Job Closed
This listing is no longer active.
CDW Corporation is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada. A Fortune 500 company and member of the S&P 500 Index, CDW helps its customers to navigate an increasingly complex IT market and maximize return on their technology investments. For more information about CDW, please visit www.CDW.com. Our broad array of products and services range from hardware and software to integrated IT solutions such as security, cloud, hybrid infrastructure and digital experience.
Senior GRC Consultant
Location
United States
Posted
106 days ago
Salary
$88K - $122.4K / year
Seniority
Senior
Job Description
Senior GRC Consultant
CDW
• Support CDW’s Global Information Security organization in maintaining continuous compliance with Cybersecurity Maturity Model Certification (CMMC), NIST 800‑171, and related government security requirements. • Perform detailed technical, documentation, and evidence‑gathering activities to support assessments, audits, and system onboarding. • Develop remediation plans, validate control execution, document system architectures and connections, review contractual security requirements, and ensure accurate compliance records in the GRC platform. • Work with control owners to ensure timely execution and effectiveness of controls. • Conduct interviews for security controls and collect objective evidence for compliance assessment. • Develop and update Operational Plan of Action (OPA) to address gaps and compliance issues. • Remediate findings, track progress, and reassess post-remediation. • Draft, update, and finalize System Security Plan (SSP) for systems in scope and new systems under evaluation. • Use the GRC platform to manage controls effectiveness status, documentation, and evidence. • Update or create policies and procedures to support compliance. • Develop detailed architecture and data flow diagrams for all in-scope systems. • Review and document all connections (APIs, ports, protocols, services) for in-scope systems and physical locations. • Identify and document all external and cloud service providers associated with in-scope environments. • Review Government contracts and RFPs to identify obligations, assess feasibility, and ensure security requirements are met before commitment. • Independently review and revise information security clauses in customer and vendor contractual agreements to ensure compliance with company policies. • Perform other work as assigned to support overall Security Risk Management team objectives.
Job Requirements
- Bachelor's degree with 5 years of experience in security risk management, audit, or compliance, or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks
- 9 years of total Information Technology experience including 5 years of experience in security risk management, audit, compliance or related roles, to include 2-year hands on experience with CMMC Level 2, NIST SP 800-171, or similar frameworks
- Experience with SSP, documentation and remediation activities, and compliance evidence gathering.
- Experience with architecture documentation and data flow diagrams.
- Understanding of APIs, ports, protocols, and system interconnections.
- Knowledge of cloud service provider compliance requirements.
- Strong analytical, documentation, critical thinking, and problem-solving skills.
- Strong attention to detail and ability to understand legal requirements in contracts.
- Ability to conduct interviews and communicate effectively with technical and non-technical stakeholders.
- CCMC Certified Professional (CCP), CCA, CISSP, CISA or similar compliance/security certifications, a plus.
- Master’s degree, a plus.
Benefits
- Annual bonus target of 5% subject to terms and conditions of plan
Related Guides
Related Categories
Related Job Pages
More Compliance Jobs
EHS & Compliance Manager
SoftBank Robotics AmericaTransforming work through automation and robotics solutions that deliver trusted results and valued experiences.
• Develop, implement, and continuously improve the corporate EHS management system, policies, and standards • Establish enterprise-wide safety frameworks and compliance practices across all construction sites • Drive a proactive, risk-based approach to safety and regulatory compliance across the portfolio • Lead, mentor, and provide strategic direction to Regional Safety Managers and site-level EHS personnel • Own corporate-level EHS reporting, including the development and monitoring of key performance indicators • Serve as the primary corporate liaison with regulatory agencies, including OSHA, EPA, and other applicable authorities • Lead investigations into significant incidents and ensure effective root cause analysis
• Support the design and implementation of a company-wide enterprise risk management framework. • Help conduct risk assessments to identify operational, financial, strategic, regulatory, and supply chain risks. • Partner with business leaders to evaluate risk exposure and develop mitigation strategies. • Maintain risk registers and monitor key risk indicators (KRIs). • Evaluate potential risks, including operational disruptions, liability exposure, regulatory non-compliance, and third-party risks. • Facilitate periodic risk assessments and scenario analyses across business units. • Develop and track corrective action plans to address identified risks. • Help monitor changes in federal, state, and industry-specific regulations impacting manufacturing and food production operations. • Support compliance with relevant regulatory frameworks and standards (e.g., food safety, data privacy, financial controls, and other applicable regulations). • Collaborate cross-functionally to ensure policies and processes align with evolving legal and regulatory requirements. • Help conduct internal compliance reviews and operational audits to identify gaps and control weaknesses. • Prepare clear, concise reports summarizing findings, risk ratings, and recommended remediation steps for leadership. • Track remediation efforts to ensure timely resolution of identified issues. • Develop, update, and enforce internal policies, procedures, and compliance guidelines. • Support the rollout of compliance training programs to promote awareness and accountability across the organization. • Assist in investigating potential compliance violations or policy breaches.
The Company: It’s not often you get the chance to make a real impact on the lives of others, while expanding your own possibilities. You’ll find that rare opportunity at PharmaEssentia USA. Join us, and let’s transform lives, together. PharmaEssentia USA Corporation is a rapidly growing biopharmaceutical innovator. We are leveraging deep expertise and proven scientific principles to deliver effective new biologics for challenging diseases in the areas of hematology and oncology, with one product approved in Europe and a diversifying pipeline. We believe in the potential to improve both health and quality of life for patients with limited options today through the combination of rigorous research and innovative thinking. Founded in 2003 by a team of Taiwanese-American executives and renowned scientists from U.S. biotechnology and pharmaceutical companies, today we are listed on the Taipei Exchange (6446) and are expanding our global presence with operations in the U.S., Japan, and China, along with a world-class biologics production facility in Taichung. Position Overview The Associate Director, Regulatory, within the Compliance & Legal department, leads compliance-focused regulatory review and governance for promotional materials across media types (print, digital, social, and broadcast) for the Company’s products within an assigned product/therapeutic area. Serving as the Compliance & Legal representative on the promotional review committee (MLR/PRC; PRC/SRC/MRC as applicable), this role provides strategic input early in campaign concept and copy development, ensures alignment with internal policies and external standards (FDA/OPDP, FTC, the PhRMA Code, and other applicable laws and—when needed—relevant global requirements), and manages Form FDA 2253 submissions and OPDP advisory comment requests as appropriate. The role also helps define and maintain SOPs, controls, and training for the review process, monitors evolving guidance and enforcement trends, and maintains documentation and audit readiness to support inspections and audits. Responsibilities Compliance & Risk Management - Lead compliance-focused regulatory review of promotional materials across media types (print, digital, social, and broadcast) for the Company’s products within the assigned product/therapeutic area - Ensure promotional content and materials comply with FDA regulations (including 21 CFR 202.1), FTC requirements, the PhRMA Code, and other applicable laws - Ensure submissions of promotional materials to FDA (Form FDA 2253) and FDA Office of Prescription Drug Promotion (OPDP) advisory comment requests - Build and maintain strategic relationships with regulatory authorities - Identify, escalate, and help resolve compliance risks and potential violations related to promotional practices, including deviations and policy exceptions as applicable, partnering with Legal, Compliance, and business stakeholders - Support audits and inspections related to promotional and labeling compliance, including ensuring appropriate documentation, audit readiness, and timely responses Cross-Functional Collaboration - Serve as a representative on the promotional review committee (MLR/PRC; PRC/SRC/MRC as applicable), providing guidance and ensuring alignment with internal policies and external compliance standards - Provide guidance on regulatory and compliance requirements for the SOPs, workflows, and controls used to develop, review, approve (MLR/PRC), and submit marketing materials - Provide strategic input during early campaign concept and copy development to streamline MLR/PRC review and approval - Lead and/or support training for commercial teams on FDA advertising and promotion requirements, including Subpart E and Form FDA 2253 submission expectations as applicable - Establish strong partnerships and governance with key internal stakeholders to enable consistent interpretation and compliant execution - Partner across Compliance & Legal to support effective MLR/PRC governance, timely cross-functional review, and well-documented decisions - Monitor evolving regulatory guidance and enforcement trends and apply relevant updates to review processes, SOPs, and training materials Operational Excellence - Provide solution-oriented, innovative compliance and regulatory guidance that supports the Company’s objectives while appropriately managing risk - Monitor the evolving regulatory environment and maintain current knowledge to proactively provide compliant, practical recommendations - Seek and incorporate diverse perspectives across the Company and externally to strengthen risk assessments and mitigation strategies - Identify and contribute to process improvements to increase the efficiency and effectiveness of the ad/promo review function - Support colleagues within the Compliance & Legal department by sharing knowledge, providing coaching, and contributing to team development Qualifications - Bachelor’s degree in a scientific discipline, pharmacy, public health, or a related field - 7+ years of experience in U.S. pharmaceutical/biotech compliance, regulatory affairs, or medical review focused on advertising and promotion - Demonstrated experience serving on MLR/PRC for promotional and non-promotional materials - Experience providing compliance-focused risk assessments to cross-functional teams on promotional materials and activities for marketed products - Strong working knowledge of FDA advertising and promotion requirements, including OPDP interactions, 21 CFR 202.1, and Form FDA 2253 submissions; Subpart E experience as applicable - Familiarity with U.S. product labeling development and maintenance, and the connection between labeling and permissible promotional claims - Experience maintaining documentation and audit readiness for promotional materials and labeling records, including supporting inspections and audits - Ability to translate regulations into practical guidance, SOPs, workflows, and controls that enable timely, compliant execution - Proven cross-functional influence and stakeholder management skills, with excellent written and verbal communication - Demonstrated judgment and integrity, with comfort identifying and escalating compliance risks, deviations, and policy exceptions The expected salary range for this position based on greater Boston, MA location is $185,000-$225,000. Actual salary pay will be based on multiple factors, including geographic location, experience, qualifications, and other job-related factors permitted by law. Benefits of working with our team: PharmaEssentia USA strives every day to improve the lives of patients as well as our employees. As a valued member of PharmaEssentia USA, you will enjoy the following benefits: - Comprehensive medical coverage - Dental and vision coverage - Generous paid time-off - 401(k) retirement plan with competitive company match - Medical & Dependent Care Flexible Spending Account - Up to $150 monthly cell phone reimbursement - Employee Assistance Program - Free parking EEO Statement At PharmaEssentia USA, we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants without regard to race, color, religion, sex, pregnancy (including childbirth and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. PharmaEssentia USA believes that diversity and inclusion among our team are critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. PharmaEssentia does not accept unsolicited agency resumes. Staffing agencies should not send resumes to our HR team or to any PharmaEssentia employees. PharmaEssentia is not responsible for any fees related to unsolicited resumes from staffing agencies.It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. At PharmaEssentia, our goal is to treat as many people with cancer as possible. That means challenging the status quo with better science that leads to better lives. By joining our team, you will not only expand your own possibilities, but you will contribute to expanding options for people with cancer. https://us.pharmaessentia.com/careers/
Die APT-ONE GmbH mit Sitz in Berlin ist ein auf Cyber Security spezialisiertes Beratungshaus, das Unternehmen dabei unterstützt, ihre IT-, OT- und KI-Systeme wirksam vor digitalen Bedrohungen zu schützen und sicher für die Zukunft aufzustellen. Bei uns bist du richtig, wenn: - du ein attraktives Fixgehalt kombiniert mit einer leistungsorientierten und überdurchschnittlichen Gewinnbeteiligung erhalten möchtest. - du flexibel und ortsunabhängig arbeiten willst und gleichzeitig an hochrelevanten Projekten in den Bereichen Cyber Security, IT Security und KI-Sicherheit mitwirken möchtest. - du durch anspruchsvolle Projekte tiefgehende Expertise in modernen Sicherheitsarchitekturen, Security Operations, Risikomanagement und technologischen Zusammenhängen aufbauen und dich kontinuierlich weiterentwickeln möchtest. Aufgaben - Durchführung von Sicherheitsaudits und Gap-Analysen nach ISO 27001, BSI IT-Grundschutz und NIS2 - Begleitung von Unternehmen bei der Vorbereitung auf KRITIS-Prüfungen und BSI-Nachweise gemäß §39 BSIG - Aufbau und Weiterentwicklung von Informationssicherheits-Managementsystemen (ISMS) - Beratung zur Umsetzung der NIS2-Anforderungen: Risikomanagement, Meldepflichten, Lieferkettensicherheit, Geschäftsführerhaftung - Durchführung von TISAX-Assessments für Unternehmen in der Automobilzulieferkette - Erstellung von Risikobewertungen, Sicherheitsrichtlinien und Nachweisdokumentationen - Beratung zum Zusammenspiel von NIS2, DSGVO und branchenspezifischen Regulierungen (EnWG, TKG, DORA für Finanzsektor) - Beratung zur Umsetzung des EU AI Act: Risikoklassifizierung von KI-Systemen, Konformitätsbewertungen und Dokumentationspflichten - Unterstützung bei der Erfüllung der Anforderungen des Cyber Resilience Act (CRA) für Hersteller und Importeure digitaler Produkte - Schulung von Geschäftsführungen und Führungskräften zu ihren Pflichten unter NIS2 (§38 BSIG) Qualifikation - Mindestens 5 Jahre Berufserfahrung im Bereich IT-Sicherheitsaudit, Compliance oder ISMS-Beratung - Zertifizierung als ISO 27001 Lead Auditor oder Lead Implementer (zwingend erforderlich) - Fundierte Kenntnisse des BSI IT-Grundschutz-Kompendiums und der BSI-Standards 200-1/200-2/200-3/200-4 - Nachweisbare Erfahrung mit KRITIS-Prüfungen und/oder NIS2-Umsetzungsprojekten - Kenntnisse des EU AI Act (Risikoklassifizierung, Hochrisiko-KI-Systeme) und des Cyber Resilience Act (CRA) sind ein starkes Plus - Kenntnisse in TISAX und VDA ISA sind ein weiterer Vorteil - Erfahrung in der Durchführung von Risikobewertungen und der Erstellung von Sicherheitskonzepten - Verständnis für die Verzahnung von technischen und organisatorischen Sicherheitsmaßnahmen - Verhandlungssichere Deutschkenntnisse (zwingend) und gute Englischkenntnisse Benefits - Fixgehalt ab 80.000 € mit Gewinnbeteiligung bis zu 70.000 € - Flexible Arbeitszeiten und Remote-Arbeit - 30 Tage Urlaub - IT-Equipment wie Apple MacBook - Regelmäßige Teamevents - Corporate Benefits wie betriebliche Altersvorsorge, betriebliche Krankenversicherung, Shopping- und Mitarbeiterrabatte Werde Teil von APT-ONE und mach Sicherheit zu deiner Mission



