Director of Governance, Risk, Compliance, Insider Threat, and CSV Programs (remote/virtual)


Gaithersburg, MD, US, 20879 Baltimore, MD, US, 21230 Rockville, MD, US, 20850 Washington DC, DC, US, 20004 Redwood City, CA, US, 94065 Plymouth Meeting, PA, US, 19462 Lansing, MI, US, 48906 Canton, MA, US, 02021 Gaithersburg, MD, US, 20879 San Diego, CA, US, 92121


Those who join Emergent BioSolutions feel a sense of ownership about their future. You will excel in an environment characterized by respect, innovation and growth opportunities. Here, you will join passionate professionals who advance their scientific, technical and professional skills to develop products designed-to protect life.

Job Summary


The Director of Governance, Risk, Compliance, Insider Threat, and CSV Programs is the process owner of all Emergent IT Computer System Validation, Vendor Risk Management, Insider Threat, Security Awareness & Training, and Policy & Maintenance Programs administration. S/He will provide thought leadership, direct, evangelize, and oversee the development of the programs’ roadmap and creation of and reporting on metrics for roadmap milestones, including the implementation of controls, development of metrics, and planning, driving, and ensuring completion of key activities within these programs. In addition, s/he will assure policy compliance with company, industry, and regulatory requirements and audits (including Sarbanes-Oxley, FISMA, CMMC, and 21Part11/GxP Computer Systems Validations.  This position will manage a team of security analysts, providing leadership and mentorship.


This is a remote/virtual position. 


Essential Functions


Reasonable accommodations will be made to enable individuals with disabilities to perform the essential functions.


Governance, Risk, and Compliance


  • Lead and implement controls to internally assess, evaluate and make recommendations to senior management regarding the adequacy of the security controls for the organization’s information and technology systems
  • Partner with Technology leaders to facilitate compliance of security controls with Emergent information systems regarding Personally Identifiable Information (PII), FDA, FISMA, and other applicable regulatory and contractual requirements, ensuring effective security operations of Emergent systems, networks, business partner agreements, and interconnections
  • Coordinate and track all information technology and security related audits including scope of audits, business units involved, timelines, and outcomes
  • Liaise with Internal Audit, maintaining excellent relationships and provide transparency of Information Systems and Security programs


Insider Threat

  • Provide leadership and work in partnership with physical security and other cross-functional teams in establishing the Emergent Insider Threat Program
  • Lead, develop, and maintain Insider Threat performance measures, determining appropriate metrics, methodologies, tools, and procedures
  • Provide thought leadership to identify issues, develop alternatives, provide recommendations, and implement decisions on an ongoing basis for critical program issues


Security Awareness & Training

  • Provide overall leadership for our security awareness and education program
  • Lead, develop, implement, and launch efforts to reduce risk to our organization by ensuring all employees, staff and contractors know, understand, and follow our security requirements and behave in a secure manner
  • Lead the identification of the top human risks to our organization and the behaviors we need to change to mitigate those risks
  • Structure and maintain this program to be long term, so ultimately, we are not changing just behaviors but culture.
  • Create a metrics framework that can effectively measure these requirements


IT Enterprise System Validation

  • Lead the development of system requirements and specifications to ensure requirements that are testable, and 21 CFR Part 11 requirements are met
  • Lead and mentor the implementation teams in the proper execution of validation documents
  • Lead the development of CFR Part 11 computer systems validation plans, qualifications test protocols, traceability matrices, reports, IQ/OQ protocols and all documents, and deliverables within the scope of the validation plan
  • Direct, develop, implement, and maintain test plans, test scripts and user acceptance tests and manage the execution of test plans


IT Policy & Maintenance

  • Lead the development and implementation of effective and reasonable policies and practices to secure sensitive data and ensure security and compliance with contracts, regulatory requirements, and industry standards
  • Provide thought leadership, develop, implement, and assure successful implementation of security policies, standards and plans to ensure the protection of corporate data against unauthorized use, access, modification, and destruction
  • Monitor compliance with information security policies and procedures
  • Direct and implement effective dashboard to monitor compliance with information security policies and procedure


The above statements are intended to describe the nature of work performed by those in this job and are not an exhaustive list of all duties. Nothing in this job description restricts managements right to assign or reassign duties and responsibilities to this job at any time which reflects management’s assignment of essential functions. 


Education, Experience, & Skills



  • Bachelor’s degree required. 
  • Bachelor’s degree in Business or Information Systems preferred.



  • At least 10 years of experience in the security field.
  • At least 4 years of experience managing a security governance team.
  • Preferred, at least 2 years operating in a GxP environment or with GxP Computer System Validation requirements



  • Must understand SOX, FISMA, CMM (Capability Maturity Model), CMMC (Cybersecurity Maturity Model Certification), and SSAE 18 SOC reports.  



  • Must have written and managed updates to security policies and procedures.
  • Must have directly managed a team or teams of security personnel.



  • Demonstrated ability to own and manage security governance functions.
  • Demonstrated ability to manage third party assessments




Per CDC guidelines, Emergent strongly recommends that all employees working on site are vaccinated to help ensure their safety, as well as the safety of fellow employees. This includes the use of good judgment when determining when the CDC guidelines advise that you stay home when ill. 

There are physical/mental demands and work environment characteristics that must be met by an individual to successfully perform the essential functions of the job. This information is available upon request from the candidate.

Reasonable accommodations may be made to enable individuals with disabilities to perform all essential functions.

Emergent BioSolutions is an Equal Opportunity/Affirmative Action Employer and values the diversity of our workforce.  Emergent does not discriminate on the basis of race, color, creed, religion, sex or gender (including pregnancy, childbirth, and related medical conditions), gender identity or gender expression (including transgender status), sexual orientation, age, national origin, ancestry, citizenship status, marital status, physical or mental disability, military service or veteran status, genetic information or any other characteristics protected by applicable federal, state or local law.

Information submitted will be used by Emergent BioSolutions for activities related to your prospective employment. Emergent BioSolutions respects your privacy and any use of the information submitted will be subject to the terms of our Privacy Policy .

Emergent BioSolutions does not accept non-solicited resumes or candidate submittals from search/recruiting agencies not already on Emergent BioSolutions’ approved agency list. Unsolicited resumes or candidate information submitted to Emergent BioSolutions by search/recruiting agencies not already on Emergent BioSolutions’ approved agency list shall become the property of Emergent BioSolutions and if the candidate is subsequently hired by Emergent BioSolutions, Emergent BioSolutions shall not owe any fee to the submitting agency.


Protecting and Enhancing 1 billion lives by 2030 focuses our energy to improve the quality of life for individuals around the world, giving them the opportunity to experience the fullness of life.

Our drive towards this vision informs all of our actions—whether it is our approach to product development, manufacturing, encouraging employee health and wellness or giving back to the community—we strive every day to achieve this shared goal.


  • Lead with Integrity
    • We gain trust and confidence through ethics, quality, and compliance excellence
  • Stand shoulder to shoulder no matter what
    • We combine our best thinking and communicate openly to support each other.
  • Own it always
    • Every person at Emergent is engaged and accountable for delivering on our commitments.
  • Break through thinking
    • We take smart risks, pursue innovation and challenge ourselves to constantly improve.
  • Compete where it counts
    • We set the right goals and respect each other as we conquer them together.

Nearest Major Market: Washington DC