience in IT governance, regulated technology environments, data governance, or enterprise risk.
- Working knowledge of the regulatory and quality frameworks governing technology in clinical research, including GxP/GCP, 21 CFR Part 11 and EU Annex 11, ALCOA+ data integrity, and computer system validation/assurance (GAMP 5, CSA).
- Demonstrated experience operating in GxP-regulated clinical, biotech, pharmaceutical, or healthcare environments.
- Proven, hands-on experience authoring, maintaining, and operationalizing IT SOPs and controlled documents within a regulated environment.
- Demonstrated ability to define, build, and operate KPI driven governance dashboards.
- Strong, demonstrated expertise in Data Governance, with a track record of establishing governance frameworks, policies, and controls to ensure data quality, integrity, and compliance.
- Familiarity with AI Governance and Responsible AI frameworks in regulated environments — for example, the FDA/EMA good machine learning/AI practice principles, the FDA risk-based AI credibility-assessment framework, the EU AI Act, and ISO/IEC 42001; considered a plus, with an expectation to quickly build proficiency on the job.
- Ability to communicate complex governance and risk topics clearly to executive leadership, regulators, and non-technical stakeholders.
- Demonstrated capability to operate effectively in matrixed organizations, influencing outcomes without direct authority.
- Demonstrated experience partnering with Quality during inspection responses, findings remediation, and CAPAs related to data integrity.